Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HzkK-DPX1CaQQsJJvPSWSFcglbY.cer
File:                     HzkK-DPX1CaQQsJJvPSWSFcglbY.cer (raw, json)
Hash identifier:          emPlEdlxWN9nXnw+srtn6Mmg1HLYyhxaPMd5vFjfJgQ=
Subject key identifier:   1F:39:0A:F8:33:D7:D4:26:90:42:C2:49:BC:F4:96:48:57:20:95:B6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56ED2BC95C9C356A7E4089F041B6EA1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b3/ba3048-6224-4a97-ba31-d758372cf8f0/1/HzkK-DPX1CaQQsJJvPSWSFcglbY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b3/ba3048-6224-4a97-ba31-d758372cf8f0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211242

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d2:bc:95:c9:c3:56:a7:e4:08:9f:04:1b:6e:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f390af833d7d4269042c249bcf49648572095b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:44:5a:4b:df:62:02:81:d8:44:e4:4d:be:53:
                    ea:54:a8:ba:9b:ae:7a:d6:79:6b:de:ef:92:f7:07:
                    2f:2f:8a:8f:91:a3:f3:70:22:27:48:53:8e:6f:51:
                    4e:58:b9:72:5e:ac:08:0e:32:3a:16:e3:46:c6:24:
                    e3:d6:e9:97:84:b2:65:2e:ac:2f:24:b7:f8:31:e2:
                    ea:ad:7d:f4:fa:f4:2a:a7:a7:34:86:d7:da:e3:a8:
                    b6:94:3e:f2:24:cd:cd:3d:97:bc:a3:7d:f7:dc:58:
                    25:a5:77:53:f5:01:c0:0e:5a:d2:23:e8:f6:7e:77:
                    b8:83:dd:68:58:d6:e6:0e:09:d3:20:40:8e:b8:2d:
                    82:47:81:2a:3d:48:24:d7:a5:12:77:1a:a3:98:0c:
                    01:ac:44:13:93:4b:63:d4:8d:ef:b6:23:3d:fc:50:
                    e9:4c:f1:30:7e:08:eb:c7:ad:d3:e6:8d:b2:3a:59:
                    02:9f:63:db:51:3c:4d:e2:49:18:11:d6:ae:a2:ed:
                    72:a0:1a:43:0b:74:7d:34:fa:6b:9d:90:a8:39:28:
                    4e:cd:de:29:dd:35:fa:a2:5d:99:29:ea:a0:2d:39:
                    86:e0:99:72:6d:d6:1a:be:68:39:75:e3:51:10:bb:
                    b7:50:15:4e:53:44:83:49:ed:33:54:4c:23:24:fb:
                    32:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:39:0A:F8:33:D7:D4:26:90:42:C2:49:BC:F4:96:48:57:20:95:B6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ba3048-6224-4a97-ba31-d758372cf8f0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ba3048-6224-4a97-ba31-d758372cf8f0/1/HzkK-DPX1CaQQsJJvPSWSFcglbY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211242

    Signature Algorithm: sha256WithRSAEncryption
         2b:1d:75:72:7a:9a:cf:a3:76:b2:dc:0c:da:04:0e:0b:fe:26:
         e9:5e:ca:2d:99:b4:7a:48:84:bd:d8:78:58:4f:51:4c:d6:e2:
         34:14:7c:89:4d:2c:98:dc:50:43:54:f0:02:bb:6c:f8:b1:04:
         19:4d:6c:ee:85:c2:ca:de:e8:6d:a5:08:eb:53:ba:b4:6e:20:
         6d:7a:97:cd:e3:b1:32:3a:9b:e5:5b:04:37:db:49:f6:9c:99:
         a9:a6:67:5f:6f:07:b0:99:f7:3d:d4:c5:fc:6d:3e:df:ad:d1:
         39:6d:5f:5e:9c:4d:9e:06:d9:71:a2:7b:43:d1:62:e8:10:02:
         c5:76:dd:57:33:57:fc:0d:1d:69:e4:d4:4d:a6:89:45:a9:45:
         fc:67:06:01:e5:a2:60:77:2f:51:d9:4f:b5:69:c9:6a:af:65:
         fb:40:7f:d7:02:5f:47:da:43:7c:98:84:c3:fd:bd:c0:8a:31:
         85:73:87:5f:e7:2b:96:c2:fe:26:68:56:79:16:f4:4b:74:8d:
         f5:e8:97:21:06:6e:2d:34:4f:a2:a4:75:62:d8:fc:5f:eb:0d:
         52:bf:29:16:fe:92:37:95:ea:30:32:5f:50:84:57:19:1d:6e:
         51:44:b8:02:78:c0:04:c2:ac:93:64:08:c8:5b:08:a5:1b:2b:
         07:79:50:d9
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzFbtK8lcnDVqfkCJ8EG26hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjM5MGFmODMzZDdkNDI2OTA0MmMyNDliY2Y0OTY0ODU3MjA5NWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuURaS99iAoHYRORNvlPqVKi6m656
1nlr3u+S9wcvL4qPkaPzcCInSFOOb1FOWLlyXqwIDjI6FuNGxiTj1umXhLJlLqwv
JLf4MeLqrX30+vQqp6c0htfa46i2lD7yJM3NPZe8o3333FglpXdT9QHADlrSI+j2
fne4g91oWNbmDgnTIECOuC2CR4EqPUgk16USdxqjmAwBrEQTk0tj1I3vtiM9/FDp
TPEwfgjrx63T5o2yOlkCn2PbUTxN4kkYEdauou1yoBpDC3R9NPprnZCoOShOzd4p
3TX6ol2ZKeqgLTmG4JlybdYavmg5deNRELu3UBVOU0SDSe0zVEwjJPsyjQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFB85Cvgz19QmkELCSbz0lkhXIJW2MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IzL2JhMzA0
OC02MjI0LTRhOTctYmEzMS1kNzU4MzcyY2Y4ZjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMvYmEzMDQ4
LTYyMjQtNGE5Ny1iYTMxLWQ3NTgzNzJjZjhmMC8xL0h6a0stRFBYMUNhUVFzSkp2
UFNXU0ZjZ2xiWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM5KjANBgkqhkiG9w0BAQsFAAOCAQEAKx11cnqaz6N2
stwM2gQOC/4m6V7KLZm0ekiEvdh4WE9RTNbiNBR8iU0smNxQQ1TwArts+LEEGU1s
7oXCyt7obaUI61O6tG4gbXqXzeOxMjqb5VsEN9tJ9pyZqaZnX28HsJn3PdTF/G0+
363ROW1fXpxNngbZcaJ7Q9Fi6BACxXbdVzNX/A0daeTUTaaJRalF/GcGAeWiYHcv
UdlPtWnJaq9l+0B/1wJfR9pDfJiEw/29wIoxhXOHX+crlsL+JmhWeRb0S3SN9eiX
IQZuLTRPoqR1Ytj8X+sNUr8pFv6SN5XqMDJfUIRXGR1uUUS4AnjABMKsk2QIyFsI
pRsrB3lQ2Q==
-----END CERTIFICATE-----