Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/SHcGwrHYON95a_g_qn176rxcdvg.cer
File:                     SHcGwrHYON95a_g_qn176rxcdvg.cer (raw, json)
Hash identifier:          Xkg9iF/aK44kzbVa/OxxnU/fBQXrqoTJU9KBn+l8S4k=
Subject key identifier:   48:77:06:C2:B1:D8:38:DF:79:6B:F8:3F:AA:7D:7B:EA:BC:5C:76:F8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA96CE55D1AF23654FE42D54572AE1CD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ac/cf1693-e67c-4f73-aee1-e044071ef2d9/1/SHcGwrHYON95a_g_qn176rxcdvg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ac/cf1693-e67c-4f73-aee1-e044071ef2d9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:32:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 209401

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:ce:55:d1:af:23:65:4f:e4:2d:54:57:2a:e1:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=487706c2b1d838df796bf83faa7d7beabc5c76f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6b:c4:49:59:a6:7f:08:c7:73:fe:34:84:0b:
                    09:c2:16:35:d2:ee:85:d0:37:7b:fc:7a:25:c9:21:
                    8f:5e:39:3c:f3:6a:b2:07:11:4b:01:e9:a3:f5:d5:
                    44:b6:24:a5:6a:b5:f4:42:0d:2b:a6:12:c4:73:98:
                    3e:56:d9:0f:f4:39:73:6a:d1:1e:56:9b:bd:88:57:
                    a0:6d:24:fb:06:51:ff:0a:bb:3c:86:d3:72:5f:48:
                    7d:32:43:66:d5:d3:0d:81:2c:b1:5e:45:e4:f4:e0:
                    7f:2e:4d:ec:8f:65:29:d9:f1:b0:c7:74:58:0d:1f:
                    7d:e4:d9:c8:36:b1:44:a9:df:46:7f:c6:2e:c8:11:
                    fa:b0:1b:c9:74:d0:1b:ec:94:3e:c4:71:72:d0:af:
                    6b:28:ff:85:74:0a:7d:64:9e:a7:74:51:69:35:0c:
                    99:74:f3:71:35:a2:02:38:c0:d1:af:c2:73:e4:4b:
                    7f:6b:9b:95:47:e3:74:51:2a:76:46:6c:98:4e:88:
                    ed:58:77:68:7b:0c:e4:ab:25:dd:c6:a0:c5:21:31:
                    ee:5a:66:b8:a2:c5:cc:4b:13:04:6b:8f:7f:1e:fe:
                    08:3d:d8:1d:39:91:d2:c9:eb:b2:ed:53:85:cf:e1:
                    d9:f9:c8:fc:dd:68:e8:cb:b2:a2:ca:b9:bf:21:66:
                    fb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:77:06:C2:B1:D8:38:DF:79:6B:F8:3F:AA:7D:7B:EA:BC:5C:76:F8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/cf1693-e67c-4f73-aee1-e044071ef2d9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/cf1693-e67c-4f73-aee1-e044071ef2d9/1/SHcGwrHYON95a_g_qn176rxcdvg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209401

    Signature Algorithm: sha256WithRSAEncryption
         35:fe:eb:d4:53:a0:e5:b2:83:32:96:45:40:b9:71:2e:8f:92:
         82:65:33:20:47:7c:ed:41:3f:06:3c:a3:16:41:82:e7:75:5d:
         c4:82:f5:37:04:cb:4d:b2:3a:ec:c0:cb:1d:30:f8:66:be:60:
         46:f1:a0:29:41:65:23:88:70:6c:8f:43:d5:0e:7d:f6:ce:25:
         3e:3b:ee:68:0e:4b:e6:d7:94:5c:e3:ac:7f:5d:39:13:cf:b4:
         78:c1:98:8e:1e:a3:09:ec:bb:dd:75:d5:0e:a1:b2:9b:ec:aa:
         68:d6:98:77:50:e1:9d:92:ce:1b:35:e6:f6:a8:75:f1:e1:90:
         8c:4b:af:3c:7c:10:e7:3d:e3:3d:a6:bc:49:3f:c5:d9:88:4e:
         7c:6b:8d:27:28:4c:f4:b5:6b:b5:16:f0:61:e3:1f:a8:aa:48:
         b1:d1:36:47:6b:b7:e2:33:1c:52:42:6f:63:df:cd:46:72:80:
         b0:fe:f6:d4:62:b6:6f:3c:da:cc:fb:35:70:20:e0:57:f3:66:
         2e:d0:a8:b0:03:12:6b:96:c0:78:e8:8f:db:e7:a8:48:20:a8:
         b8:4a:2c:40:71:01:a2:b0:6e:8c:98:61:ae:96:3e:b2:ef:31:
         91:1f:b4:45:67:8e:05:74:95:22:74:4c:81:c2:72:80:12:29:
         03:1e:c4:61
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKls5V0a8jZU/kLVRXKuHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODc3MDZjMmIxZDgzOGRmNzk2YmY4M2ZhYTdkN2JlYWJjNWM3NmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5WvESVmmfwjHc/40hAsJwhY10u6F
0Dd7/HolySGPXjk882qyBxFLAemj9dVEtiSlarX0Qg0rphLEc5g+VtkP9DlzatEe
Vpu9iFegbST7BlH/Crs8htNyX0h9MkNm1dMNgSyxXkXk9OB/Lk3sj2Up2fGwx3RY
DR995NnINrFEqd9Gf8YuyBH6sBvJdNAb7JQ+xHFy0K9rKP+FdAp9ZJ6ndFFpNQyZ
dPNxNaICOMDRr8Jz5Et/a5uVR+N0USp2RmyYTojtWHdoewzkqyXdxqDFITHuWma4
osXMSxMEa49/Hv4IPdgdOZHSyeuy7VOFz+HZ+cj83Wjoy7Kiyrm/IWb7mQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFEh3BsKx2DjfeWv4P6p9e+q8XHb4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FjL2NmMTY5
My1lNjdjLTRmNzMtYWVlMS1lMDQ0MDcxZWYyZDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMvY2YxNjkz
LWU2N2MtNGY3My1hZWUxLWUwNDQwNzFlZjJkOS8xL1NIY0d3ckhZT045NWFfZ19x
bjE3NnJ4Y2R2Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMx+TANBgkqhkiG9w0BAQsFAAOCAQEANf7r1FOg5bKD
MpZFQLlxLo+SgmUzIEd87UE/BjyjFkGC53VdxIL1NwTLTbI67MDLHTD4Zr5gRvGg
KUFlI4hwbI9D1Q599s4lPjvuaA5L5teUXOOsf105E8+0eMGYjh6jCey73XXVDqGy
m+yqaNaYd1DhnZLOGzXm9qh18eGQjEuvPHwQ5z3jPaa8ST/F2YhOfGuNJyhM9LVr
tRbwYeMfqKpIsdE2R2u34jMcUkJvY9/NRnKAsP721GK2bzzazPs1cCDgV/NmLtCo
sAMSa5bAeOiP2+eoSCCouEosQHEBorBujJhhrpY+su8xkR+0RWeOBXSVInRMgcJy
gBIpAx7EYQ==
-----END CERTIFICATE-----