Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cNZU8uFv6IJuBK6W315csKJgOAo.cer
File:                     cNZU8uFv6IJuBK6W315csKJgOAo.cer (raw, json)
Hash identifier:          zgg7YYYVupocOBLWve5kjJ8PqCTWKdFyD3LeluhTCbk=
Subject key identifier:   70:D6:54:F2:E1:6F:E8:82:6E:04:AE:96:DF:5E:5C:B0:A2:60:38:0A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC793491750C039D85820D17DA63D0BDE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bd/74bbbc-9d72-44ec-859b-c767cb74bddb/1/cNZU8uFv6IJuBK6W315csKJgOAo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bd/74bbbc-9d72-44ec-859b-c767cb74bddb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:29:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198505
                          IP: 193.8.201.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:49:17:50:c0:39:d8:58:20:d1:7d:a6:3d:0b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70d654f2e16fe8826e04ae96df5e5cb0a260380a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ed:ea:61:a9:b5:8b:9d:a6:4f:d1:ff:f7:06:
                    e6:60:1f:9a:67:28:3d:a1:d5:2b:51:f9:cc:e1:5d:
                    41:47:89:f4:56:4c:4f:8a:61:c6:09:64:60:7e:79:
                    a1:c1:da:03:58:d8:68:86:6e:f0:4b:9e:d7:ab:df:
                    bd:7c:71:ae:3f:94:e3:0a:ef:f8:4c:07:67:67:19:
                    08:a1:3b:f6:15:6c:8e:11:61:55:83:d8:27:cf:4a:
                    6b:87:8b:5a:52:82:22:16:6b:a5:62:b4:2c:6d:74:
                    83:3e:18:ae:b9:ca:9e:60:e2:ac:25:09:61:17:8d:
                    9b:1e:b8:14:14:b0:13:b2:90:36:f4:d9:61:f6:ca:
                    7f:ea:21:17:3a:15:05:fd:5c:65:24:3a:75:04:f2:
                    d1:cd:d5:15:f4:58:28:9f:90:0f:bf:0f:2f:bd:fb:
                    a2:d0:19:79:89:87:cb:8a:b7:84:88:13:e0:4e:50:
                    b2:99:84:0b:98:c9:12:6e:0b:c8:5e:e6:df:56:79:
                    d1:54:36:7d:d9:4f:96:63:e5:bf:7c:a1:08:42:ae:
                    57:6e:73:27:f0:72:81:f0:63:c9:65:73:2b:ee:19:
                    ba:40:94:0e:f7:a0:a8:f3:a0:4e:4b:27:7c:da:0a:
                    5e:17:42:3c:52:17:b9:65:14:92:c0:06:8a:11:77:
                    20:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:D6:54:F2:E1:6F:E8:82:6E:04:AE:96:DF:5E:5C:B0:A2:60:38:0A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/74bbbc-9d72-44ec-859b-c767cb74bddb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/74bbbc-9d72-44ec-859b-c767cb74bddb/1/cNZU8uFv6IJuBK6W315csKJgOAo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.201.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198505

    Signature Algorithm: sha256WithRSAEncryption
         40:c7:85:fa:20:ed:bd:26:5d:da:65:1b:3d:75:27:a1:d5:04:
         4d:73:b6:77:e1:6a:d9:d4:59:06:16:fb:86:c1:04:77:e2:97:
         fd:cb:07:5b:4e:e8:b0:75:0e:fa:9f:fa:4d:74:d9:f4:4f:de:
         be:43:87:b7:6d:eb:74:1c:d5:26:d0:bc:9d:72:78:30:50:48:
         4e:9c:64:cf:70:aa:d0:a2:d2:87:27:e0:91:88:f2:4e:d5:b6:
         be:a0:52:34:b2:30:ea:a4:f4:c2:f0:18:b4:d2:3a:0e:75:4c:
         82:a9:51:c2:c9:31:c4:3a:ad:bf:e7:ab:de:8e:fa:64:73:3f:
         5d:e3:5e:5a:08:1d:c5:f5:6d:42:40:85:28:b8:45:59:e8:88:
         8b:d3:a1:fd:b4:c0:0e:c9:e9:28:57:d7:06:97:1e:cb:db:38:
         1b:ea:1d:7c:ef:e8:d2:d3:79:5b:c1:e1:ab:c8:f2:f0:06:f0:
         d5:8d:25:33:20:29:e0:a0:de:41:a5:48:71:e6:91:e3:ad:78:
         fc:91:ea:03:42:da:7b:8f:df:77:71:e5:01:26:21:bd:43:36:
         eb:b6:17:4f:0f:c5:c8:a4:7f:2a:2f:26:52:8a:fa:d2:b5:68:
         96:96:f7:8a:7f:0d:9e:59:98:dd:3c:7b:be:ac:e7:da:98:48:
         17:01:25:78
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzHk0kXUMA52Fgg0X2mPQveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGQ2NTRmMmUxNmZlODgyNmUwNGFlOTZkZjVlNWNiMGEyNjAzODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+3qYam1i52mT9H/9wbmYB+aZyg9
odUrUfnM4V1BR4n0VkxPimHGCWRgfnmhwdoDWNhohm7wS57Xq9+9fHGuP5TjCu/4
TAdnZxkIoTv2FWyOEWFVg9gnz0prh4taUoIiFmulYrQsbXSDPhiuucqeYOKsJQlh
F42bHrgUFLATspA29Nlh9sp/6iEXOhUF/VxlJDp1BPLRzdUV9Fgon5APvw8vvfui
0Bl5iYfLireEiBPgTlCymYQLmMkSbgvIXubfVnnRVDZ92U+WY+W/fKEIQq5XbnMn
8HKB8GPJZXMr7hm6QJQO96Co86BOSyd82gpeF0I8Uhe5ZRSSwAaKEXcgHQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHDWVPLhb+iCbgSult9eXLCiYDgKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JkLzc0YmJi
Yy05ZDcyLTQ0ZWMtODU5Yi1jNzY3Y2I3NGJkZGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmQvNzRiYmJj
LTlkNzItNDRlYy04NTliLWM3NjdjYjc0YmRkYi8xL2NOWlU4dUZ2NklKdUJLNlcz
MTVjc0tKZ09Bby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwQjJMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMHaTANBgkqhkiG9w0BAQsFAAOCAQEAQMeF+iDtvSZd2mUbPXUnodUETXO2d+Fq
2dRZBhb7hsEEd+KX/csHW07osHUO+p/6TXTZ9E/evkOHt23rdBzVJtC8nXJ4MFBI
Tpxkz3Cq0KLShyfgkYjyTtW2vqBSNLIw6qT0wvAYtNI6DnVMgqlRwskxxDqtv+er
3o76ZHM/XeNeWggdxfVtQkCFKLhFWeiIi9Oh/bTADsnpKFfXBpcey9s4G+odfO/o
0tN5W8Hhq8jy8Abw1Y0lMyAp4KDeQaVIceaR4614/JHqA0Lae4/fd3HlASYhvUM2
67YXTw/FyKR/Ki8mUor60rVolpb3in8NnlmY3Tx7vqzn2phIFwEleA==
-----END CERTIFICATE-----