Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/U9L19sohYsiL85oPnekm9CPlMQQ.cer
File:                     U9L19sohYsiL85oPnekm9CPlMQQ.cer (raw, json)
Hash identifier:          9jNtz5ZWvs/1FQHSFi8lnDaIRzQPaJyOAir65aMJPso=
Subject key identifier:   53:D2:F5:F6:CA:21:62:C8:8B:F3:9A:0F:9D:E9:26:F4:23:E5:31:04
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAE17C26FCCB0A2EE9D2BF13C5119C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/90/a5ca0b-9425-4c1e-8ef6-a6fcad19aef2/1/U9L19sohYsiL85oPnekm9CPlMQQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/90/a5ca0b-9425-4c1e-8ef6-a6fcad19aef2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 60807

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e1:7c:26:fc:cb:0a:2e:e9:d2:bf:13:c5:11:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53d2f5f6ca2162c88bf39a0f9de926f423e53104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2b:a7:73:53:08:31:19:f8:c7:c0:15:d6:2d:
                    d2:3e:22:fc:b6:84:89:49:31:03:21:cb:fb:e7:c4:
                    d6:3f:12:fb:e0:8c:72:fa:18:73:71:ab:bd:f5:59:
                    54:89:c8:86:2b:4a:21:44:6f:c7:37:e8:ff:dc:26:
                    ee:f9:eb:9f:70:26:10:87:5a:5a:54:21:13:94:fb:
                    d1:d0:89:7e:2d:6f:b0:ac:64:0b:80:7f:e1:56:25:
                    eb:0d:d2:87:6c:a6:27:96:c5:50:b0:a1:69:f2:c6:
                    9f:b8:bd:23:d5:bd:65:0d:1c:19:e4:ec:ce:68:b1:
                    f5:86:c7:8f:5b:dd:28:14:90:c1:ce:d2:88:e5:c2:
                    20:52:68:13:a3:18:02:1f:44:a8:a1:8b:08:7c:84:
                    0b:82:61:48:58:b4:a1:f1:c2:45:76:e1:0d:75:02:
                    ce:58:ba:7c:60:43:c9:45:1b:1a:e1:3d:75:33:49:
                    89:85:f4:7c:0e:73:b6:55:9a:7e:ad:07:a3:9b:c9:
                    62:ca:59:61:07:af:c2:66:fc:8b:03:75:14:90:a0:
                    85:df:6a:57:89:2b:d3:1c:b5:ab:b2:6a:42:36:2e:
                    7a:d0:1d:ac:3e:0a:db:72:45:f6:4c:99:27:a5:d5:
                    1a:12:8c:ef:f5:36:19:f9:fc:3e:46:50:9d:eb:44:
                    ab:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D2:F5:F6:CA:21:62:C8:8B:F3:9A:0F:9D:E9:26:F4:23:E5:31:04
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a5ca0b-9425-4c1e-8ef6-a6fcad19aef2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a5ca0b-9425-4c1e-8ef6-a6fcad19aef2/1/U9L19sohYsiL85oPnekm9CPlMQQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  60807

    Signature Algorithm: sha256WithRSAEncryption
         27:b7:ad:88:37:b9:39:b3:bf:d3:f3:a5:41:3e:27:fb:86:b3:
         34:e7:89:24:d8:46:40:1e:bf:dd:b7:a6:0f:47:68:f8:9a:6d:
         3a:3d:ab:b8:44:14:20:b3:0b:4e:53:31:7e:07:39:f0:9b:19:
         31:4a:11:30:18:35:92:64:b5:97:48:a2:62:48:91:d9:28:a6:
         13:19:67:aa:3f:2e:41:46:50:d6:8b:ae:1b:24:d7:81:75:5b:
         95:5d:3f:30:21:96:86:db:3a:b1:ba:53:84:34:86:41:3f:35:
         bf:62:57:16:00:23:21:cd:74:2e:c3:96:b0:c6:b7:c2:9b:40:
         05:a8:b4:8a:b1:33:21:5e:33:ff:92:83:5d:08:3b:6c:c8:52:
         5e:d8:c3:15:cd:11:60:c6:bd:e5:43:b9:0c:80:69:38:e5:3b:
         99:19:6c:86:f1:46:29:a4:c0:4d:d0:5c:ab:a8:6f:fb:86:9a:
         93:23:d7:f3:46:c0:2d:b8:ef:1d:37:cb:42:9b:f6:2c:0a:c0:
         83:57:1f:83:71:87:2c:ca:c3:5e:df:ff:fe:5a:d2:6d:af:97:
         64:31:d5:0e:39:97:e7:cf:9f:81:de:82:89:66:ac:1a:d0:93:
         40:1a:be:9d:1a:55:00:e9:ad:14:7d:16:21:b9:9a:c1:34:5f:
         10:54:a3:4c
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzC2uF8JvzLCi7p0r8TxRGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2QyZjVmNmNhMjE2MmM4OGJmMzlhMGY5ZGU5MjZmNDIzZTUzMTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSunc1MIMRn4x8AV1i3SPiL8toSJ
STEDIcv758TWPxL74Ixy+hhzcau99VlUiciGK0ohRG/HN+j/3Cbu+eufcCYQh1pa
VCETlPvR0Il+LW+wrGQLgH/hViXrDdKHbKYnlsVQsKFp8safuL0j1b1lDRwZ5OzO
aLH1hsePW90oFJDBztKI5cIgUmgToxgCH0SooYsIfIQLgmFIWLSh8cJFduENdQLO
WLp8YEPJRRsa4T11M0mJhfR8DnO2VZp+rQejm8liyllhB6/CZvyLA3UUkKCF32pX
iSvTHLWrsmpCNi560B2sPgrbckX2TJknpdUaEozv9TYZ+fw+RlCd60SrZQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFFPS9fbKIWLIi/OaD53pJvQj5TEEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkwL2E1Y2Ew
Yi05NDI1LTRjMWUtOGVmNi1hNmZjYWQxOWFlZjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAvYTVjYTBi
LTk0MjUtNGMxZS04ZWY2LWE2ZmNhZDE5YWVmMi8xL1U5TDE5c29oWXNpTDg1b1Bu
ZWttOUNQbE1RUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDthzANBgkqhkiG9w0BAQsFAAOCAQEAJ7etiDe5ObO/
0/OlQT4n+4azNOeJJNhGQB6/3bemD0do+JptOj2ruEQUILMLTlMxfgc58JsZMUoR
MBg1kmS1l0iiYkiR2SimExlnqj8uQUZQ1ouuGyTXgXVblV0/MCGWhts6sbpThDSG
QT81v2JXFgAjIc10LsOWsMa3wptABai0irEzIV4z/5KDXQg7bMhSXtjDFc0RYMa9
5UO5DIBpOOU7mRlshvFGKaTATdBcq6hv+4aakyPX80bALbjvHTfLQpv2LArAg1cf
g3GHLMrDXt///lrSba+XZDHVDjmX58+fgd6CiWasGtCTQBq+nRpVAOmtFH0WIbma
wTRfEFSjTA==
-----END CERTIFICATE-----