Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hvH06JS38tbeGWF30OzA3s4oaZY.cer
File:                     hvH06JS38tbeGWF30OzA3s4oaZY.cer (raw, json)
Hash identifier:          8WnavJTzD7k1n/NnSd8g1YwdFejSm4dXSUZfyW7XR34=
Subject key identifier:   86:F1:F4:E8:94:B7:F2:D6:DE:19:61:77:D0:EC:C0:DE:CE:28:69:96
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC37F20D362C8BF9E5753250E12A9A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8a/8b0b93-867e-4062-a65b-66775b0ab7d1/1/hvH06JS38tbeGWF30OzA3s4oaZY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8a/8b0b93-867e-4062-a65b-66775b0ab7d1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 47614
                          AS: 57974

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:37:f2:0d:36:2c:8b:f9:e5:75:32:50:e1:2a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86f1f4e894b7f2d6de196177d0ecc0dece286996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:49:a1:f8:96:f3:cc:fc:6d:5e:e7:91:2e:f7:
                    24:e0:4e:0c:04:45:8b:90:1a:61:dc:c1:4f:a3:96:
                    fc:7a:99:10:e3:e6:0b:7d:72:3d:c8:db:61:63:1f:
                    47:2a:45:e8:96:04:d4:75:14:b6:59:6c:be:18:f6:
                    47:85:39:b5:1d:c5:84:c3:f0:68:0d:f9:c0:9c:5c:
                    4b:ee:2c:83:48:6c:ce:98:61:5e:19:7b:31:70:97:
                    be:98:e5:13:8a:86:e9:30:4f:f1:42:0b:e5:9e:e5:
                    be:41:60:6e:1c:f4:9e:a5:99:a8:cd:3c:0a:ad:a4:
                    ac:98:46:62:e6:a8:e8:0e:ca:fb:fa:a0:b6:68:4e:
                    34:fb:5a:38:55:b2:3b:11:cf:dd:ec:6d:d9:ed:25:
                    9f:16:9e:8e:1a:5a:95:e5:00:fe:ae:8e:11:e4:60:
                    9f:47:43:f4:64:b9:c1:d0:de:cd:b4:da:ee:2d:d0:
                    0c:85:e5:01:b8:00:df:07:7f:1d:c8:94:54:12:c4:
                    67:12:42:0d:d7:52:ce:34:95:f6:e3:2b:67:3d:01:
                    cb:69:44:fe:40:11:50:3d:27:61:dc:5d:69:ac:32:
                    c0:28:49:26:00:ce:85:60:22:76:ff:5a:44:7c:2e:
                    e3:da:68:e1:83:0d:65:80:27:a3:f5:71:aa:85:4e:
                    e8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F1:F4:E8:94:B7:F2:D6:DE:19:61:77:D0:EC:C0:DE:CE:28:69:96
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/8b0b93-867e-4062-a65b-66775b0ab7d1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/8b0b93-867e-4062-a65b-66775b0ab7d1/1/hvH06JS38tbeGWF30OzA3s4oaZY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47614
                  57974

    Signature Algorithm: sha256WithRSAEncryption
         42:42:51:fa:b1:64:25:37:93:91:03:33:b4:00:51:8a:71:ac:
         ea:65:0d:f8:9a:d3:81:0a:df:25:83:58:7c:13:f9:ec:f0:c9:
         1f:1d:e1:d9:af:70:5e:3c:b5:67:2d:23:2f:2f:ca:95:77:23:
         c7:e9:43:02:83:b1:32:81:71:93:e4:c3:27:51:4e:75:ec:1e:
         0c:56:d7:53:47:e3:f5:59:41:99:f1:ae:75:aa:4d:3e:10:e7:
         c5:6b:89:4b:67:03:4f:4b:52:c9:ca:ca:19:f2:64:2a:45:e0:
         07:1f:02:73:a7:60:22:c3:83:3b:91:22:d7:35:58:3b:7c:38:
         99:2a:ba:e6:50:86:b1:7a:9b:ae:4f:b4:18:af:d4:d9:7c:2d:
         fc:68:57:d4:ee:9e:e5:c7:bd:fb:a9:34:0c:07:1a:b7:72:71:
         81:7f:0c:1f:30:d1:5f:c8:54:c3:59:50:eb:38:fe:3b:13:9f:
         84:88:7f:59:57:cc:fa:e4:bf:76:b1:e5:66:2e:c7:69:2d:01:
         85:7e:97:ec:88:26:57:d6:a2:9d:96:0d:56:42:cc:bc:a4:b0:
         ef:9b:9d:29:1d:ad:61:e8:77:74:10:9d:76:5d:17:0d:40:9a:
         8e:87:63:52:ed:8e:1c:e5:8c:b4:50:b9:23:3e:7d:46:f2:da:
         51:b4:5c:13
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzF3DfyDTYsi/nldTJQ4SqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmYxZjRlODk0YjdmMmQ2ZGUxOTYxNzdkMGVjYzBkZWNlMjg2OTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0mh+JbzzPxtXueRLvck4E4MBEWL
kBph3MFPo5b8epkQ4+YLfXI9yNthYx9HKkXolgTUdRS2WWy+GPZHhTm1HcWEw/Bo
DfnAnFxL7iyDSGzOmGFeGXsxcJe+mOUTiobpME/xQgvlnuW+QWBuHPSepZmozTwK
raSsmEZi5qjoDsr7+qC2aE40+1o4VbI7Ec/d7G3Z7SWfFp6OGlqV5QD+ro4R5GCf
R0P0ZLnB0N7NtNruLdAMheUBuADfB38dyJRUEsRnEkIN11LONJX24ytnPQHLaUT+
QBFQPSdh3F1prDLAKEkmAM6FYCJ2/1pEfC7j2mjhgw1lgCej9XGqhU7ouwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIbx9OiUt/LW3hlhd9DswN7OKGmWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhhLzhiMGI5
My04NjdlLTQwNjItYTY1Yi02Njc3NWIwYWI3ZDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEvOGIwYjkz
LTg2N2UtNDA2Mi1hNjViLTY2Nzc1YjBhYjdkMS8xL2h2SDA2SlMzOHRiZUdXRjMw
T3pBM3M0b2FaWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEIAQH/BBAwDqAMMAoCAwC5/gIDAOJ2MA0GCSqGSIb3DQEBCwUAA4IBAQBCQlH6
sWQlN5ORAzO0AFGKcazqZQ34mtOBCt8lg1h8E/ns8MkfHeHZr3BePLVnLSMvL8qV
dyPH6UMCg7EygXGT5MMnUU517B4MVtdTR+P1WUGZ8a51qk0+EOfFa4lLZwNPS1LJ
ysoZ8mQqReAHHwJzp2Aiw4M7kSLXNVg7fDiZKrrmUIaxepuuT7QYr9TZfC38aFfU
7p7lx737qTQMBxq3cnGBfwwfMNFfyFTDWVDrOP47E5+EiH9ZV8z65L92seVmLsdp
LQGFfpfsiCZX1qKdlg1WQsy8pLDvm50pHa1h6Hd0EJ12XRcNQJqOh2NS7Y4c5Yy0
ULkjPn1G8tpRtFwT
-----END CERTIFICATE-----