Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer
File:                     cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer (raw, json)
Hash identifier:          g64xeO28NzZmo8a7RlJC7GjNiKG8YBKG0sOc1QyrSPg=
Subject key identifier:   71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAF14515A977B1BCAA551973063E76
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 197271
                          IP: 46.28.56.0/21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f1:45:15:a9:77:b1:bc:aa:55:19:73:06:3e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=719e59b5017bfe634411949eff2d70ba0a07c540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e7:aa:50:9f:8a:08:ac:c2:75:b3:60:c1:7a:
                    68:4d:e9:aa:e1:fb:68:98:f2:74:a2:59:05:15:e4:
                    f1:e8:b2:b1:d2:0d:7f:72:76:a7:e8:8c:41:eb:b4:
                    ae:48:c5:af:ab:24:d6:a6:e5:1f:3f:72:7b:fc:05:
                    08:ec:ef:39:0c:6c:3a:15:61:b1:0b:79:c6:aa:43:
                    29:ad:3f:cb:f6:3e:95:ab:f8:b4:72:70:58:14:ea:
                    11:c2:53:e5:1b:44:1d:0e:02:05:3e:73:82:de:e2:
                    0a:93:40:6f:0c:20:6f:7f:81:77:60:37:f2:ec:c8:
                    ca:df:ff:5a:96:3f:b9:c5:2d:07:5b:c4:51:ed:9b:
                    ac:f4:f8:04:86:ad:0b:02:d8:b7:c9:72:15:6b:20:
                    67:ee:fa:73:9c:79:69:26:2d:f3:ec:36:c1:de:e9:
                    0a:50:15:ab:b4:0c:e2:8d:76:7d:5a:9e:fb:e1:4d:
                    66:4d:ff:f3:8d:3c:3c:e9:c5:2d:98:be:55:5f:ca:
                    fe:bd:76:58:fe:8c:74:2e:43:74:8f:29:2b:50:13:
                    f8:55:f6:8d:d0:8b:d4:f2:af:71:2e:74:5b:75:81:
                    4e:16:12:5c:0c:04:1d:c2:c8:8a:f9:1a:ce:cb:06:
                    01:bb:ec:e9:33:da:b8:65:41:17:9f:d8:af:1c:9c:
                    04:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.56.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197271

    Signature Algorithm: sha256WithRSAEncryption
         8f:20:c5:eb:1a:08:f9:8c:a9:fa:3f:fd:ad:31:06:4a:0c:16:
         c8:79:b2:13:7d:3b:c1:64:98:b8:4a:b5:bf:c2:73:46:34:52:
         75:c7:b1:09:4a:06:77:e4:03:f7:66:95:e8:85:10:4a:a9:b3:
         49:d7:51:04:36:4a:01:c5:2e:f2:73:f0:8e:ea:23:1b:e0:61:
         d7:55:6e:e5:26:ac:f5:7f:85:7d:e3:c8:10:3b:ea:3e:42:27:
         59:70:8b:c6:c3:ed:c6:6b:11:f1:5e:fd:43:d7:69:28:8a:44:
         16:50:d6:8b:26:ec:bb:6f:ed:8c:a2:eb:64:0d:5f:a4:09:56:
         97:d2:e0:02:35:ff:4e:fd:61:e9:52:03:c9:5a:a4:d6:8b:59:
         5c:40:5c:4c:b7:b9:47:55:e8:33:a3:9e:ed:e4:4c:06:c0:6c:
         90:bc:ad:b7:1c:9a:c6:dd:25:ad:80:be:b0:29:66:60:e8:bb:
         0c:89:dd:86:64:39:0a:a6:b8:09:28:5e:3f:8a:22:0d:83:50:
         64:b4:42:1f:93:3e:59:fc:14:12:98:f0:12:38:bc:49:56:cf:
         41:97:89:68:58:86:f2:82:62:ee:33:19:7e:f7:51:81:65:61:
         88:4d:22:68:14:ec:e5:00:08:0d:f6:16:58:bf:60:cf:81:9a:
         b8:8d:97:c1
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzC2vFFFal3sbyqVRlzBj52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTllNTliNTAxN2JmZTYzNDQxMTk0OWVmZjJkNzBiYTBhMDdjNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+eqUJ+KCKzCdbNgwXpoTemq4fto
mPJ0olkFFeTx6LKx0g1/cnan6IxB67SuSMWvqyTWpuUfP3J7/AUI7O85DGw6FWGx
C3nGqkMprT/L9j6Vq/i0cnBYFOoRwlPlG0QdDgIFPnOC3uIKk0BvDCBvf4F3YDfy
7MjK3/9alj+5xS0HW8RR7Zus9PgEhq0LAti3yXIVayBn7vpznHlpJi3z7DbB3ukK
UBWrtAzijXZ9Wp774U1mTf/zjTw86cUtmL5VX8r+vXZY/ox0LkN0jykrUBP4VfaN
0IvU8q9xLnRbdYFOFhJcDAQdwsiK+RrOywYBu+zpM9q4ZUEXn9ivHJwE5QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHGeWbUBe/5jRBGUnv8tcLoKB8VAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EzLzFmOWU2
Yy1lNmI4LTRhZDQtOTk0MS1mNDZmOWQ2NzRmNmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMvMWY5ZTZj
LWU2YjgtNGFkNC05OTQxLWY0NmY5ZDY3NGY2Yy8xL2NaNVp0UUY3X21ORUVaU2Vf
eTF3dWdvSHhVQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDLhw4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMClzANBgkqhkiG9w0BAQsFAAOCAQEAjyDF6xoI+Yyp+j/9rTEGSgwWyHmyE307
wWSYuEq1v8JzRjRSdcexCUoGd+QD92aV6IUQSqmzSddRBDZKAcUu8nPwjuojG+Bh
11Vu5Sas9X+FfePIEDvqPkInWXCLxsPtxmsR8V79Q9dpKIpEFlDWiybsu2/tjKLr
ZA1fpAlWl9LgAjX/Tv1h6VIDyVqk1otZXEBcTLe5R1XoM6Oe7eRMBsBskLyttxya
xt0lrYC+sClmYOi7DIndhmQ5Cqa4CSheP4oiDYNQZLRCH5M+WfwUEpjwEji8SVbP
QZeJaFiG8oJi7jMZfvdRgWVhiE0iaBTs5QAIDfYWWL9gz4GauI2XwQ==
-----END CERTIFICATE-----