Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KgV9tw5HTrSgd_oT875N17Y4C1Q.cer
File:                     KgV9tw5HTrSgd_oT875N17Y4C1Q.cer (raw, json)
Hash identifier:          cQS5R+gHXtTv62eDJVahgvaJSy1y7+mLhYC+f3xx5bw=
Subject key identifier:   2A:05:7D:B7:0E:47:4E:B4:A0:77:FA:13:F3:BE:4D:D7:B6:38:0B:54
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC80186C72D47BF516DE81522F0B228CD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cc/d978ff-74a1-4915-959a-c03568dc08b3/1/KgV9tw5HTrSgd_oT875N17Y4C1Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cc/d978ff-74a1-4915-959a-c03568dc08b3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:52 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 204500

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:86:c7:2d:47:bf:51:6d:e8:15:22:f0:b2:28:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a057db70e474eb4a077fa13f3be4dd7b6380b54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:4f:a6:e0:bf:c6:71:a8:3d:e7:52:ea:6c:72:
                    54:8d:e0:04:b8:52:0a:73:dc:c8:9a:6f:21:e4:d8:
                    9a:02:4f:c7:b2:6c:aa:e6:a6:02:16:81:f6:99:e3:
                    53:1b:db:ab:b3:8b:9d:34:4b:84:7c:19:ca:14:0f:
                    63:93:8e:f4:5f:77:2f:8d:e1:8e:54:14:b6:4c:a4:
                    75:68:54:d0:d0:09:80:b7:3b:8f:e6:fd:4b:73:74:
                    38:63:8e:08:38:08:f0:f2:44:a7:c9:4f:67:40:ec:
                    83:d0:38:29:10:4d:a4:cc:cc:5c:69:f0:44:f5:36:
                    1d:75:05:69:15:f3:5f:f4:aa:23:69:ed:b9:06:b7:
                    e4:e7:c0:d6:e1:87:06:35:c8:4b:5f:b0:a3:2b:d5:
                    52:44:ea:b9:6c:61:fe:54:3b:1e:83:36:35:55:7f:
                    30:ca:f3:c5:a9:24:db:d5:f8:66:ae:3d:48:89:42:
                    da:34:6a:26:f9:da:1d:d9:c3:c5:28:90:9f:3e:56:
                    4a:21:4b:1d:60:1a:7e:80:e3:d2:11:1c:63:dc:4d:
                    be:69:e7:ef:c5:94:e1:f1:06:69:82:ea:cf:f2:1b:
                    22:fb:10:cf:69:89:b6:c6:77:70:25:91:8a:c3:20:
                    d5:36:d1:89:fc:aa:0e:a5:1b:bc:63:b9:74:42:54:
                    b6:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:05:7D:B7:0E:47:4E:B4:A0:77:FA:13:F3:BE:4D:D7:B6:38:0B:54
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d978ff-74a1-4915-959a-c03568dc08b3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d978ff-74a1-4915-959a-c03568dc08b3/1/KgV9tw5HTrSgd_oT875N17Y4C1Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204500

    Signature Algorithm: sha256WithRSAEncryption
         68:80:fe:0a:f9:9e:b9:21:3b:05:be:3d:38:e3:b4:f4:fb:c1:
         5b:c9:30:04:14:f4:62:66:e3:77:c3:68:0f:15:29:58:1c:9a:
         a2:b8:53:65:9a:af:9e:dc:83:c7:4f:e6:0c:34:ea:d4:b8:29:
         84:ba:90:59:2c:c5:d9:ae:22:f5:42:e6:5d:4c:54:63:b0:1f:
         9e:e5:57:24:4d:3e:4f:33:5d:ff:7a:e1:12:69:00:19:65:f3:
         8d:1c:0a:b3:d5:33:3b:58:5d:af:af:7b:e6:c1:92:ad:f5:f0:
         ce:23:1b:ee:f0:ff:04:8b:51:e1:d6:bc:54:33:d3:0b:63:0e:
         e9:3c:34:ab:e3:cb:36:44:4f:14:73:f8:7b:29:aa:2f:64:ed:
         af:07:16:f9:4c:23:1f:d9:ac:43:c3:f0:e0:90:4d:45:40:ac:
         43:0f:f1:2e:00:5e:1d:75:5e:45:da:09:23:ba:f0:84:34:12:
         48:45:c4:65:49:66:6a:09:50:e8:57:36:b5:87:00:24:ea:78:
         40:76:f2:ca:96:33:d5:b8:ba:bc:6e:03:a9:93:0d:67:f8:d9:
         08:3f:72:69:10:9e:95:22:5d:98:3b:16:13:b2:40:c6:6b:66:
         85:e4:63:3e:e2:03:fe:94:b0:e2:2d:d3:a5:84:df:9c:3b:27:
         94:c9:d8:b1
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIAYbHLUe/UW3oFSLwsijNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTA1N2RiNzBlNDc0ZWI0YTA3N2ZhMTNmM2JlNGRkN2I2MzgwYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5E+m4L/Gcag951LqbHJUjeAEuFIK
c9zImm8h5NiaAk/Hsmyq5qYCFoH2meNTG9urs4udNEuEfBnKFA9jk470X3cvjeGO
VBS2TKR1aFTQ0AmAtzuP5v1Lc3Q4Y44IOAjw8kSnyU9nQOyD0DgpEE2kzMxcafBE
9TYddQVpFfNf9Kojae25Brfk58DW4YcGNchLX7CjK9VSROq5bGH+VDsegzY1VX8w
yvPFqSTb1fhmrj1IiULaNGom+dod2cPFKJCfPlZKIUsdYBp+gOPSERxj3E2+aefv
xZTh8QZpgurP8hsi+xDPaYm2xndwJZGKwyDVNtGJ/KoOpRu8Y7l0QlS2cwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCoFfbcOR060oHf6E/O+Tde2OAtUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NjL2Q5Nzhm
Zi03NGExLTQ5MTUtOTU5YS1jMDM1NjhkYzA4YjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2MvZDk3OGZm
LTc0YTEtNDkxNS05NTlhLWMwMzU2OGRjMDhiMy8xL0tnVjl0dzVIVHJTZ2Rfb1Q4
NzVOMTdZNEMxUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMe1DANBgkqhkiG9w0BAQsFAAOCAQEAaID+CvmeuSE7
Bb49OOO09PvBW8kwBBT0Ymbjd8NoDxUpWByaorhTZZqvntyDx0/mDDTq1LgphLqQ
WSzF2a4i9ULmXUxUY7AfnuVXJE0+TzNd/3rhEmkAGWXzjRwKs9UzO1hdr6975sGS
rfXwziMb7vD/BItR4da8VDPTC2MO6Tw0q+PLNkRPFHP4eymqL2TtrwcW+UwjH9ms
Q8Pw4JBNRUCsQw/xLgBeHXVeRdoJI7rwhDQSSEXEZUlmaglQ6Fc2tYcAJOp4QHby
ypYz1bi6vG4DqZMNZ/jZCD9yaRCelSJdmDsWE7JAxmtmheRjPuID/pSw4i3TpYTf
nDsnlMnYsQ==
-----END CERTIFICATE-----