Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MXvyYLzaMCviwgdijPsWRHhhT-U.cer
File:                     MXvyYLzaMCviwgdijPsWRHhhT-U.cer (raw, json)
Hash identifier:          W6cMcMvolAaTQqruD67Qn1Y7KtaB5W6GhDdd8VvyE1Y=
Subject key identifier:   31:7B:F2:60:BC:DA:30:2B:E2:C2:07:62:8C:FB:16:44:78:61:4F:E5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC73C4868D2DE429D4C84C45A5866B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/MXvyYLzaMCviwgdijPsWRHhhT-U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:30:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 207716
                          IP: 2001:67c:988::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:73:c4:86:8d:2d:e4:29:d4:c8:4c:45:a5:86:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=317bf260bcda302be2c207628cfb164478614fe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fb:cb:c1:3e:de:ce:fd:46:7e:10:6f:be:4e:
                    d1:67:86:4e:fc:79:f3:9b:8c:31:00:42:b0:b6:39:
                    9f:01:f1:2a:ac:03:45:11:68:8e:e6:19:68:15:2e:
                    82:73:ae:7f:54:07:bf:8d:d4:f0:dd:76:7e:e6:1b:
                    2a:bd:c4:ba:7a:56:bf:41:f6:4f:ac:02:a4:0d:21:
                    1a:91:91:08:97:4e:cf:39:f1:80:d6:a3:49:e6:58:
                    20:2e:d5:46:52:b8:81:3b:b0:74:9b:7a:22:b6:87:
                    0e:17:b9:c5:20:13:3c:23:e6:d6:c2:38:ef:10:0f:
                    4f:b5:71:af:a3:e2:69:b9:06:7c:32:ac:c1:12:03:
                    89:18:91:5b:e3:69:95:4b:48:a2:7f:28:26:12:8c:
                    c7:7b:37:07:15:d1:44:09:74:0a:26:03:b8:fc:90:
                    7e:96:16:7e:1f:2c:c1:e4:2a:74:cc:a4:2f:79:c0:
                    6c:4e:cc:e9:16:11:c8:88:48:9b:bf:bf:ad:1c:13:
                    0d:3f:ba:49:6d:04:07:d4:9e:76:15:6b:1c:4d:90:
                    48:48:eb:f7:63:92:e5:ee:9c:b5:e2:5e:34:bf:13:
                    97:8c:ee:35:c7:d8:07:20:2f:c1:cf:7b:66:23:32:
                    fc:a3:e3:7a:fb:11:5c:48:b3:83:09:72:57:2c:e6:
                    8b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:7B:F2:60:BC:DA:30:2B:E2:C2:07:62:8C:FB:16:44:78:61:4F:E5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/MXvyYLzaMCviwgdijPsWRHhhT-U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:988::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207716

    Signature Algorithm: sha256WithRSAEncryption
         14:61:50:e0:9f:c6:40:9d:62:d6:51:fb:48:27:21:38:6e:a2:
         71:6a:11:4b:6a:a6:e4:1a:4e:6a:a4:05:c2:96:d8:0c:98:5d:
         0e:e8:34:28:ed:a5:e1:42:be:18:e5:71:7d:e5:6b:55:b9:12:
         cd:52:16:c0:90:af:f3:34:bf:df:7b:67:96:49:47:59:08:70:
         29:96:75:d8:92:5f:9f:30:1e:61:1e:88:64:72:24:c4:17:c7:
         c2:1e:60:40:f0:af:33:01:59:62:d2:95:3d:69:35:41:98:d2:
         92:97:ad:6e:e4:ae:2d:1c:68:fc:28:c7:87:14:9c:0b:63:7d:
         5f:75:6a:36:a1:2a:e5:ee:65:75:88:50:63:03:60:a9:3c:3e:
         04:ea:67:5e:97:1f:cd:0f:1d:0d:25:b9:3c:25:02:e6:7a:6d:
         12:dd:a2:15:07:0f:73:7b:13:13:e1:f6:0e:60:27:8d:62:ac:
         3d:91:65:c6:7b:9e:0c:68:b9:46:e4:b5:d7:57:64:bb:94:3a:
         e0:94:ab:5a:ea:10:3c:ff:eb:55:70:04:01:75:b7:f0:5f:57:
         92:58:ef:10:32:cb:bc:e6:9f:10:16:d7:71:f2:5a:09:77:6f:
         22:b3:8e:6b:55:1b:b3:4a:3d:76:34:03:3a:a6:63:2c:2c:dd:
         94:d3:28:49
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzF3HPEho0t5CnUyExFpYZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTdiZjI2MGJjZGEzMDJiZTJjMjA3NjI4Y2ZiMTY0NDc4NjE0ZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvvLwT7ezv1GfhBvvk7RZ4ZO/Hnz
m4wxAEKwtjmfAfEqrANFEWiO5hloFS6Cc65/VAe/jdTw3XZ+5hsqvcS6ela/QfZP
rAKkDSEakZEIl07POfGA1qNJ5lggLtVGUriBO7B0m3oitocOF7nFIBM8I+bWwjjv
EA9PtXGvo+JpuQZ8MqzBEgOJGJFb42mVS0iifygmEozHezcHFdFECXQKJgO4/JB+
lhZ+HyzB5Cp0zKQvecBsTszpFhHIiEibv7+tHBMNP7pJbQQH1J52FWscTZBISOv3
Y5Ll7py14l40vxOXjO41x9gHIC/Bz3tmIzL8o+N6+xFcSLODCXJXLOaLqwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFDF78mC82jAr4sIHYoz7FkR4YU/lMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAzLzA3ZDE0
Ni1lZjIyLTRlNWMtYmQ1Yy00MmVkM2UzNzM2NzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMvMDdkMTQ2
LWVmMjItNGU1Yy1iZDVjLTQyZWQzZTM3MzY3OS8xL01YdnlZTHphTUN2aXdnZGlq
UHNXUkhoaFQtVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAmIMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMrZDANBgkqhkiG9w0BAQsFAAOCAQEAFGFQ4J/GQJ1i1lH7SCchOG6icWoR
S2qm5BpOaqQFwpbYDJhdDug0KO2l4UK+GOVxfeVrVbkSzVIWwJCv8zS/33tnlklH
WQhwKZZ12JJfnzAeYR6IZHIkxBfHwh5gQPCvMwFZYtKVPWk1QZjSkpetbuSuLRxo
/CjHhxScC2N9X3VqNqEq5e5ldYhQYwNgqTw+BOpnXpcfzQ8dDSW5PCUC5nptEt2i
FQcPc3sTE+H2DmAnjWKsPZFlxnueDGi5RuS111dku5Q64JSrWuoQPP/rVXAEAXW3
8F9XkljvEDLLvOafEBbXcfJaCXdvIrOOa1Ubs0o9djQDOqZjLCzdlNMoSQ==
-----END CERTIFICATE-----