Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XEjolmuNGs5fPiAK-tBV07zYfcs.cer
File:                     XEjolmuNGs5fPiAK-tBV07zYfcs.cer (raw, json)
Hash identifier:          CotOxm1OwPRMpQFujpZm/JBjoVs1edq9mEAi5qTM82c=
Subject key identifier:   5C:48:E8:96:6B:8D:1A:CE:5F:3E:20:0A:FA:D0:55:D3:BC:D8:7D:CB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5010771B62F07DA6F68D4BB283579E8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2e/1be3b7-fa1d-4658-a7fb-2cac5462c202/1/XEjolmuNGs5fPiAK-tBV07zYfcs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2e/1be3b7-fa1d-4658-a7fb-2cac5462c202/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 203044

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:07:71:b6:2f:07:da:6f:68:d4:bb:28:35:79:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c48e8966b8d1ace5f3e200afad055d3bcd87dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bd:5c:2e:6e:2b:a5:dc:2b:6d:58:d6:c7:6b:
                    47:48:50:3e:ca:a3:70:8e:48:9f:15:d9:23:f8:94:
                    53:b4:e6:9f:de:e7:e0:97:3b:2a:f8:fc:89:0e:0f:
                    80:71:a2:34:c7:0c:43:dd:c9:b7:f6:61:7c:5b:13:
                    d6:12:f0:9e:c3:2b:5d:2f:0d:20:f3:71:1a:bb:ba:
                    4d:db:78:26:69:ab:b8:f0:03:75:e5:2c:84:bd:2e:
                    4c:f2:96:a7:ae:75:4a:b5:fb:29:d7:7b:5e:f7:f9:
                    15:01:aa:72:a0:8e:ce:71:54:50:f0:e8:2a:fb:a1:
                    8a:6d:f8:e6:9d:e1:b1:e4:49:c1:fe:e4:71:5f:18:
                    1d:58:ea:eb:d2:ae:3d:ec:b9:18:0a:95:fc:a7:46:
                    d5:88:ca:9b:92:8b:d1:93:b3:ef:5e:77:2c:47:36:
                    c8:2d:a1:ec:fb:ae:8e:1c:ce:49:87:00:c6:6e:eb:
                    59:2d:eb:b8:ca:6f:8b:80:05:be:bb:fd:ae:22:fa:
                    25:a3:5a:81:31:b7:58:84:7e:22:ae:2b:15:9a:40:
                    de:8d:a1:54:b5:16:d1:f9:b5:43:57:45:fa:e8:98:
                    89:57:91:97:5e:4e:9f:91:a8:87:2e:aa:65:1d:a9:
                    ec:56:e3:78:bc:e7:70:72:1f:e6:20:61:25:20:b6:
                    0d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:48:E8:96:6B:8D:1A:CE:5F:3E:20:0A:FA:D0:55:D3:BC:D8:7D:CB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1be3b7-fa1d-4658-a7fb-2cac5462c202/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1be3b7-fa1d-4658-a7fb-2cac5462c202/1/XEjolmuNGs5fPiAK-tBV07zYfcs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203044

    Signature Algorithm: sha256WithRSAEncryption
         1c:5f:1e:ce:80:aa:64:68:c5:2d:3d:78:ac:4d:6e:50:10:ea:
         3c:92:0f:3d:18:7b:5d:28:15:92:8e:1c:87:3b:3c:28:25:e1:
         1b:81:de:e8:88:29:ab:70:73:9c:ec:90:40:fa:b9:48:73:60:
         0a:e1:93:c8:91:69:d8:74:e2:2f:21:9d:3d:3e:d5:3b:cf:61:
         29:72:31:80:95:59:06:9a:a7:00:35:9d:15:7a:d6:e6:18:94:
         e1:01:78:25:47:b1:8a:5d:32:c2:71:ca:74:22:e5:2a:47:d5:
         d8:e4:85:e0:6b:85:91:dc:75:b4:05:1a:03:93:ee:f9:f6:74:
         ab:ff:e7:4e:f2:04:73:0b:6e:e3:b8:f0:78:ad:b5:05:3d:64:
         63:9b:f6:0d:e4:02:35:98:8e:3f:5f:9a:70:24:16:9c:41:0d:
         54:80:5e:78:e8:25:6b:a5:dc:76:bd:7a:6a:16:f0:c1:09:70:
         f9:4b:d5:c4:b2:94:f7:f0:e4:a5:32:2c:e1:93:1a:72:59:fa:
         61:75:bb:08:e7:d4:5b:50:a3:a7:d7:72:2d:fd:3c:17:16:2d:
         3f:c9:4a:4d:3e:5e:86:0e:69:ed:6b:c4:a5:d4:53:8f:2b:2b:
         5b:d6:79:a3:82:53:05:22:38:0c:44:83:9b:f6:9a:96:6a:6d:
         bb:dd:ed:de
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzFAQdxti8H2m9o1LsoNXnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQ4ZTg5NjZiOGQxYWNlNWYzZTIwMGFmYWQwNTVkM2JjZDg3ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApL1cLm4rpdwrbVjWx2tHSFA+yqNw
jkifFdkj+JRTtOaf3ufglzsq+PyJDg+AcaI0xwxD3cm39mF8WxPWEvCewytdLw0g
83Eau7pN23gmaau48AN15SyEvS5M8panrnVKtfsp13te9/kVAapyoI7OcVRQ8Ogq
+6GKbfjmneGx5EnB/uRxXxgdWOrr0q497LkYCpX8p0bViMqbkovRk7PvXncsRzbI
LaHs+66OHM5JhwDGbutZLeu4ym+LgAW+u/2uIvolo1qBMbdYhH4irisVmkDejaFU
tRbR+bVDV0X66JiJV5GXXk6fkaiHLqplHansVuN4vOdwch/mIGElILYNMQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFFxI6JZrjRrOXz4gCvrQVdO82H3LMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJlLzFiZTNi
Ny1mYTFkLTQ2NTgtYTdmYi0yY2FjNTQ2MmMyMDIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUvMWJlM2I3
LWZhMWQtNDY1OC1hN2ZiLTJjYWM1NDYyYzIwMi8xL1hFam9sbXVOR3M1ZlBpQUst
dEJWMDd6WWZjcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMZJDANBgkqhkiG9w0BAQsFAAOCAQEAHF8ezoCqZGjF
LT14rE1uUBDqPJIPPRh7XSgVko4chzs8KCXhG4He6Igpq3BznOyQQPq5SHNgCuGT
yJFp2HTiLyGdPT7VO89hKXIxgJVZBpqnADWdFXrW5hiU4QF4JUexil0ywnHKdCLl
KkfV2OSF4GuFkdx1tAUaA5Pu+fZ0q//nTvIEcwtu47jweK21BT1kY5v2DeQCNZiO
P1+acCQWnEENVIBeeOgla6Xcdr16ahbwwQlw+UvVxLKU9/DkpTIs4ZMacln6YXW7
COfUW1Cjp9dyLf08FxYtP8lKTT5ehg5p7WvEpdRTjysrW9Z5o4JTBSI4DESDm/aa
lmptu93t3g==
-----END CERTIFICATE-----