Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_c9yu2yGh1CGKJ3SUY-wP4gi7p0.cer
File:                     _c9yu2yGh1CGKJ3SUY-wP4gi7p0.cer (raw, json)
Hash identifier:          Mw2rQmi/fb7rGn0Uo/owaPydniROkBk7HLjrKot4Tyo=
Subject key identifier:   FD:CF:72:BB:6C:86:87:50:86:28:9D:D2:51:8F:B0:3F:88:22:EE:9D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB5E9E19F1C85A31215A2983E700B7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/69/5e8f06-0ac1-4e1b-b07f-7e033b9de23e/1/_c9yu2yGh1CGKJ3SUY-wP4gi7p0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/69/5e8f06-0ac1-4e1b-b07f-7e033b9de23e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:30:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 34212
                          IP: 194.145.229.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5e:9e:19:f1:c8:5a:31:21:5a:29:83:e7:00:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdcf72bb6c86875086289dd2518fb03f8822ee9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:85:37:70:22:36:7d:ac:cb:cb:f6:fe:ab:b8:
                    3d:e0:81:b1:2a:de:94:44:a4:73:a4:c8:1e:90:46:
                    4b:a3:36:98:13:13:ec:b6:ce:af:66:7c:53:e8:50:
                    d9:78:f8:16:c2:b6:69:a5:0a:dd:15:42:c9:c8:ea:
                    ed:e8:71:ef:17:a1:e1:16:c7:f0:77:2d:06:fb:55:
                    f2:33:1d:bd:02:fe:14:b7:c9:49:01:aa:72:3b:d5:
                    37:1a:78:b1:b3:88:9f:59:24:c5:1d:d9:74:47:e3:
                    d0:07:68:29:9d:53:4b:0f:4b:93:13:f5:27:d1:0f:
                    b7:d6:65:9d:c6:f1:a3:b4:26:a6:24:43:b4:46:f9:
                    9e:46:3a:ee:82:9b:a9:f7:7b:ae:f7:40:78:3b:0f:
                    23:8c:f5:48:5e:1e:46:52:2e:2b:9d:c5:62:77:b0:
                    c8:eb:25:3f:f1:68:ac:a6:4b:f9:18:e5:c4:07:43:
                    2b:64:9d:02:01:7b:f8:12:98:91:df:16:3d:5c:42:
                    5d:73:17:63:bb:57:5b:f7:43:48:08:1c:32:02:a5:
                    f7:9c:6e:01:91:5e:cd:e3:b7:6d:e6:2d:62:66:60:
                    19:10:dc:46:6c:d6:d5:8f:17:79:41:de:a2:94:ac:
                    84:b9:70:54:49:5c:70:ce:ca:5d:af:14:60:6f:e2:
                    f7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:CF:72:BB:6C:86:87:50:86:28:9D:D2:51:8F:B0:3F:88:22:EE:9D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5e8f06-0ac1-4e1b-b07f-7e033b9de23e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5e8f06-0ac1-4e1b-b07f-7e033b9de23e/1/_c9yu2yGh1CGKJ3SUY-wP4gi7p0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.229.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34212

    Signature Algorithm: sha256WithRSAEncryption
         68:f8:1b:63:a8:9e:18:cd:3d:65:90:b9:46:ed:f1:fd:5b:66:
         0e:5f:6b:07:3f:1f:bc:a4:76:4c:8f:49:8d:46:d4:c9:7a:5b:
         ac:de:1d:6c:e6:a8:a6:95:ac:cb:fb:b8:43:1c:33:26:75:f3:
         50:1d:45:4a:62:a6:df:6e:3e:a1:ea:2f:be:04:ae:c2:88:8a:
         80:85:24:2b:fb:80:2f:1a:c6:a7:ef:e2:81:75:90:4a:58:fc:
         f1:ba:0c:f9:eb:02:07:63:da:6e:fc:47:05:37:d2:e0:78:fc:
         23:48:3a:b2:4e:53:bc:8a:5f:e1:14:98:ef:63:92:d3:bc:24:
         99:99:d8:e1:2d:c3:ca:2e:72:11:68:9d:67:6a:ed:ca:ac:af:
         7b:35:4c:7c:b3:e4:39:36:6d:70:2e:61:52:8b:b3:ca:95:c6:
         3f:55:86:7a:2b:9c:04:81:d0:b6:c9:fa:0d:9c:1e:7f:b8:8a:
         97:2f:de:6e:f2:1b:b7:a4:73:1a:fc:a7:3c:0a:2d:8f:bc:bc:
         66:84:66:c8:b0:aa:a6:0e:09:27:e4:d5:44:16:19:f9:79:c4:
         60:f7:b0:da:a1:4d:a4:c1:b0:49:27:c2:f9:29:d6:ac:fe:4c:
         09:42:b2:ee:ee:12:65:a2:57:f0:f1:35:cd:de:d6:f1:49:24:
         bf:70:23:69
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzC216eGfHIWjEhWimD5wC3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGNmNzJiYjZjODY4NzUwODYyODlkZDI1MThmYjAzZjg4MjJlZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoU3cCI2fazLy/b+q7g94IGxKt6U
RKRzpMgekEZLozaYExPsts6vZnxT6FDZePgWwrZppQrdFULJyOrt6HHvF6HhFsfw
dy0G+1XyMx29Av4Ut8lJAapyO9U3Gnixs4ifWSTFHdl0R+PQB2gpnVNLD0uTE/Un
0Q+31mWdxvGjtCamJEO0RvmeRjrugpup93uu90B4Ow8jjPVIXh5GUi4rncVid7DI
6yU/8Wispkv5GOXEB0MrZJ0CAXv4EpiR3xY9XEJdcxdju1db90NICBwyAqX3nG4B
kV7N47dt5i1iZmAZENxGbNbVjxd5Qd6ilKyEuXBUSVxwzspdrxRgb+L3LQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFP3PcrtshodQhiid0lGPsD+IIu6dMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY5LzVlOGYw
Ni0wYWMxLTRlMWItYjA3Zi03ZTAzM2I5ZGUyM2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvNWU4ZjA2
LTBhYzEtNGUxYi1iMDdmLTdlMDMzYjlkZTIzZS8xL19jOXl1MnlHaDFDR0tKM1NV
WS13UDRnaTdwMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwpHlMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCFpDANBgkqhkiG9w0BAQsFAAOCAQEAaPgbY6ieGM09ZZC5Ru3x/VtmDl9rBz8f
vKR2TI9JjUbUyXpbrN4dbOaoppWsy/u4QxwzJnXzUB1FSmKm324+oeovvgSuwoiK
gIUkK/uALxrGp+/igXWQSlj88boM+esCB2PabvxHBTfS4Hj8I0g6sk5TvIpf4RSY
72OS07wkmZnY4S3Dyi5yEWidZ2rtyqyvezVMfLPkOTZtcC5hUouzypXGP1WGeiuc
BIHQtsn6DZwef7iKly/ebvIbt6RzGvynPAotj7y8ZoRmyLCqpg4JJ+TVRBYZ+XnE
YPew2qFNpMGwSSfC+SnWrP5MCUKy7u4SZaJX8PE1zd7W8Ukkv3AjaQ==
-----END CERTIFICATE-----