Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XtAC05cM6z3Wh7QwuTaibzeNaSc.cer
File:                     XtAC05cM6z3Wh7QwuTaibzeNaSc.cer (raw, json)
Hash identifier:          izyRI1egPqwyb87nEgzuwkBJKDNxkYvdAaxn9SmWnPo=
Subject key identifier:   5E:D0:02:D3:97:0C:EB:3D:D6:87:B4:30:B9:36:A2:6F:37:8D:69:27
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D1F88F364D4F96E4C5B8E94B11539
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b0/0d3651-987b-4627-ad06-427c035fbc8d/1/XtAC05cM6z3Wh7QwuTaibzeNaSc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b0/0d3651-987b-4627-ad06-427c035fbc8d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:40 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 206735

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1f:88:f3:64:d4:f9:6e:4c:5b:8e:94:b1:15:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ed002d3970ceb3dd687b430b936a26f378d6927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6f:ac:a2:b6:fb:97:44:81:86:2a:ce:d8:d0:
                    6b:91:77:4f:45:b2:b3:f6:7f:3b:fd:c6:07:b7:fb:
                    aa:a3:3f:f0:f1:50:b2:9a:75:7b:a4:2f:03:7c:02:
                    8b:79:40:76:93:97:b7:d5:bd:65:5e:67:85:08:6f:
                    cb:76:6a:d2:0b:cf:8f:7a:40:8e:e2:c6:b2:e5:63:
                    e0:ff:3c:0f:87:3a:84:dd:b8:7f:fd:4e:7e:46:31:
                    5b:c7:57:3b:49:3e:16:78:de:5d:ac:12:2a:18:21:
                    3e:6f:c3:a4:72:87:b5:d4:fd:ce:fa:63:5a:ad:8d:
                    38:95:9a:b7:32:9d:13:72:73:5a:9d:6b:d1:60:1a:
                    c3:a3:fd:51:20:aa:dd:53:c9:34:e4:da:83:42:0c:
                    d3:59:41:c6:d3:5e:4d:3b:2c:8d:b7:27:59:ca:cc:
                    3a:7b:4d:12:fb:f0:79:02:ed:fb:11:e9:cb:46:d6:
                    d0:f7:26:48:d7:c2:9d:29:ed:6f:8c:c3:02:65:a8:
                    22:13:4c:85:db:19:1c:66:04:cf:40:35:18:39:43:
                    70:2d:35:92:1a:2d:1d:66:ab:a9:dc:85:7e:07:b5:
                    ed:38:42:9b:91:65:de:bf:71:a8:f2:16:c4:e0:f5:
                    b6:28:c4:0b:68:8c:31:08:36:2d:74:4d:bc:8d:17:
                    56:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D0:02:D3:97:0C:EB:3D:D6:87:B4:30:B9:36:A2:6F:37:8D:69:27
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0d3651-987b-4627-ad06-427c035fbc8d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0d3651-987b-4627-ad06-427c035fbc8d/1/XtAC05cM6z3Wh7QwuTaibzeNaSc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206735

    Signature Algorithm: sha256WithRSAEncryption
         7d:f6:ef:d4:90:9e:ae:83:53:9c:b5:c3:56:eb:6b:e3:de:8f:
         81:d7:97:3e:37:7e:b4:6d:f4:03:af:ed:12:db:b3:30:fc:78:
         e9:15:6a:27:4a:7a:10:b6:9c:70:fe:59:75:46:c9:be:64:3e:
         e3:52:6c:a9:1f:98:09:5d:db:42:24:4f:70:e0:f8:e1:bb:3b:
         de:34:fc:05:0a:fd:de:e0:5c:53:99:66:3a:a7:80:8b:44:b7:
         2d:89:69:ec:e7:5b:c9:a3:4c:24:1d:20:21:30:0c:28:fa:05:
         21:0d:57:5b:5c:04:07:f0:ba:ed:76:0c:58:6e:5d:73:d3:72:
         cf:7a:1c:d3:eb:e3:11:c1:64:b3:6f:ee:db:df:48:12:90:ce:
         bf:51:5a:b8:ce:4e:45:2e:75:26:d3:78:b7:7f:85:58:4e:e2:
         20:1c:d3:32:1f:bd:c6:4c:1e:7f:07:16:13:36:10:f5:81:bc:
         59:90:bb:72:2e:ff:81:c0:c6:e9:62:16:b8:a0:79:f3:99:c1:
         c7:57:53:ee:10:d4:a0:1f:af:e8:5c:43:c0:51:eb:fc:31:48:
         a9:d0:92:e5:84:97:7b:3f:9b:96:2e:8b:71:73:6f:e1:80:e0:
         98:12:69:98:7c:1d:05:6f:9a:ce:b0:e3:d7:4c:b1:4e:70:1a:
         aa:06:b4:25
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzCbR+I82TU+W5MW46UsRU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQwMDJkMzk3MGNlYjNkZDY4N2I0MzBiOTM2YTI2ZjM3OGQ2OTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2+sorb7l0SBhirO2NBrkXdPRbKz
9n87/cYHt/uqoz/w8VCymnV7pC8DfAKLeUB2k5e31b1lXmeFCG/LdmrSC8+PekCO
4say5WPg/zwPhzqE3bh//U5+RjFbx1c7ST4WeN5drBIqGCE+b8Okcoe11P3O+mNa
rY04lZq3Mp0TcnNanWvRYBrDo/1RIKrdU8k05NqDQgzTWUHG015NOyyNtydZysw6
e00S+/B5Au37EenLRtbQ9yZI18KdKe1vjMMCZagiE0yF2xkcZgTPQDUYOUNwLTWS
Gi0dZqup3IV+B7XtOEKbkWXev3Go8hbE4PW2KMQLaIwxCDYtdE28jRdWJwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFF7QAtOXDOs91oe0MLk2om83jWknMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IwLzBkMzY1
MS05ODdiLTQ2MjctYWQwNi00MjdjMDM1ZmJjOGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAvMGQzNjUx
LTk4N2ItNDYyNy1hZDA2LTQyN2MwMzVmYmM4ZC8xL1h0QUMwNWNNNnozV2g3UXd1
VGFpYnplTmFTYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMnjzANBgkqhkiG9w0BAQsFAAOCAQEAffbv1JCeroNT
nLXDVutr496PgdeXPjd+tG30A6/tEtuzMPx46RVqJ0p6ELaccP5ZdUbJvmQ+41Js
qR+YCV3bQiRPcOD44bs73jT8BQr93uBcU5lmOqeAi0S3LYlp7OdbyaNMJB0gITAM
KPoFIQ1XW1wEB/C67XYMWG5dc9Nyz3oc0+vjEcFks2/u299IEpDOv1FauM5ORS51
JtN4t3+FWE7iIBzTMh+9xkwefwcWEzYQ9YG8WZC7ci7/gcDG6WIWuKB585nBx1dT
7hDUoB+v6FxDwFHr/DFIqdCS5YSXez+bli6LcXNv4YDgmBJpmHwdBW+azrDj10yx
TnAaqga0JQ==
-----END CERTIFICATE-----