Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/S0PbJxz_w8s8pOiRKGj5eiQPanM.cer
File:                     S0PbJxz_w8s8pOiRKGj5eiQPanM.cer (raw, json)
Hash identifier:          6l2O+a5wjK8irk4Fh+V4qEEm+oWhnG35vm1alyfXv/w=
Subject key identifier:   4B:43:DB:27:1C:FF:C3:CB:3C:A4:E8:91:28:68:F9:7A:24:0F:6A:73
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC34951C67B83021A393A7FCAE3052CEC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/13/061535-6e14-4f66-ada1-abd5f0850d31/1/S0PbJxz_w8s8pOiRKGj5eiQPanM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/13/061535-6e14-4f66-ada1-abd5f0850d31/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49747
                          IP: 2001:67c:c6c::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:51:c6:7b:83:02:1a:39:3a:7f:ca:e3:05:2c:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b43db271cffc3cb3ca4e8912868f97a240f6a73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:ac:9d:2e:90:13:b2:5a:05:45:d3:ac:35:85:
                    df:48:9f:fe:21:ba:10:5b:f1:d2:73:7a:e2:f8:61:
                    83:99:2e:3e:07:ab:0d:ae:e4:3e:1c:f8:3b:8d:d7:
                    da:ef:19:20:27:5c:7e:e0:12:3e:d9:f2:20:8d:51:
                    61:eb:46:cb:2b:aa:0c:52:71:61:ff:11:f5:f8:16:
                    55:11:e5:64:85:8f:88:19:47:fc:ef:97:6b:ae:64:
                    ca:ae:bf:20:74:55:3d:15:7d:94:31:cd:d9:8c:c5:
                    4d:8c:2a:75:18:ac:a2:a6:85:84:d8:12:91:d4:3b:
                    63:b8:99:62:f0:92:0e:39:c3:41:3b:8a:65:fe:23:
                    0f:f2:7f:97:7d:5c:89:b9:8a:c8:9c:0f:7a:30:96:
                    71:7c:11:23:6d:81:9a:00:7f:08:13:1e:47:6c:bc:
                    cd:31:e8:ee:95:1b:e1:9a:73:8a:ff:c1:46:05:b5:
                    f2:2d:aa:f8:29:36:b8:9f:49:a9:00:a3:2c:25:ee:
                    42:7e:3c:95:d6:81:1d:1f:45:bd:88:65:8d:ec:1f:
                    48:71:ab:77:8a:42:ab:00:88:3e:77:e4:2b:2d:cb:
                    cc:ce:c5:5d:bd:bf:e2:7c:ca:af:38:27:15:f0:1b:
                    55:01:de:fe:04:57:41:e3:19:78:95:35:af:67:61:
                    37:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:43:DB:27:1C:FF:C3:CB:3C:A4:E8:91:28:68:F9:7A:24:0F:6A:73
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/061535-6e14-4f66-ada1-abd5f0850d31/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/061535-6e14-4f66-ada1-abd5f0850d31/1/S0PbJxz_w8s8pOiRKGj5eiQPanM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c6c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49747

    Signature Algorithm: sha256WithRSAEncryption
         63:f5:7b:e0:de:2f:41:f0:80:22:04:16:92:0f:b7:1f:0a:9e:
         aa:50:b0:08:0e:8d:50:d0:92:52:80:8e:99:a4:20:26:b1:b4:
         b6:23:c9:8a:0c:74:92:f9:f1:1b:1c:20:61:71:8f:0a:92:0b:
         01:4e:2d:35:fe:93:d3:e1:17:d8:73:03:50:0b:26:5e:ff:e7:
         c6:c6:fa:1d:ec:f5:5f:12:c1:3a:10:4f:85:2c:fc:16:a5:da:
         0c:c9:3b:a0:bd:dc:5d:1c:d0:db:54:12:75:cc:72:c6:93:cd:
         27:a4:99:9e:46:8c:e1:5b:75:10:95:2a:87:f4:2f:b0:ec:f6:
         74:08:3d:7c:b8:73:25:60:17:df:fa:d4:ca:6e:54:86:48:7a:
         93:e4:3d:3e:0f:06:5b:48:0f:2d:ca:59:c2:ba:56:29:2c:2a:
         1f:c6:9f:43:b1:d8:5c:3d:33:09:57:ef:c0:4a:04:fd:09:8b:
         9e:a5:76:91:80:2e:21:87:40:4e:ca:61:56:2f:bc:af:0a:13:
         1b:aa:d1:d6:08:d6:4e:8a:12:4b:c9:01:09:29:39:c5:8b:a0:
         33:2b:88:59:c9:cc:c6:22:da:7a:75:71:cb:60:8a:b3:51:27:
         fb:84:da:9d:e4:d6:b0:ca:56:3a:10:f6:05:37:fb:5d:9d:c1:
         0f:95:1e:27
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzDSVHGe4MCGjk6f8rjBSzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQzZGIyNzFjZmZjM2NiM2NhNGU4OTEyODY4Zjk3YTI0MGY2YTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9aydLpATsloFRdOsNYXfSJ/+IboQ
W/HSc3ri+GGDmS4+B6sNruQ+HPg7jdfa7xkgJ1x+4BI+2fIgjVFh60bLK6oMUnFh
/xH1+BZVEeVkhY+IGUf875drrmTKrr8gdFU9FX2UMc3ZjMVNjCp1GKyipoWE2BKR
1DtjuJli8JIOOcNBO4pl/iMP8n+XfVyJuYrInA96MJZxfBEjbYGaAH8IEx5HbLzN
MejulRvhmnOK/8FGBbXyLar4KTa4n0mpAKMsJe5CfjyV1oEdH0W9iGWN7B9Icat3
ikKrAIg+d+QrLcvMzsVdvb/ifMqvOCcV8BtVAd7+BFdB4xl4lTWvZ2E3hwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFEtD2ycc/8PLPKTokSho+XokD2pzMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEzLzA2MTUz
NS02ZTE0LTRmNjYtYWRhMS1hYmQ1ZjA4NTBkMzEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMvMDYxNTM1
LTZlMTQtNGY2Ni1hZGExLWFiZDVmMDg1MGQzMS8xL1MwUGJKeHpfdzhzOHBPaVJL
R2o1ZWlRUGFuTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAxsMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwDCUzANBgkqhkiG9w0BAQsFAAOCAQEAY/V74N4vQfCAIgQWkg+3HwqeqlCw
CA6NUNCSUoCOmaQgJrG0tiPJigx0kvnxGxwgYXGPCpILAU4tNf6T0+EX2HMDUAsm
Xv/nxsb6Hez1XxLBOhBPhSz8FqXaDMk7oL3cXRzQ21QSdcxyxpPNJ6SZnkaM4Vt1
EJUqh/QvsOz2dAg9fLhzJWAX3/rUym5Uhkh6k+Q9Pg8GW0gPLcpZwrpWKSwqH8af
Q7HYXD0zCVfvwEoE/QmLnqV2kYAuIYdATsphVi+8rwoTG6rR1gjWTooSS8kBCSk5
xYugMyuIWcnMxiLaenVxy2CKs1En+4TaneTWsMpWOhD2BTf7XZ3BD5UeJw==
-----END CERTIFICATE-----