Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer
File:                     XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer (raw, json)
Hash identifier:          hSEC/G0xdHSHEzvayErd2lUh6+lPriX+nyZ2Wu5DdHY=
Subject key identifier:   5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01901278D8FBF23C7A0B61991D456F08716D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 13 Jun 2024 16:40:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214740
                          IP: 2001:67c:ebc::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:12:78:d8:fb:f2:3c:7a:0b:61:99:1d:45:6f:08:71:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 13 16:40:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c40454a1b176795f021575347794bd9f04427ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:54:30:c1:56:b6:b4:e3:84:ce:0b:e0:9d:f2:
                    ff:5b:8d:81:1e:67:fe:5d:9d:20:f0:22:f6:e2:e2:
                    5a:e4:c9:55:e5:32:e3:de:2f:9e:6e:aa:bd:23:54:
                    dc:7b:fc:ef:fb:36:e0:4c:33:a8:a9:6d:91:f9:33:
                    f2:27:1e:60:11:26:23:fa:b6:a1:a7:f4:4a:06:60:
                    1f:b9:93:9f:7a:c0:45:cf:a1:7e:92:31:fa:e3:f2:
                    28:79:00:f3:73:7a:b7:8e:73:6e:91:c2:67:89:8a:
                    48:38:64:dd:a2:6b:20:36:13:c9:5f:f8:e3:d8:63:
                    4f:0e:52:02:4d:b7:7d:a8:ca:86:01:bf:57:81:f1:
                    8e:3e:0d:f7:80:12:aa:97:05:60:37:40:ff:a1:04:
                    aa:95:91:af:5f:15:f6:92:33:d4:7a:bb:38:cd:d5:
                    fa:20:ad:71:ff:b5:30:af:f6:71:aa:e3:35:1d:89:
                    55:50:e3:d6:c2:00:40:df:b6:60:26:61:b0:76:18:
                    83:14:24:0f:e6:ea:3b:bf:59:94:e6:58:e5:1d:a9:
                    6e:d5:a4:7c:fc:17:e8:14:c7:dc:31:96:e0:f4:90:
                    74:43:37:ba:de:3e:c0:97:34:f3:1a:ea:0a:6a:1f:
                    db:9c:32:07:bf:2b:06:fb:71:b3:91:64:c2:8a:29:
                    e7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ebc::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214740

    Signature Algorithm: sha256WithRSAEncryption
         16:28:58:fe:0f:54:27:da:85:d4:f7:04:d0:01:dd:49:3c:80:
         e9:d6:1e:7e:8b:23:89:64:6d:9f:73:3f:1b:34:09:83:8e:86:
         cd:eb:60:f2:df:e8:cb:b7:18:a6:89:c5:59:c2:c8:3c:cf:1d:
         1c:57:67:3f:bd:53:51:e9:d2:e9:81:95:bc:45:9b:3e:fd:55:
         ac:93:87:cb:c0:86:18:63:aa:21:4a:a2:7f:07:98:3d:66:3a:
         3e:a0:ae:25:66:d7:b9:39:e3:68:6a:e6:55:be:fe:67:fd:47:
         9c:6a:ec:5a:23:72:8a:14:59:e0:7c:3f:9c:54:3a:0c:19:75:
         cc:44:02:29:0f:8a:77:0d:09:45:e3:9d:eb:4e:a2:16:20:1d:
         7f:43:70:27:44:a5:80:4c:1e:e6:d1:60:20:aa:df:e0:8b:b4:
         08:cc:bf:e8:c6:cf:07:7f:61:46:d6:27:bc:d1:6d:6c:15:94:
         97:a4:27:65:46:9d:d0:cb:08:09:d8:d0:ba:74:93:1e:8b:54:
         72:4f:20:21:a4:1f:9c:32:14:7c:c8:ba:ee:59:1b:43:eb:f8:
         c9:07:94:b8:0e:28:23:06:05:e3:2b:d5:9d:0d:75:7e:f5:be:
         81:12:74:ef:23:82:ec:fe:ce:1a:a7:56:db:74:52:12:aa:99:
         23:a7:e8:98
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZASeNj78jx6C2GZHUVvCHFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjEzMTY0MDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQwNDU0YTFiMTc2Nzk1ZjAyMTU3NTM0Nzc5NGJkOWYwNDQyN2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFQwwVa2tOOEzgvgnfL/W42BHmf+
XZ0g8CL24uJa5MlV5TLj3i+ebqq9I1Tce/zv+zbgTDOoqW2R+TPyJx5gESYj+rah
p/RKBmAfuZOfesBFz6F+kjH64/IoeQDzc3q3jnNukcJniYpIOGTdomsgNhPJX/jj
2GNPDlICTbd9qMqGAb9XgfGOPg33gBKqlwVgN0D/oQSqlZGvXxX2kjPUers4zdX6
IK1x/7Uwr/ZxquM1HYlVUOPWwgBA37ZgJmGwdhiDFCQP5uo7v1mU5ljlHalu1aR8
/BfoFMfcMZbg9JB0Qze63j7AlzTzGuoKah/bnDIHvysG+3GzkWTCiinnrQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFFxARUobF2eV8CFXU0d5S9nwRCesMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdjLzNjMzY3
YS0xZjliLTRjOTItODk3OC1jYTA0NDhlN2YzYTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvM2MzNjdh
LTFmOWItNGM5Mi04OTc4LWNhMDQ0OGU3ZjNhMy8xL1hFQkZTaHNYWjVYd0lWZFRS
M2xMMmZCRUo2dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA68MBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNG1DANBgkqhkiG9w0BAQsFAAOCAQEAFihY/g9UJ9qF1PcE0AHdSTyA6dYe
fosjiWRtn3M/GzQJg46Gzetg8t/oy7cYponFWcLIPM8dHFdnP71TUenS6YGVvEWb
Pv1VrJOHy8CGGGOqIUqifweYPWY6PqCuJWbXuTnjaGrmVb7+Z/1HnGrsWiNyihRZ
4Hw/nFQ6DBl1zEQCKQ+Kdw0JReOd606iFiAdf0NwJ0SlgEwe5tFgIKrf4Iu0CMy/
6MbPB39hRtYnvNFtbBWUl6QnZUad0MsICdjQunSTHotUck8gIaQfnDIUfMi67lkb
Q+v4yQeUuA4oIwYF4yvVnQ11fvW+gRJ07yOC7P7OGqdW23RSEqqZI6fomA==
-----END CERTIFICATE-----