Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WUHeQo1eGcoN7WOIbfg8H6zCkZM.cer
File:                     WUHeQo1eGcoN7WOIbfg8H6zCkZM.cer (raw, json)
Hash identifier:          25jkoC7iC6XBNhfIIgPuBCQZC88zReuVDjW2OZCqT3o=
Subject key identifier:   59:41:DE:42:8D:5E:19:CA:0D:ED:63:88:6D:F8:3C:1F:AC:C2:91:93
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC793DFF6E55C28F31CD02BA73B8D8AD4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0e/d6d178-3b71-4173-8f5b-f3feb70038f2/1/WUHeQo1eGcoN7WOIbfg8H6zCkZM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0e/d6d178-3b71-4173-8f5b-f3feb70038f2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202402

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:df:f6:e5:5c:28:f3:1c:d0:2b:a7:3b:8d:8a:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5941de428d5e19ca0ded63886df83c1facc29193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:00:18:9c:01:10:b6:dc:d8:42:94:b8:b9:68:
                    47:3f:9c:11:1a:2c:ed:6c:b2:8d:17:4f:58:be:c3:
                    fb:d2:04:38:7e:49:1c:85:64:ec:a1:21:f3:af:8c:
                    0d:ea:27:ca:f7:8d:9d:3d:59:e3:df:1d:f1:9f:c6:
                    60:01:a7:6f:29:27:57:e0:6f:e1:92:47:3b:45:4b:
                    d2:c6:0a:67:82:93:19:8b:4c:24:49:09:0e:4d:f7:
                    af:14:1a:f7:85:4a:87:34:17:7b:c8:1a:f2:24:13:
                    2a:79:4f:43:a0:80:55:7a:28:aa:94:98:cf:5d:5a:
                    9d:86:40:86:be:3f:91:75:3e:ad:5a:e5:a9:f7:06:
                    41:7c:0a:9e:3e:ae:1c:7b:9f:ba:51:fb:e3:96:ae:
                    3d:e8:85:e5:77:d6:ff:b1:d8:73:18:4a:b7:64:a9:
                    67:f0:18:b6:50:c8:7f:68:52:bf:8c:13:8b:a7:0f:
                    fd:ab:80:5e:bc:6c:ad:3a:9b:10:fe:02:9d:e4:5f:
                    76:98:4b:10:e2:dc:10:63:90:ec:40:12:96:42:d7:
                    5f:c8:24:aa:ee:3f:8b:b0:42:e4:00:a3:bf:95:dc:
                    77:68:cb:f7:9a:73:8b:21:7c:e4:05:7e:81:05:cb:
                    48:63:df:e3:20:6c:77:5e:fa:73:a1:f4:c0:a4:d3:
                    c9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:41:DE:42:8D:5E:19:CA:0D:ED:63:88:6D:F8:3C:1F:AC:C2:91:93
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/d6d178-3b71-4173-8f5b-f3feb70038f2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/d6d178-3b71-4173-8f5b-f3feb70038f2/1/WUHeQo1eGcoN7WOIbfg8H6zCkZM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202402

    Signature Algorithm: sha256WithRSAEncryption
         ab:f5:7f:ba:34:57:3d:30:ae:65:f5:86:31:97:b0:eb:82:61:
         dc:12:6c:09:01:7e:74:e5:f5:48:32:12:1d:5e:c6:42:c1:1c:
         0d:5e:eb:d5:b0:a9:a5:f5:6b:31:3d:1a:e1:27:41:0e:83:bb:
         44:6e:43:ac:26:0c:ab:a7:b4:3a:7a:95:19:a4:af:96:38:49:
         82:e7:d1:89:0c:01:f4:7e:e2:15:14:36:ec:e0:50:97:3b:e4:
         dd:52:a5:75:bd:fd:ee:7e:d5:e9:e3:62:8e:52:13:b7:8c:b5:
         ea:a7:0b:08:33:01:c3:8a:13:03:23:d4:73:ca:f1:b4:c0:26:
         15:32:12:b7:d8:a5:75:da:01:ef:b0:04:5e:95:09:2b:5d:77:
         05:4e:f0:21:2d:d3:85:6c:ed:92:9d:ac:d2:50:ca:ba:80:bc:
         19:ce:3e:c9:8b:03:4e:d8:26:45:94:72:15:a1:7f:a7:ea:8b:
         cb:86:c3:b4:ef:1b:12:ff:1b:ff:67:cb:63:7d:7c:7c:99:80:
         64:dd:4f:25:08:72:cd:32:e7:4f:1e:07:90:0b:ea:d0:d0:e3:
         8a:64:bc:f6:d9:a4:63:e9:3d:d4:f5:82:b0:ce:26:8e:ae:b1:
         ab:7b:39:45:ed:81:21:72:b1:aa:ce:63:d3:9a:b3:d8:d4:53:
         88:c2:30:0e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHk9/25Vwo8xzQK6c7jYrUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTQxZGU0MjhkNWUxOWNhMGRlZDYzODg2ZGY4M2MxZmFjYzI5MTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQAYnAEQttzYQpS4uWhHP5wRGizt
bLKNF09YvsP70gQ4fkkchWTsoSHzr4wN6ifK942dPVnj3x3xn8ZgAadvKSdX4G/h
kkc7RUvSxgpngpMZi0wkSQkOTfevFBr3hUqHNBd7yBryJBMqeU9DoIBVeiiqlJjP
XVqdhkCGvj+RdT6tWuWp9wZBfAqePq4ce5+6Ufvjlq496IXld9b/sdhzGEq3ZKln
8Bi2UMh/aFK/jBOLpw/9q4BevGytOpsQ/gKd5F92mEsQ4twQY5DsQBKWQtdfyCSq
7j+LsELkAKO/ldx3aMv3mnOLIXzkBX6BBctIY9/jIGx3XvpzofTApNPJ0QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFFlB3kKNXhnKDe1jiG34PB+swpGTMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBlL2Q2ZDE3
OC0zYjcxLTQxNzMtOGY1Yi1mM2ZlYjcwMDM4ZjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGUvZDZkMTc4
LTNiNzEtNDE3My04ZjViLWYzZmViNzAwMzhmMi8xL1dVSGVRbzFlR2NvTjdXT0li
Zmc4SDZ6Q2taTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMWojANBgkqhkiG9w0BAQsFAAOCAQEAq/V/ujRXPTCu
ZfWGMZew64Jh3BJsCQF+dOX1SDISHV7GQsEcDV7r1bCppfVrMT0a4SdBDoO7RG5D
rCYMq6e0OnqVGaSvljhJgufRiQwB9H7iFRQ27OBQlzvk3VKldb397n7V6eNijlIT
t4y16qcLCDMBw4oTAyPUc8rxtMAmFTISt9ilddoB77AEXpUJK113BU7wIS3ThWzt
kp2s0lDKuoC8Gc4+yYsDTtgmRZRyFaF/p+qLy4bDtO8bEv8b/2fLY318fJmAZN1P
JQhyzTLnTx4HkAvq0NDjimS89tmkY+k91PWCsM4mjq6xq3s5Re2BIXKxqs5j05qz
2NRTiMIwDg==
-----END CERTIFICATE-----