Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer
File:                     l-pUHBI_qpwO3HKfgp6Vn9KS430.cer (raw, json)
Hash identifier:          wz8Om5zsQDWpEefIFf0/V5aAjoEApxpMf/4a72qvw0A=
Subject key identifier:   97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BC1B6FD468A3756929BAB60E5E7320
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:33:17 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202107
                          IP: 2a0d:9b80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:1b:6f:d4:68:a3:75:69:29:ba:b6:0e:5e:73:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97ea541c123faa9c0edc729f829e959fd292e37d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9c:f3:19:e0:b9:38:62:1c:6e:ad:34:15:64:
                    4d:3e:a4:1f:13:6f:b8:ab:7d:6e:a8:dc:97:a1:9a:
                    00:eb:d2:1e:a0:ab:ef:a4:c4:53:bb:31:78:82:37:
                    60:45:b4:20:da:ab:a2:25:63:76:2b:e7:a2:ef:78:
                    6a:0d:71:4c:28:b6:8a:39:aa:46:d2:1d:2b:f4:88:
                    c9:67:80:d6:89:e0:d2:65:8f:0e:e4:b9:35:0d:6d:
                    7d:07:77:aa:6b:fd:c1:90:9f:0f:dc:ff:db:d6:08:
                    56:ea:65:d3:05:04:37:2a:42:d9:22:91:78:cf:29:
                    9f:a5:f5:69:7e:51:03:6d:8e:42:73:b8:7c:da:55:
                    f6:77:5e:8d:b7:11:28:5d:d5:40:fb:67:de:48:29:
                    3f:50:a0:f0:e3:41:76:c7:a4:06:ab:45:03:e7:43:
                    9e:f2:30:55:77:e6:90:59:56:c9:0c:3e:f1:66:f2:
                    3d:3a:95:a4:78:4e:ce:09:75:4d:25:95:a0:4c:4d:
                    19:bd:86:0a:4e:a4:2f:a7:5f:53:d0:4a:4a:61:cf:
                    5f:4d:73:66:76:d0:1a:f3:66:96:b3:92:5b:6b:bd:
                    11:8b:ff:eb:78:42:1e:bd:31:3f:a7:d8:cf:d6:da:
                    e2:2a:7c:71:30:a0:38:b8:d0:95:d5:98:17:df:ba:
                    58:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9b80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202107

    Signature Algorithm: sha256WithRSAEncryption
         39:30:9f:56:23:74:61:33:f3:1b:66:31:e8:01:f9:db:94:98:
         9a:59:4d:0c:5d:04:3e:24:e9:6d:90:a6:d3:f1:c0:8d:94:ba:
         1d:2d:d4:10:cc:da:f8:31:e0:9b:92:2f:13:7f:cb:03:6f:62:
         65:f0:5a:60:09:b1:2d:22:46:d8:31:cf:23:5c:eb:62:6b:a9:
         39:04:3d:d7:48:4f:00:00:dd:f1:b7:e3:1b:c9:19:fc:ed:7e:
         f0:2a:e7:61:3d:b7:3d:80:d1:6d:2f:e6:3a:14:ed:f4:67:56:
         b7:f9:fc:6e:aa:f6:ca:59:82:28:d4:73:33:0f:1b:64:ae:8b:
         e3:a6:dc:5e:af:43:e3:e0:72:e8:3f:47:fc:ee:08:8b:47:b4:
         18:b2:16:ff:1d:75:e5:a5:5a:ca:92:a0:53:3f:5b:97:a2:9a:
         1c:dd:5f:7e:05:20:cd:0e:05:4e:0d:7d:ba:e7:99:1f:7f:60:
         f3:16:bc:c9:4a:c4:a4:e2:83:fa:41:6e:a9:92:64:18:d5:1a:
         4d:70:3a:e1:71:f3:37:cf:bb:09:c7:d3:de:b6:86:90:f4:9d:
         a2:64:eb:db:c8:c6:52:10:e6:25:f4:52:d0:3a:f0:32:e6:eb:
         b6:c7:bd:d6:7d:61:0f:c5:77:b3:c8:50:8b:ad:1f:20:b7:21:
         77:43:f4:ac
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYzJvBtv1GijdWkpurYOXnMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2VhNTQxYzEyM2ZhYTljMGVkYzcyOWY4MjllOTU5ZmQyOTJlMzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZzzGeC5OGIcbq00FWRNPqQfE2+4
q31uqNyXoZoA69IeoKvvpMRTuzF4gjdgRbQg2quiJWN2K+ei73hqDXFMKLaKOapG
0h0r9IjJZ4DWieDSZY8O5Lk1DW19B3eqa/3BkJ8P3P/b1ghW6mXTBQQ3KkLZIpF4
zymfpfVpflEDbY5Cc7h82lX2d16NtxEoXdVA+2feSCk/UKDw40F2x6QGq0UD50Oe
8jBVd+aQWVbJDD7xZvI9OpWkeE7OCXVNJZWgTE0ZvYYKTqQvp19T0EpKYc9fTXNm
dtAa82aWs5Jba70Ri//reEIevTE/p9jP1triKnxxMKA4uNCV1ZgX37pYDwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFJfqVBwSP6qcDtxyn4KelZ/SkuN9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ViLzEyMTU1
Yy1jZDEzLTRhYTctODk0OS02MzhkY2ZhMTMwMDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvMTIxNTVj
LWNkMTMtNGFhNy04OTQ5LTYzOGRjZmExMzAwMy8xL2wtcFVIQklfcXB3TzNIS2Zn
cDZWbjlLUzQzMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKg2bgDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDFXswDQYJKoZIhvcNAQELBQADggEBADkwn1YjdGEz8xtmMegB+duUmJpZTQxd
BD4k6W2QptPxwI2Uuh0t1BDM2vgx4JuSLxN/ywNvYmXwWmAJsS0iRtgxzyNc62Jr
qTkEPddITwAA3fG34xvJGfztfvAq52E9tz2A0W0v5joU7fRnVrf5/G6q9spZgijU
czMPG2Sui+Om3F6vQ+Pgcug/R/zuCItHtBiyFv8ddeWlWsqSoFM/W5eimhzdX34F
IM0OBU4NfbrnmR9/YPMWvMlKxKTig/pBbqmSZBjVGk1wOuFx8zfPuwnH0962hpD0
naJk69vIxlIQ5iX0UtA68DLm67bHvdZ9YQ/Fd7PIUIutHyC3IXdD9Kw=
-----END CERTIFICATE-----