Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aZISXj1TzEgTNhBUg_z_cB_aG7M.cer
File:                     aZISXj1TzEgTNhBUg_z_cB_aG7M.cer (raw, json)
Hash identifier:          36nwq8XVVNxN7R4dxVKmkAAzqOI5AHRmfJslilk+3BU=
Subject key identifier:   69:92:12:5E:3D:53:CC:48:13:36:10:54:83:FC:FF:70:1F:DA:1B:B3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B7C80BF2C00E1B1EE3C5D6A11617BB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 209761
                          IP: 213.226.88.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c8:0b:f2:c0:0e:1b:1e:e3:c5:d6:a1:16:17:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6992125e3d53cc481336105483fcff701fda1bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2e:2e:df:ef:4f:da:90:31:05:90:9b:1e:68:
                    a0:15:9a:72:31:97:f5:b4:7f:ef:82:4b:bf:c3:c6:
                    40:6a:14:88:12:3a:91:2a:c1:4b:e8:e6:67:2f:42:
                    58:49:a6:2e:00:36:e7:08:aa:90:6b:1a:53:2c:7c:
                    5d:c3:3e:3d:71:d3:93:05:44:61:a0:c6:95:26:bd:
                    03:c6:74:1b:33:48:43:59:c2:eb:f8:74:11:f6:1c:
                    5d:bd:cb:08:e7:c7:ef:09:e1:da:78:e3:fd:ff:f6:
                    1b:ba:e0:1f:72:28:0e:57:3a:73:6a:b1:58:bb:4e:
                    f0:3e:1d:54:1b:d7:6a:3d:a9:78:7b:ce:cd:73:2e:
                    b1:91:c0:5a:46:ea:d8:85:d4:fe:19:04:b3:30:e8:
                    13:ea:31:55:76:65:1d:83:ae:09:e7:51:10:8f:27:
                    24:26:42:1e:5c:23:13:ba:67:75:b3:8b:33:bc:72:
                    f9:08:ef:00:72:e7:11:c2:ff:54:35:3f:ac:bc:ee:
                    b1:8f:28:cb:cc:d8:bd:2a:98:93:f2:3a:20:d2:33:
                    ae:28:8c:6e:99:35:bc:7f:33:b6:5d:f5:1d:29:22:
                    42:25:06:fc:10:7b:87:be:87:4e:01:64:24:d3:97:
                    e4:ad:b6:68:b2:d2:c2:26:49:7f:ba:8c:c1:f8:0a:
                    39:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:92:12:5E:3D:53:CC:48:13:36:10:54:83:FC:FF:70:1F:DA:1B:B3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.226.88.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209761

    Signature Algorithm: sha256WithRSAEncryption
         ad:85:84:5c:28:77:ed:07:8c:37:85:30:33:a8:f4:6a:38:e9:
         17:9f:e8:13:e8:a9:59:67:e7:2d:88:a8:00:6f:6e:d0:8f:21:
         a5:2c:e3:73:ed:a9:7b:c7:9f:4b:4b:16:eb:b4:75:73:f4:5b:
         61:84:48:7c:45:7f:6e:66:bf:36:3f:39:b6:e8:8c:73:60:3d:
         10:1d:92:ac:de:bc:a7:d0:79:78:84:4a:7b:99:2f:15:ab:32:
         72:b6:82:07:b7:e2:84:68:5b:5d:8b:2e:2b:84:25:8f:da:3d:
         3c:bc:e4:5b:e3:71:1c:58:ce:69:00:f7:8d:0d:9e:96:20:01:
         32:56:d2:ef:59:97:29:6e:a8:a8:7d:73:d8:fb:2b:65:d3:af:
         6e:20:60:ed:b8:36:a9:45:03:58:b8:b7:08:28:50:a1:0b:7e:
         77:f4:7e:15:76:6a:c7:db:ee:05:ea:51:fb:7b:18:38:5f:54:
         97:8f:aa:49:65:20:6a:04:31:38:6e:cd:a5:ec:78:8f:30:19:
         6d:a5:88:65:c9:5c:e8:23:ee:90:b3:6b:55:e0:56:1c:26:73:
         76:ca:eb:b0:5f:75:0c:cf:d7:04:fd:85:d7:63:c4:cf:27:4d:
         c3:60:b8:cb:66:72:0d:7b:d0:c9:4e:f0:83:75:0d:35:37:84:
         1a:9b:d3:ae
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzGt8gL8sAOGx7jxdahFhe7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTkyMTI1ZTNkNTNjYzQ4MTMzNjEwNTQ4M2ZjZmY3MDFmZGExYmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvC4u3+9P2pAxBZCbHmigFZpyMZf1
tH/vgku/w8ZAahSIEjqRKsFL6OZnL0JYSaYuADbnCKqQaxpTLHxdwz49cdOTBURh
oMaVJr0DxnQbM0hDWcLr+HQR9hxdvcsI58fvCeHaeOP9//YbuuAfcigOVzpzarFY
u07wPh1UG9dqPal4e87Ncy6xkcBaRurYhdT+GQSzMOgT6jFVdmUdg64J51EQjyck
JkIeXCMTumd1s4szvHL5CO8AcucRwv9UNT+svO6xjyjLzNi9KpiT8jog0jOuKIxu
mTW8fzO2XfUdKSJCJQb8EHuHvodOAWQk05fkrbZostLCJkl/uozB+Ao5gwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGmSEl49U8xIEzYQVIP8/3Af2huzMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YzLzRhYzk1
Ny00MTgzLTQ5ZjMtYmZiZS04MzdjNWUxMmJkMDQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvNGFjOTU3
LTQxODMtNDlmMy1iZmJlLTgzN2M1ZTEyYmQwNC8xL2FaSVNYajFUekVnVE5oQlVn
X3pfY0JfYUc3TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQC1eJYMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMzYTANBgkqhkiG9w0BAQsFAAOCAQEArYWEXCh37QeMN4UwM6j0ajjpF5/oE+ip
WWfnLYioAG9u0I8hpSzjc+2pe8efS0sW67R1c/RbYYRIfEV/bma/Nj85tuiMc2A9
EB2SrN68p9B5eIRKe5kvFasycraCB7fihGhbXYsuK4Qlj9o9PLzkW+NxHFjOaQD3
jQ2eliABMlbS71mXKW6oqH1z2PsrZdOvbiBg7bg2qUUDWLi3CChQoQt+d/R+FXZq
x9vuBepR+3sYOF9Ul4+qSWUgagQxOG7Npex4jzAZbaWIZclc6CPukLNrVeBWHCZz
dsrrsF91DM/XBP2F12PEzydNw2C4y2ZyDXvQyU7wg3UNNTeEGpvTrg==
-----END CERTIFICATE-----