Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer
File:                     WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer (raw, json)
Hash identifier:          na405UunteJ8CiG7n2+UKpslsEL3jJcL/wG1iLLW1s4=
Subject key identifier:   59:F2:47:0C:03:A0:F0:BA:D0:08:46:B0:F6:7C:7A:23:2D:55:72:88
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB084F1CDA6B825889D65EAB63EC36
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211595
                          IP: 2001:678:f10::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:08:4f:1c:da:6b:82:58:89:d6:5e:ab:63:ec:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59f2470c03a0f0bad00846b0f67c7a232d557288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2e:d7:31:5e:c3:5d:f2:5f:7b:5a:29:96:c3:
                    d9:14:4a:33:b4:ac:2f:48:00:31:7a:f1:a0:3b:e4:
                    5b:4a:50:3f:6d:c5:3d:4f:83:66:6d:e6:8d:39:33:
                    d0:a6:8a:c7:a6:f6:6e:91:3b:45:45:3b:14:30:26:
                    cd:af:93:1e:92:c0:25:79:c1:f3:47:a4:dc:99:be:
                    01:69:47:18:63:a5:4a:f0:44:29:81:d7:d0:e0:b6:
                    7c:98:4c:ec:94:00:11:92:93:67:c2:93:0f:24:ec:
                    67:cc:0d:db:08:03:0f:dc:05:7f:d4:0e:bc:34:eb:
                    76:6e:15:b7:c1:eb:75:aa:c5:47:1a:94:37:10:8d:
                    41:8c:45:4a:84:1f:86:c9:5a:54:6b:de:a3:be:b8:
                    ed:c3:54:22:b6:f9:24:f6:a6:05:e4:40:06:d4:d2:
                    d6:c6:7c:f6:ae:97:23:cb:9e:83:f6:0f:c4:0b:23:
                    8d:93:85:67:bc:57:f4:81:d6:db:c8:54:31:b2:43:
                    87:f8:ab:80:75:a7:86:0f:a5:00:2d:63:aa:69:0e:
                    76:b8:29:f2:bf:39:d0:0e:41:4d:25:c5:cf:a7:19:
                    38:52:eb:47:60:8c:8d:a7:6e:58:b3:88:a4:d1:19:
                    a7:6c:12:7d:c9:f4:dd:09:07:98:67:0f:e4:a3:cb:
                    87:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F2:47:0C:03:A0:F0:BA:D0:08:46:B0:F6:7C:7A:23:2D:55:72:88
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f10::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211595

    Signature Algorithm: sha256WithRSAEncryption
         0f:9d:ae:12:48:f2:de:63:43:1b:b9:94:b6:7b:ea:71:fe:d2:
         27:8b:35:e4:00:0d:b0:97:2e:c5:f0:c6:10:70:ff:c2:6d:73:
         d6:d1:bc:26:e8:6a:4d:fe:6b:80:02:93:4f:1b:01:18:24:35:
         3f:6d:3e:01:9f:a1:7e:69:4a:64:30:ab:98:f9:0f:8b:82:97:
         63:27:12:f0:a8:fc:1c:b5:91:fe:91:7f:4b:ac:64:c7:6d:43:
         36:f4:09:a9:d1:d5:7a:64:0b:57:81:b6:5a:56:81:45:e3:0f:
         73:42:20:32:10:a0:9a:d9:11:f5:8b:d8:e4:4c:e1:37:03:de:
         f7:ab:e5:76:65:1f:8b:18:e9:f3:48:a3:68:c4:cd:0a:40:7a:
         8c:e3:a8:d8:49:97:04:d4:8f:c5:01:a4:32:53:4d:b0:f3:a8:
         10:77:20:e9:34:bb:67:a7:81:9d:3e:0b:1f:fe:4d:ab:3f:cd:
         77:1d:0a:fc:73:a5:41:4d:0d:bc:3f:cc:83:b0:f6:45:89:8c:
         71:a6:3d:d6:1f:5b:ae:a4:f8:9d:ba:8d:5e:6c:32:fb:1e:6f:
         71:ed:1c:3b:2f:d5:20:f4:fd:5d:a2:d4:35:ef:83:37:68:ed:
         19:c7:5b:8c:1a:3a:dd:f0:9e:bd:f8:06:0f:58:b9:31:45:37:
         8a:aa:e3:1e
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzC2whPHNprgliJ1l6rY+w2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWYyNDcwYzAzYTBmMGJhZDAwODQ2YjBmNjdjN2EyMzJkNTU3Mjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwC7XMV7DXfJfe1oplsPZFEoztKwv
SAAxevGgO+RbSlA/bcU9T4NmbeaNOTPQporHpvZukTtFRTsUMCbNr5MeksAlecHz
R6Tcmb4BaUcYY6VK8EQpgdfQ4LZ8mEzslAARkpNnwpMPJOxnzA3bCAMP3AV/1A68
NOt2bhW3wet1qsVHGpQ3EI1BjEVKhB+GyVpUa96jvrjtw1Qitvkk9qYF5EAG1NLW
xnz2rpcjy56D9g/ECyONk4VnvFf0gdbbyFQxskOH+KuAdaeGD6UALWOqaQ52uCny
vznQDkFNJcXPpxk4UutHYIyNp25Ys4ik0RmnbBJ9yfTdCQeYZw/ko8uHpQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFFnyRwwDoPC60AhGsPZ8eiMtVXKIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQxL2NlYzZk
Ni02ZDM0LTQxMDctYjY3Mi05MmJlZjM0ZTc3YWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvY2VjNmQ2
LTZkMzQtNDEwNy1iNjcyLTkyYmVmMzRlNzdhYS8xL1dmSkhEQU9nOExyUUNFYXc5
bng2SXkxVmNvZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA8QMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM6izANBgkqhkiG9w0BAQsFAAOCAQEAD52uEkjy3mNDG7mUtnvqcf7SJ4s1
5AANsJcuxfDGEHD/wm1z1tG8JuhqTf5rgAKTTxsBGCQ1P20+AZ+hfmlKZDCrmPkP
i4KXYycS8Kj8HLWR/pF/S6xkx21DNvQJqdHVemQLV4G2WlaBReMPc0IgMhCgmtkR
9YvY5EzhNwPe96vldmUfixjp80ijaMTNCkB6jOOo2EmXBNSPxQGkMlNNsPOoEHcg
6TS7Z6eBnT4LH/5Nqz/Ndx0K/HOlQU0NvD/Mg7D2RYmMcaY91h9brqT4nbqNXmwy
+x5vce0cOy/VIPT9XaLUNe+DN2jtGcdbjBo63fCevfgGD1i5MUU3iqrjHg==
-----END CERTIFICATE-----