Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HlcDhG16g2S-wwMDTbkay_9C2gw.cer
File:                     HlcDhG16g2S-wwMDTbkay_9C2gw.cer (raw, json)
Hash identifier:          yu12R1gFGMnVGN8rCtEn+I1fEQ1erE6oD/4fambW7c8=
Subject key identifier:   1E:57:03:84:6D:7A:83:64:BE:C3:03:03:4D:B9:1A:CB:FF:42:DA:0C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7260ACDC0E44DD4669BA4CA4975CE70
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/HlcDhG16g2S-wwMDTbkay_9C2gw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:30:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:14b0::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:0a:cd:c0:e4:4d:d4:66:9b:a4:ca:49:75:ce:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e5703846d7a8364bec303034db91acbff42da0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7a:c5:6a:ba:53:27:66:d7:41:bd:86:81:a0:
                    6f:16:19:57:ec:c1:52:95:0a:7a:a8:2c:16:16:73:
                    8f:73:8f:47:30:22:28:34:ee:e6:86:ce:53:dd:40:
                    c8:55:f4:86:f0:79:f9:00:e9:09:c9:b7:a8:bf:bf:
                    e3:95:d3:45:41:09:a1:62:ac:59:d9:92:5f:26:a8:
                    01:21:0d:f6:86:26:56:d4:86:47:b4:6a:d2:83:5a:
                    d4:01:52:38:e5:06:21:51:db:ca:03:bd:eb:22:82:
                    6a:f2:09:5e:79:8d:6f:3a:cb:ba:c9:76:cc:a5:aa:
                    f0:24:7d:67:67:3c:3b:3f:6a:42:ae:46:1a:38:6c:
                    6d:0b:7b:2b:f0:12:6c:41:80:03:9b:e6:d9:66:9c:
                    e9:2f:f3:06:88:28:8d:ce:df:e8:4d:1d:4a:0d:b0:
                    3b:a9:86:40:ea:b3:41:33:f6:d3:db:15:34:a8:94:
                    96:03:e2:11:99:a5:57:ab:14:34:96:79:d2:92:af:
                    76:c7:c2:c3:f3:6c:bd:76:84:9e:a4:db:c4:99:0f:
                    d6:33:03:19:5e:b6:a1:2e:c2:41:3a:4d:d7:75:8f:
                    19:53:52:c9:d7:b3:de:c9:21:aa:7f:97:7e:1e:11:
                    d3:10:ea:9d:98:84:a4:f1:d6:45:9a:c6:ce:2a:99:
                    fc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:57:03:84:6D:7A:83:64:BE:C3:03:03:4D:B9:1A:CB:FF:42:DA:0C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/HlcDhG16g2S-wwMDTbkay_9C2gw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:14b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:a1:30:87:06:69:d0:37:69:7a:b9:c4:b7:45:b7:a3:9a:f9:
         dd:d2:90:52:72:76:f2:21:8a:5a:3e:5f:6b:98:8a:95:d2:cb:
         1e:8c:8c:11:1f:9a:20:fe:da:f8:cf:d2:37:09:d1:1b:40:1d:
         80:a4:bc:84:6e:41:c4:51:17:2e:19:4a:6c:00:d7:ed:be:44:
         4d:cc:92:f1:ff:47:c5:f6:0c:ee:4d:f0:30:fd:43:23:db:cc:
         21:66:38:b3:a3:54:10:13:9b:71:92:ce:1b:7c:b8:42:2b:d2:
         fd:16:f0:df:9d:5c:47:27:5c:2d:03:3c:f7:dc:57:3e:4a:00:
         38:87:d4:f4:a5:2c:82:2f:65:e9:13:56:83:d4:d6:fe:f7:e9:
         00:0f:7e:13:3b:4e:f5:71:66:db:55:10:d6:8d:b7:5e:53:27:
         17:3f:d5:70:7d:15:5f:1b:00:bf:8a:a3:4d:a6:15:75:dc:c1:
         39:56:87:be:86:9f:bb:0a:e8:f8:5e:03:85:f0:b7:42:ea:d9:
         89:85:3b:1b:39:e6:c4:44:e0:f3:0f:f5:3f:61:b9:86:61:15:
         a8:74:89:d3:37:fa:70:74:42:56:87:79:89:6f:9a:02:8d:0e:
         d0:0f:cd:6b:df:7f:0c:da:cb:51:b6:eb:33:68:65:cb:1c:b1:
         c6:5f:4a:e4
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzHJgrNwORN1GabpMpJdc5wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTU3MDM4NDZkN2E4MzY0YmVjMzAzMDM0ZGI5MWFjYmZmNDJkYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXrFarpTJ2bXQb2GgaBvFhlX7MFS
lQp6qCwWFnOPc49HMCIoNO7mhs5T3UDIVfSG8Hn5AOkJybeov7/jldNFQQmhYqxZ
2ZJfJqgBIQ32hiZW1IZHtGrSg1rUAVI45QYhUdvKA73rIoJq8gleeY1vOsu6yXbM
parwJH1nZzw7P2pCrkYaOGxtC3sr8BJsQYADm+bZZpzpL/MGiCiNzt/oTR1KDbA7
qYZA6rNBM/bT2xU0qJSWA+IRmaVXqxQ0lnnSkq92x8LD82y9doSepNvEmQ/WMwMZ
XrahLsJBOk3XdY8ZU1LJ17PeySGqf5d+HhHTEOqdmISk8dZFmsbOKpn8rQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFB5XA4RteoNkvsMDA025Gsv/QtoMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI0L2JjNjU4
Zi1hNTI4LTQzNjAtYjU4Yy0wN2IwOWU0NjUxMTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQvYmM2NThm
LWE1MjgtNDM2MC1iNThjLTA3YjA5ZTQ2NTExOS8xL0hsY0RoRzE2ZzJTLXd3TURU
YmtheV85QzJndy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBSwMA0GCSqGSIb3DQEBCwUAA4IBAQAQ
oTCHBmnQN2l6ucS3Rbejmvnd0pBScnbyIYpaPl9rmIqV0ssejIwRH5og/tr4z9I3
CdEbQB2ApLyEbkHEURcuGUpsANftvkRNzJLx/0fF9gzuTfAw/UMj28whZjizo1QQ
E5txks4bfLhCK9L9FvDfnVxHJ1wtAzz33Fc+SgA4h9T0pSyCL2XpE1aD1Nb+9+kA
D34TO071cWbbVRDWjbdeUycXP9VwfRVfGwC/iqNNphV13ME5Voe+hp+7Cuj4XgOF
8LdC6tmJhTsbOebERODzD/U/YbmGYRWodInTN/pwdEJWh3mJb5oCjQ7QD81r338M
2stRtuszaGXLHLHGX0rk
-----END CERTIFICATE-----