Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jHSEmpcKkwTfRfjii264f_CeC-o.cer
File:                     jHSEmpcKkwTfRfjii264f_CeC-o.cer (raw, json)
Hash identifier:          z2iePB0383BygPnATnJvUkodSAbQvtQ2lejxHn0GVZ0=
Subject key identifier:   8C:74:84:9A:97:0A:93:04:DF:45:F8:E2:8B:6E:B8:7F:F0:9E:0B:EA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4247A624B15C94B5A24F8C75E16B9A1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/jHSEmpcKkwTfRfjii264f_CeC-o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198119
                          IP: 195.137.231.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7a:62:4b:15:c9:4b:5a:24:f8:c7:5e:16:b9:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c74849a970a9304df45f8e28b6eb87ff09e0bea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:20:28:3f:22:a8:7f:cb:c1:92:70:d3:09:d2:
                    c5:82:69:60:26:8e:0a:0c:5a:0f:d4:55:b4:ce:74:
                    bf:99:6e:d2:f3:ef:36:ad:68:bd:3e:74:41:a4:60:
                    94:3f:6c:6a:15:cc:57:0a:5c:ba:a4:5c:3f:c6:13:
                    7b:eb:d5:e3:d2:f9:91:d0:b8:d4:cc:6e:74:96:3b:
                    a5:2d:6a:59:2a:b4:87:0f:37:31:94:7f:45:54:c0:
                    ec:c1:1a:40:75:02:cf:29:8f:99:83:f0:1d:6c:ff:
                    81:fd:d6:56:06:61:cf:d1:e2:aa:a9:db:d1:38:a9:
                    a7:61:60:33:30:a6:09:d7:eb:7a:a5:07:db:4b:57:
                    23:6b:db:a0:a9:a9:41:46:5e:9b:9d:7d:8c:92:97:
                    2f:76:c6:ff:d8:29:87:62:8f:84:3d:f0:0c:8a:f3:
                    72:8a:79:f7:1b:fc:86:7f:2b:1e:13:7b:88:e4:c1:
                    f0:03:20:ea:09:1c:c4:dc:f0:7e:73:b6:00:b6:35:
                    7f:95:fb:5c:b2:7d:a8:0e:6f:49:dd:d0:c6:3e:a0:
                    3c:d5:51:7e:23:86:63:44:a1:18:09:fd:d8:4f:df:
                    d8:9f:86:e4:5f:0d:07:c9:7b:f5:7d:3b:05:ce:45:
                    07:16:f9:65:c6:07:5a:93:98:57:91:87:4e:0f:66:
                    71:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:74:84:9A:97:0A:93:04:DF:45:F8:E2:8B:6E:B8:7F:F0:9E:0B:EA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/jHSEmpcKkwTfRfjii264f_CeC-o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.231.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198119

    Signature Algorithm: sha256WithRSAEncryption
         49:68:dc:06:bf:c2:fd:46:a8:c6:2d:74:ff:a4:52:25:e0:fd:
         51:65:7f:03:25:62:a2:9c:25:fa:ba:f8:73:f1:5a:8f:43:e5:
         4c:a1:65:f7:f6:c0:88:da:d8:fb:cf:01:50:5c:3b:e2:ff:61:
         eb:84:e1:11:13:1e:d6:e5:0f:44:e1:c1:9b:cd:96:54:c8:d1:
         a3:7a:1f:85:76:e9:0a:f5:ee:3b:09:49:a1:19:34:07:b1:06:
         97:b5:7f:40:4c:25:a6:1a:fd:44:c6:04:a2:5e:b9:18:37:64:
         95:05:73:28:26:ef:72:ed:e4:86:93:99:35:b0:15:d0:9f:00:
         0b:0a:b6:3a:ca:39:24:1c:75:ba:b5:36:97:c8:bf:59:a4:cd:
         64:df:b6:f2:f3:f3:2b:a0:fc:1a:95:5e:61:dc:a7:e0:84:03:
         29:d0:29:5c:01:42:a5:42:e1:9f:ac:ed:82:1a:2f:5b:48:73:
         4a:e0:08:db:f5:b8:23:f7:e5:d8:21:b0:ca:6b:a8:b4:21:c0:
         40:5d:08:7d:79:60:ae:81:88:d7:cd:5f:12:76:a5:43:f9:2c:
         17:2d:b1:3f:df:57:4f:44:0b:b7:dc:91:97:d0:c8:47:25:82:
         28:9c:7c:59:26:e7:55:7c:59:6d:f6:17:fe:91:69:31:37:0d:
         6a:29:ce:58
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzEJHpiSxXJS1ok+MdeFrmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yzc0ODQ5YTk3MGE5MzA0ZGY0NWY4ZTI4YjZlYjg3ZmYwOWUwYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSAoPyKof8vBknDTCdLFgmlgJo4K
DFoP1FW0znS/mW7S8+82rWi9PnRBpGCUP2xqFcxXCly6pFw/xhN769Xj0vmR0LjU
zG50ljulLWpZKrSHDzcxlH9FVMDswRpAdQLPKY+Zg/AdbP+B/dZWBmHP0eKqqdvR
OKmnYWAzMKYJ1+t6pQfbS1cja9ugqalBRl6bnX2Mkpcvdsb/2CmHYo+EPfAMivNy
inn3G/yGfyseE3uI5MHwAyDqCRzE3PB+c7YAtjV/lftcsn2oDm9J3dDGPqA81VF+
I4ZjRKEYCf3YT9/Yn4bkXw0HyXv1fTsFzkUHFvllxgdak5hXkYdOD2ZxlwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIx0hJqXCpME30X44otuuH/wngvqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QyLzJjYjk1
ZC04ZjBjLTQyZGQtOTFiOS0yOWZmZDBlZjU2MGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDIvMmNiOTVk
LThmMGMtNDJkZC05MWI5LTI5ZmZkMGVmNTYwYS8xL2pIU0VtcGNLa3dUZlJmamlp
MjY0Zl9DZUMtby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw4nnMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMF5zANBgkqhkiG9w0BAQsFAAOCAQEASWjcBr/C/Uaoxi10/6RSJeD9UWV/AyVi
opwl+rr4c/Faj0PlTKFl9/bAiNrY+88BUFw74v9h64ThERMe1uUPROHBm82WVMjR
o3ofhXbpCvXuOwlJoRk0B7EGl7V/QEwlphr9RMYEol65GDdklQVzKCbvcu3khpOZ
NbAV0J8ACwq2Oso5JBx1urU2l8i/WaTNZN+28vPzK6D8GpVeYdyn4IQDKdApXAFC
pULhn6ztghovW0hzSuAI2/W4I/fl2CGwymuotCHAQF0IfXlgroGI181fEnalQ/ks
Fy2xP99XT0QLt9yRl9DIRyWCKJx8WSbnVXxZbfYX/pFpMTcNainOWA==
-----END CERTIFICATE-----