Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZwR7mHvpdCeFuo6LM6wHe_nHoiI.cer
File:                     ZwR7mHvpdCeFuo6LM6wHe_nHoiI.cer (raw, json)
Hash identifier:          HN8TkddFk6HWW2vbDsCAYbG73comx5Og53SrqaZerBo=
Subject key identifier:   67:04:7B:98:7B:E9:74:27:85:BA:8E:8B:33:AC:07:7B:F9:C7:A2:22
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAF49603BD697A95D424A1202BCEEE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/65/86d2ae-7c37-4344-a1e6-e8edf29245c0/1/ZwR7mHvpdCeFuo6LM6wHe_nHoiI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/65/86d2ae-7c37-4344-a1e6-e8edf29245c0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 9091
                          IP: 194.8.10.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f4:96:03:bd:69:7a:95:d4:24:a1:20:2b:ce:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67047b987be9742785ba8e8b33ac077bf9c7a222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c3:8c:78:8b:b2:bf:7a:82:b2:e6:45:03:c3:
                    76:f1:f2:f3:43:04:ec:56:67:2c:d5:a8:23:d2:f8:
                    77:8b:30:e4:79:ca:a3:14:29:3d:32:a0:c9:97:6b:
                    10:92:15:21:bf:35:3d:88:0b:71:43:b6:cb:67:b4:
                    ce:9a:48:39:b7:c8:d2:48:e7:8c:97:e4:6a:e3:63:
                    19:e4:96:56:59:d9:77:4b:db:cc:53:47:ed:fc:3d:
                    36:92:77:48:a9:50:42:1b:45:33:41:39:ef:35:b2:
                    5a:04:6e:4f:52:86:4d:cd:0c:56:bd:7c:37:0c:9b:
                    9d:80:66:0a:b3:c9:89:43:79:12:cc:31:eb:17:2a:
                    f7:48:ba:4c:c3:e2:fc:0f:e4:9b:32:8d:e3:01:89:
                    ee:a1:a1:bd:88:5a:b8:75:e2:df:6f:56:ee:35:6a:
                    ce:d3:f4:62:2c:3d:9d:f5:78:c9:3b:32:92:04:e0:
                    ac:a7:11:f5:f7:7b:54:21:19:33:74:e6:ad:9a:48:
                    07:84:32:3e:00:16:a5:94:45:41:3c:62:1a:9f:5a:
                    43:d4:d0:08:17:86:4b:ba:08:b6:0e:7d:b5:ad:84:
                    02:a4:fc:2b:97:93:39:05:1c:70:1b:f8:bf:cf:f9:
                    ba:fd:24:73:ed:a2:3e:f4:7e:6b:76:c5:da:9d:bc:
                    b9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:04:7B:98:7B:E9:74:27:85:BA:8E:8B:33:AC:07:7B:F9:C7:A2:22
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/86d2ae-7c37-4344-a1e6-e8edf29245c0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/86d2ae-7c37-4344-a1e6-e8edf29245c0/1/ZwR7mHvpdCeFuo6LM6wHe_nHoiI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.10.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  9091

    Signature Algorithm: sha256WithRSAEncryption
         71:0b:e3:fd:ee:42:6e:52:03:e1:26:a1:c7:26:17:d8:98:87:
         3d:bf:15:b9:ff:d7:7c:20:3c:0f:37:a4:58:f7:a6:97:14:5c:
         c0:f3:d1:70:55:e1:13:e8:f2:ea:e4:4c:81:19:a5:d9:ef:f3:
         39:0a:d7:5f:27:49:6e:f7:bf:ff:b5:3d:8b:92:22:4f:64:73:
         b7:59:9e:e6:ea:9c:46:d5:ee:c3:60:f1:93:94:8a:7b:a0:3d:
         27:68:e4:80:70:f9:51:7b:3c:2b:76:08:69:91:d9:65:c4:d5:
         da:1d:39:dd:e0:6f:62:e1:97:bb:a2:85:f8:f8:30:c7:af:e3:
         b9:64:91:df:05:9a:a7:e0:83:8e:03:e7:d6:24:1b:1d:57:8f:
         7a:aa:69:84:e5:1c:31:6d:e2:eb:a6:c7:99:21:d1:d0:ad:e9:
         a3:94:4b:e2:59:e9:7c:4f:2d:56:84:04:aa:d7:42:dc:c0:0e:
         54:ac:58:b3:12:36:25:df:1e:26:8a:33:77:a5:72:4d:98:d7:
         1a:81:9c:68:8a:55:37:d7:ff:56:31:25:11:b1:ea:a9:ba:c5:
         98:52:1e:ab:86:2e:63:a0:f5:a2:76:64:2c:87:ad:1e:b1:5f:
         e4:a3:55:82:e1:cf:92:9a:6a:70:6b:bc:bc:e3:58:03:db:e3:
         f4:70:5e:ad
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzC2vSWA71pepXUJKEgK87uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzA0N2I5ODdiZTk3NDI3ODViYThlOGIzM2FjMDc3YmY5YzdhMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcOMeIuyv3qCsuZFA8N28fLzQwTs
Vmcs1agj0vh3izDkecqjFCk9MqDJl2sQkhUhvzU9iAtxQ7bLZ7TOmkg5t8jSSOeM
l+Rq42MZ5JZWWdl3S9vMU0ft/D02kndIqVBCG0UzQTnvNbJaBG5PUoZNzQxWvXw3
DJudgGYKs8mJQ3kSzDHrFyr3SLpMw+L8D+SbMo3jAYnuoaG9iFq4deLfb1buNWrO
0/RiLD2d9XjJOzKSBOCspxH193tUIRkzdOatmkgHhDI+ABallEVBPGIan1pD1NAI
F4ZLugi2Dn21rYQCpPwrl5M5BRxwG/i/z/m6/SRz7aI+9H5rdsXanby5nwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFGcEe5h76XQnhbqOizOsB3v5x6IiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY1Lzg2ZDJh
ZS03YzM3LTQzNDQtYTFlNi1lOGVkZjI5MjQ1YzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUvODZkMmFl
LTdjMzctNDM0NC1hMWU2LWU4ZWRmMjkyNDVjMC8xL1p3UjdtSHZwZENlRnVvNkxN
NndIZV9uSG9pSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwggKMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AiODMA0GCSqGSIb3DQEBCwUAA4IBAQBxC+P97kJuUgPhJqHHJhfYmIc9vxW5/9d8
IDwPN6RY96aXFFzA89FwVeET6PLq5EyBGaXZ7/M5CtdfJ0lu97//tT2LkiJPZHO3
WZ7m6pxG1e7DYPGTlIp7oD0naOSAcPlRezwrdghpkdllxNXaHTnd4G9i4Ze7ooX4
+DDHr+O5ZJHfBZqn4IOOA+fWJBsdV496qmmE5RwxbeLrpseZIdHQremjlEviWel8
Ty1WhASq10LcwA5UrFizEjYl3x4mijN3pXJNmNcagZxoilU31/9WMSURseqpusWY
Uh6rhi5joPWidmQsh60esV/ko1WC4c+Smmpwa7y841gD2+P0cF6t
-----END CERTIFICATE-----