Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WKXtjj7MkqLejICr6agZXV_5l-Y.cer
File:                     WKXtjj7MkqLejICr6agZXV_5l-Y.cer (raw, json)
Hash identifier:          U12EXpkHtbc3xxeOxUiJYcVNHIFp0pEdMBHah3FTbiM=
Subject key identifier:   58:A5:ED:8E:3E:CC:92:A2:DE:8C:80:AB:E9:A8:19:5D:5F:F9:97:E6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC49368EB0A4A617306F54B6607ED65A2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/WKXtjj7MkqLejICr6agZXV_5l-Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:30:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49852
                          IP: 2001:678:6ac::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:68:eb:0a:4a:61:73:06:f5:4b:66:07:ed:65:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58a5ed8e3ecc92a2de8c80abe9a8195d5ff997e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:59:1d:8b:45:03:9a:b9:3f:9d:2d:ec:b7:42:
                    e2:5c:3e:88:73:6b:4b:46:e5:6c:0c:32:d4:cd:2c:
                    74:0c:cc:74:17:b2:ad:2f:4f:a5:8e:d1:dc:4d:0d:
                    cb:32:1f:c1:ac:dc:c0:dc:3d:37:c3:0e:7d:13:0f:
                    fd:9e:19:0f:1f:81:55:85:91:36:e3:16:48:d4:bf:
                    1a:5b:58:bf:fc:c2:b1:af:70:fd:4d:6c:eb:3e:61:
                    d8:0a:ea:24:ee:3b:9c:2f:3d:a4:26:76:b1:ee:d2:
                    ce:aa:cb:6c:3c:36:2b:b4:6d:c0:46:de:9f:2b:72:
                    e4:f7:dc:79:97:3a:e7:ed:5e:d4:b1:50:0d:30:b5:
                    c2:30:bf:7d:3e:b6:22:12:7d:dd:ab:fc:4b:4c:58:
                    7b:2c:19:98:e4:ed:95:7f:34:a8:34:28:1f:a3:cb:
                    14:06:12:8d:72:81:bd:9e:a3:fa:2d:a7:8f:08:fc:
                    3a:d4:f0:f6:80:64:4f:32:11:a1:44:31:90:34:9b:
                    52:d6:9e:a1:b1:79:7a:59:09:f2:7c:d3:9f:a9:32:
                    c8:86:90:9b:b8:b3:4a:0a:3f:6d:de:21:96:15:e7:
                    19:1f:86:f5:df:7f:5d:7e:dc:81:28:e5:7a:38:e0:
                    26:23:24:9d:e4:88:3d:6a:88:7b:f9:c4:2d:77:97:
                    14:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A5:ED:8E:3E:CC:92:A2:DE:8C:80:AB:E9:A8:19:5D:5F:F9:97:E6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/WKXtjj7MkqLejICr6agZXV_5l-Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:6ac::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49852

    Signature Algorithm: sha256WithRSAEncryption
         8d:3d:ce:ce:a7:3a:0e:e5:da:c1:90:0e:08:15:19:99:a6:fd:
         88:1c:4c:02:a8:82:28:ff:92:c0:48:99:25:22:b6:7e:a2:34:
         01:99:2c:6e:34:97:6f:4f:94:ee:c3:53:16:4d:30:04:ab:2f:
         03:9d:94:8c:6b:c3:c3:cf:a3:0d:3b:8c:24:4f:35:01:4c:d4:
         67:4e:10:28:d4:97:78:3f:58:5b:2a:37:2d:e2:2d:bf:37:53:
         8f:6e:32:cd:c7:12:75:94:a3:4d:94:e5:d9:6f:04:0b:08:b2:
         d6:b9:d4:ab:95:38:1c:cc:e1:66:76:71:f5:c2:dc:72:2f:5f:
         d4:14:c1:39:fe:4f:db:f3:10:6d:35:36:80:6a:dc:dc:85:5f:
         2c:e8:f6:85:df:e0:45:49:e8:b8:b6:7d:a9:25:ca:11:ec:9a:
         c0:2a:9e:7e:80:ff:a2:2a:08:88:cb:9c:40:aa:d9:96:05:a1:
         6f:c4:94:7f:ad:c7:69:57:a3:72:60:1d:e7:4a:27:f8:74:9f:
         98:43:19:7f:8c:c8:9d:5f:86:9b:0b:7c:e3:c0:78:6d:28:ca:
         ff:fe:5f:bc:1e:fd:e4:1a:b1:76:f7:b3:e3:1b:57:61:9e:ea:
         bf:35:ed:a5:c6:11:0f:aa:a4:50:f3:6a:97:d5:81:04:da:44:
         a8:d7:95:a6
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzEk2jrCkphcwb1S2YH7WWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGE1ZWQ4ZTNlY2M5MmEyZGU4YzgwYWJlOWE4MTk1ZDVmZjk5N2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFkdi0UDmrk/nS3st0LiXD6Ic2tL
RuVsDDLUzSx0DMx0F7KtL0+ljtHcTQ3LMh/BrNzA3D03ww59Ew/9nhkPH4FVhZE2
4xZI1L8aW1i//MKxr3D9TWzrPmHYCuok7jucLz2kJnax7tLOqstsPDYrtG3ARt6f
K3Lk99x5lzrn7V7UsVANMLXCML99PrYiEn3dq/xLTFh7LBmY5O2VfzSoNCgfo8sU
BhKNcoG9nqP6LaePCPw61PD2gGRPMhGhRDGQNJtS1p6hsXl6WQnyfNOfqTLIhpCb
uLNKCj9t3iGWFecZH4b1339dftyBKOV6OOAmIySd5Ig9aoh7+cQtd5cUEQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFFil7Y4+zJKi3oyAq+moGV1f+ZfmMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc5L2M1ODE4
OS1kNTdlLTQxNWQtYjk3Ny0wMDY3YmNhZjM3NzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkvYzU4MTg5
LWQ1N2UtNDE1ZC1iOTc3LTAwNjdiY2FmMzc3MC8xL1dLWHRqajdNa3FMZWpJQ3I2
YWdaWFZfNWwtWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAasMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwDCvDANBgkqhkiG9w0BAQsFAAOCAQEAjT3Ozqc6DuXawZAOCBUZmab9iBxM
AqiCKP+SwEiZJSK2fqI0AZksbjSXb0+U7sNTFk0wBKsvA52UjGvDw8+jDTuMJE81
AUzUZ04QKNSXeD9YWyo3LeItvzdTj24yzccSdZSjTZTl2W8ECwiy1rnUq5U4HMzh
ZnZx9cLcci9f1BTBOf5P2/MQbTU2gGrc3IVfLOj2hd/gRUnouLZ9qSXKEeyawCqe
foD/oioIiMucQKrZlgWhb8SUf63HaVejcmAd50on+HSfmEMZf4zInV+Gmwt848B4
bSjK//5fvB795Bqxdvez4xtXYZ7qvzXtpcYRD6qkUPNql9WBBNpEqNeVpg==
-----END CERTIFICATE-----