Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Iycd4-AQWavm0aWTxKJP9uGI1k8.cer
File:                     Iycd4-AQWavm0aWTxKJP9uGI1k8.cer (raw, json)
Hash identifier:          b8SP/QV3nZtK9rtc0Pv9doyEFRmEDqYxTyHR+8MGTFw=
Subject key identifier:   23:27:1D:E3:E0:10:59:AB:E6:D1:A5:93:C4:A2:4F:F6:E1:88:D6:4F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC50023C7E1D00F333752591E667D22C7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a3/3f7a06-2b45-4a0b-ba6c-958c376506ed/1/Iycd4-AQWavm0aWTxKJP9uGI1k8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a3/3f7a06-2b45-4a0b-ba6c-958c376506ed/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211975

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:23:c7:e1:d0:0f:33:37:52:59:1e:66:7d:22:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23271de3e01059abe6d1a593c4a24ff6e188d64f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:51:ba:04:88:75:26:06:71:67:e7:ed:0a:2d:
                    2f:99:59:ef:eb:3a:62:24:6f:6d:43:58:0d:a7:33:
                    df:c0:3c:bc:73:f6:f2:24:ec:99:94:32:7a:92:e8:
                    5d:f1:b7:8e:b3:3d:3f:dc:3e:71:48:6c:e0:49:5c:
                    65:b5:fc:8d:1a:52:10:b7:d8:64:d4:a9:4e:57:21:
                    4d:e7:8a:dc:ed:c0:50:c4:35:90:f6:3e:5b:56:7f:
                    5f:80:93:2e:99:95:d7:3d:21:b1:27:44:5f:d2:46:
                    3f:d0:48:40:71:ca:8c:57:e7:f7:30:97:47:ef:c3:
                    7f:4c:74:13:46:fc:65:29:95:a4:a1:bc:8e:a6:5f:
                    f5:62:0f:01:89:5f:b0:8c:e1:cf:7f:85:9d:7b:06:
                    16:c7:10:10:7a:1b:ca:87:da:6b:ff:d1:99:2b:52:
                    59:69:3d:3f:09:e9:38:66:c3:80:91:6f:e0:8d:76:
                    82:d3:cc:e0:f2:5c:24:69:d2:b0:20:7c:da:91:a2:
                    04:c6:1b:ec:2b:cc:76:80:01:71:e6:5a:d0:53:88:
                    c0:2c:54:ac:94:9e:cc:81:90:eb:bc:af:5a:32:b5:
                    a1:44:bf:85:a0:51:30:20:73:fc:05:ad:9e:78:a0:
                    c0:96:cf:0b:e3:c4:37:e7:64:52:9b:a4:8d:2a:d1:
                    76:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:27:1D:E3:E0:10:59:AB:E6:D1:A5:93:C4:A2:4F:F6:E1:88:D6:4F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3f7a06-2b45-4a0b-ba6c-958c376506ed/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3f7a06-2b45-4a0b-ba6c-958c376506ed/1/Iycd4-AQWavm0aWTxKJP9uGI1k8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211975

    Signature Algorithm: sha256WithRSAEncryption
         12:bf:55:52:e1:ec:e8:03:be:a7:1f:c1:84:f5:e5:04:9e:ca:
         69:80:1f:35:2a:f0:20:c4:d9:78:75:07:c4:2d:b6:08:9c:95:
         ce:26:35:bc:e4:22:d9:8b:5f:4b:3d:69:aa:98:88:0e:7d:6d:
         55:6e:cc:88:4f:54:11:2d:7b:59:ad:43:c5:2e:f2:24:27:cf:
         5d:46:b8:24:c2:85:b3:c6:0c:df:f8:0a:03:49:9f:d5:34:a0:
         5a:db:6d:08:a5:96:09:cc:37:2e:44:06:49:aa:e7:a3:77:75:
         e4:65:53:2b:aa:c1:45:81:90:74:b3:60:a6:ea:4b:75:67:39:
         50:ac:95:17:61:8e:5f:5c:f7:29:0d:49:f5:87:ab:a2:65:e6:
         b1:47:f0:8c:23:33:28:88:0c:82:f9:57:46:15:92:93:9f:82:
         21:62:13:6e:11:c1:bd:2e:56:24:48:fd:ac:dd:c3:aa:49:47:
         8f:6b:20:05:70:a2:f9:58:17:8b:5b:07:35:62:db:bc:ea:da:
         97:b7:d8:63:0c:a7:75:0b:dd:0c:39:8e:84:61:75:c0:27:4a:
         b7:34:6f:40:18:9d:9f:30:96:15:f1:73:37:70:e5:6e:0b:2f:
         1c:0f:cc:bd:80:d6:66:7a:3a:9f:ca:c4:aa:78:60:36:3c:7b:
         f5:35:18:1f
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzFACPH4dAPMzdSWR5mfSLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzI3MWRlM2UwMTA1OWFiZTZkMWE1OTNjNGEyNGZmNmUxODhkNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41G6BIh1JgZxZ+ftCi0vmVnv6zpi
JG9tQ1gNpzPfwDy8c/byJOyZlDJ6kuhd8beOsz0/3D5xSGzgSVxltfyNGlIQt9hk
1KlOVyFN54rc7cBQxDWQ9j5bVn9fgJMumZXXPSGxJ0Rf0kY/0EhAccqMV+f3MJdH
78N/THQTRvxlKZWkobyOpl/1Yg8BiV+wjOHPf4WdewYWxxAQehvKh9pr/9GZK1JZ
aT0/Cek4ZsOAkW/gjXaC08zg8lwkadKwIHzakaIExhvsK8x2gAFx5lrQU4jALFSs
lJ7MgZDrvK9aMrWhRL+FoFEwIHP8Ba2eeKDAls8L48Q352RSm6SNKtF20QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCMnHePgEFmr5tGlk8SiT/bhiNZPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EzLzNmN2Ew
Ni0yYjQ1LTRhMGItYmE2Yy05NThjMzc2NTA2ZWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMvM2Y3YTA2
LTJiNDUtNGEwYi1iYTZjLTk1OGMzNzY1MDZlZC8xL0l5Y2Q0LUFRV2F2bTBhV1R4
S0pQOXVHSTFrOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM8BzANBgkqhkiG9w0BAQsFAAOCAQEAEr9VUuHs6AO+
px/BhPXlBJ7KaYAfNSrwIMTZeHUHxC22CJyVziY1vOQi2YtfSz1pqpiIDn1tVW7M
iE9UES17Wa1DxS7yJCfPXUa4JMKFs8YM3/gKA0mf1TSgWtttCKWWCcw3LkQGSarn
o3d15GVTK6rBRYGQdLNgpupLdWc5UKyVF2GOX1z3KQ1J9YeromXmsUfwjCMzKIgM
gvlXRhWSk5+CIWITbhHBvS5WJEj9rN3DqklHj2sgBXCi+VgXi1sHNWLbvOral7fY
YwyndQvdDDmOhGF1wCdKtzRvQBidnzCWFfFzN3DlbgsvHA/MvYDWZno6n8rEqnhg
Njx79TUYHw==
-----END CERTIFICATE-----