Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HWI-1SywRCm7q1QHwW3_MFv9zAw.cer
File:                     HWI-1SywRCm7q1QHwW3_MFv9zAw.cer (raw, json)
Hash identifier:          K/BNhAZ4wetdYagdgovvC/+R6GbTO1gm6a+rNJcZY6s=
Subject key identifier:   1D:62:3E:D5:2C:B0:44:29:BB:AB:54:07:C1:6D:FF:30:5B:FD:CC:0C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A41CB439209515C14CEF8CB9EC61A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/46/48cefe-8c1e-4609-baf5-f64fe73d9b5b/1/HWI-1SywRCm7q1QHwW3_MFv9zAw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/46/48cefe-8c1e-4609-baf5-f64fe73d9b5b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 205513

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:41:cb:43:92:09:51:5c:14:ce:f8:cb:9e:c6:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d623ed52cb04429bbab5407c16dff305bfdcc0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:27:d1:6f:54:6c:cd:53:70:c0:a5:49:ba:60:
                    ba:67:c1:e7:5f:7b:9f:4a:7b:2f:04:de:89:fa:e6:
                    b2:be:5f:ef:e1:10:19:72:05:3a:08:d5:79:cd:fa:
                    6f:ef:37:bb:f5:a2:90:a1:46:1f:76:75:ea:bf:f5:
                    bf:30:27:f8:8b:f0:1d:d1:59:54:25:25:10:1c:04:
                    2a:8d:65:66:dc:d6:e3:bd:50:d8:25:0d:1c:f4:e7:
                    51:0a:53:11:f3:7a:12:6e:f3:da:86:00:3b:b1:9c:
                    f5:88:35:5b:6a:c3:ea:ea:9f:d0:21:99:00:6e:67:
                    24:85:e7:77:b0:06:2a:35:23:c3:f8:fb:82:7c:0f:
                    59:69:28:70:63:d0:b3:73:c8:5c:93:7a:e4:71:ef:
                    2e:36:db:ee:88:7e:6c:36:c9:00:f4:e2:4e:76:7a:
                    15:a0:3b:16:b2:51:07:b1:b2:51:e2:a5:96:d1:4a:
                    f9:de:f9:da:67:5a:aa:62:78:50:91:7b:e5:be:48:
                    9d:ad:6f:6e:18:a9:6c:ed:d4:99:44:ad:e1:32:9b:
                    a8:ea:07:d0:50:ac:0b:4e:cf:7c:9b:08:db:b6:e3:
                    de:57:e3:26:71:9b:9b:8b:b3:25:b4:fa:e7:a2:11:
                    5b:6a:30:2c:c7:25:80:81:80:e6:d6:9a:e7:e6:58:
                    84:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:62:3E:D5:2C:B0:44:29:BB:AB:54:07:C1:6D:FF:30:5B:FD:CC:0C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/48cefe-8c1e-4609-baf5-f64fe73d9b5b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/48cefe-8c1e-4609-baf5-f64fe73d9b5b/1/HWI-1SywRCm7q1QHwW3_MFv9zAw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205513

    Signature Algorithm: sha256WithRSAEncryption
         76:58:9c:e8:a9:62:ad:b7:97:12:ad:83:fe:30:ac:5a:40:fd:
         54:f1:87:dd:c9:92:9d:16:54:3b:7f:df:df:9d:0e:7e:ae:61:
         55:9b:b4:b1:5f:2b:5f:ad:cb:83:13:78:f3:6a:60:0d:73:98:
         df:5d:a2:5c:e5:bc:9b:11:26:96:21:2a:22:e1:47:e4:bd:47:
         3b:1d:c7:86:01:65:2f:6d:62:fa:b9:aa:7d:78:46:6a:c8:7a:
         b1:3b:f4:7b:b3:7e:c9:c8:23:b3:44:43:84:d7:f8:24:de:0b:
         89:5c:d5:d4:32:e3:e6:18:ef:a6:95:ee:30:db:b5:b1:c2:20:
         5f:ce:3a:8f:a5:c6:2e:ac:9b:2e:51:b0:57:7e:1b:77:72:52:
         62:03:f5:20:75:b9:cb:1c:b0:de:63:f3:dc:80:c2:a1:15:71:
         62:8f:88:ce:09:86:3a:a8:57:06:0f:7f:63:54:26:11:50:d2:
         fe:43:a2:21:7e:ec:34:70:0b:c9:7c:49:91:90:96:3b:83:6e:
         38:95:89:c9:d9:e5:1f:7f:03:d4:6b:2b:ff:a6:c9:b1:06:b9:
         d6:81:69:0f:72:ee:e6:d9:cb:2c:bb:ed:2a:c4:c3:9f:56:f9:
         c0:43:22:34:c1:99:f2:18:22:f4:12:06:3d:7a:29:e9:da:a5:
         b0:15:a9:ee
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKKkHLQ5IJUVwUzvjLnsYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDYyM2VkNTJjYjA0NDI5YmJhYjU0MDdjMTZkZmYzMDViZmRjYzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyfRb1RszVNwwKVJumC6Z8HnX3uf
SnsvBN6J+uayvl/v4RAZcgU6CNV5zfpv7ze79aKQoUYfdnXqv/W/MCf4i/Ad0VlU
JSUQHAQqjWVm3NbjvVDYJQ0c9OdRClMR83oSbvPahgA7sZz1iDVbasPq6p/QIZkA
bmckhed3sAYqNSPD+PuCfA9ZaShwY9Czc8hck3rkce8uNtvuiH5sNskA9OJOdnoV
oDsWslEHsbJR4qWW0Ur53vnaZ1qqYnhQkXvlvkidrW9uGKls7dSZRK3hMpuo6gfQ
UKwLTs98mwjbtuPeV+MmcZubi7MltPrnohFbajAsxyWAgYDm1prn5liEJQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFB1iPtUssEQpu6tUB8Ft/zBb/cwMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ2LzQ4Y2Vm
ZS04YzFlLTQ2MDktYmFmNS1mNjRmZTczZDliNWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYvNDhjZWZl
LThjMWUtNDYwOS1iYWY1LWY2NGZlNzNkOWI1Yi8xL0hXSS0xU3l3UkNtN3ExUUh3
VzNfTUZ2OXpBdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMiyTANBgkqhkiG9w0BAQsFAAOCAQEAdlic6KlirbeX
Eq2D/jCsWkD9VPGH3cmSnRZUO3/f350Ofq5hVZu0sV8rX63LgxN482pgDXOY312i
XOW8mxEmliEqIuFH5L1HOx3HhgFlL21i+rmqfXhGash6sTv0e7N+ycgjs0RDhNf4
JN4LiVzV1DLj5hjvppXuMNu1scIgX846j6XGLqybLlGwV34bd3JSYgP1IHW5yxyw
3mPz3IDCoRVxYo+IzgmGOqhXBg9/Y1QmEVDS/kOiIX7sNHALyXxJkZCWO4NuOJWJ
ydnlH38D1Gsr/6bJsQa51oFpD3Lu5tnLLLvtKsTDn1b5wEMiNMGZ8hgi9BIGPXop
6dqlsBWp7g==
-----END CERTIFICATE-----