Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/p9368Tt9vgXaoytYeLi2gCQEWXE.cer
File:                     p9368Tt9vgXaoytYeLi2gCQEWXE.cer (raw, json)
Hash identifier:          D9FAa4At5oou4cjYxzRglmw7JkP/TNahtODWlvBm4Wk=
Subject key identifier:   A7:DD:FA:F1:3B:7D:BE:05:DA:A3:2B:58:78:B8:B6:80:24:04:59:71
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC500D144DB3BC714325B5743070F485F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:14 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202560
                          IP: 2001:67c:74::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d1:44:db:3b:c7:14:32:5b:57:43:07:0f:48:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7ddfaf13b7dbe05daa32b5878b8b68024045971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:29:23:21:78:c6:a0:d7:6c:e6:32:10:7d:d0:
                    40:a6:eb:b2:7d:9a:ce:42:56:fd:04:81:13:61:58:
                    dd:fd:59:d4:f2:22:d1:9a:77:3c:85:6a:07:c9:3b:
                    c0:53:28:bf:93:ea:2d:bb:4f:92:19:11:78:c7:67:
                    18:b2:8e:1f:18:fb:f0:46:6a:ea:23:09:33:9b:3c:
                    6e:1b:1b:91:c7:4a:31:9b:79:f4:c3:9b:7b:30:fc:
                    df:f5:75:5c:3e:27:09:7f:16:fd:2d:ef:1f:ea:c2:
                    b8:7e:ad:f4:40:f5:e4:d9:b9:dd:6c:b0:2b:e1:2e:
                    a0:24:af:fc:d1:39:13:9d:4a:0e:ab:bd:dd:ce:9d:
                    61:fe:75:75:ff:a7:19:7e:a0:8e:1f:5b:6c:1a:33:
                    fe:93:e7:46:05:48:77:9a:54:31:1c:17:63:d4:3e:
                    4e:8b:f2:17:8e:05:f3:08:57:1d:ed:73:3b:b2:c7:
                    54:a7:c0:b2:4b:2c:5d:10:8c:73:e8:2e:13:75:ae:
                    b4:6b:bb:99:8a:b7:b6:51:c0:03:47:bf:ec:9e:50:
                    e2:47:35:68:16:a4:f3:ef:77:c0:cc:ac:ba:86:f2:
                    aa:43:02:c6:55:b1:ce:ac:06:3c:1c:eb:75:d8:73:
                    6e:d4:99:83:e3:ea:af:5c:b7:26:ec:df:ab:8f:62:
                    23:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:DD:FA:F1:3B:7D:BE:05:DA:A3:2B:58:78:B8:B6:80:24:04:59:71
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:74::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202560

    Signature Algorithm: sha256WithRSAEncryption
         6b:0a:95:5a:38:cd:b3:85:f1:17:ea:79:d9:e1:30:9b:9a:9f:
         b5:be:5c:31:25:1b:63:f7:69:24:19:7f:97:ed:91:d5:54:bd:
         84:5e:e0:8b:2f:c0:cb:77:d4:e1:79:13:26:b4:86:0f:2f:e5:
         7d:8c:ef:41:4f:90:f6:0b:96:25:5c:57:00:25:61:09:3a:1b:
         04:de:64:88:03:ed:17:43:00:8c:28:94:64:6a:4a:2c:ba:98:
         2b:3f:e0:e9:91:6b:19:10:f7:af:b8:e8:6c:e9:f0:5e:9b:8e:
         8f:b1:f4:cf:8d:a7:17:62:62:98:5a:73:77:b7:2c:50:cf:4b:
         78:8a:b1:52:5e:0c:d3:3b:50:3a:7e:93:20:b3:01:bc:ae:44:
         b0:cb:75:ea:c8:4c:3e:fb:13:c4:d6:ba:5d:89:ec:82:e6:c7:
         36:fa:06:e8:18:4a:17:37:5a:76:8f:80:84:c2:87:66:75:8c:
         e0:a0:cc:c2:3d:f4:10:ff:12:fd:7d:c4:22:bf:4a:4e:8f:ad:
         9a:b6:04:44:96:6c:33:6d:40:d7:02:ac:45:1c:28:a8:97:ab:
         ed:84:54:34:f1:7a:59:f8:18:1a:45:82:a9:46:f8:52:4f:fb:
         da:3b:f6:14:80:06:94:a8:2c:f4:e5:4f:f4:33:66:92:6b:34:
         61:93:d8:77
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzFANFE2zvHFDJbV0MHD0hfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2RkZmFmMTNiN2RiZTA1ZGFhMzJiNTg3OGI4YjY4MDI0MDQ1OTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ikjIXjGoNds5jIQfdBApuuyfZrO
Qlb9BIETYVjd/VnU8iLRmnc8hWoHyTvAUyi/k+otu0+SGRF4x2cYso4fGPvwRmrq
IwkzmzxuGxuRx0oxm3n0w5t7MPzf9XVcPicJfxb9Le8f6sK4fq30QPXk2bndbLAr
4S6gJK/80TkTnUoOq73dzp1h/nV1/6cZfqCOH1tsGjP+k+dGBUh3mlQxHBdj1D5O
i/IXjgXzCFcd7XM7ssdUp8CySyxdEIxz6C4Tda60a7uZire2UcADR7/snlDiRzVo
FqTz73fAzKy6hvKqQwLGVbHOrAY8HOt12HNu1JmD4+qvXLcm7N+rj2IjWQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFKfd+vE7fb4F2qMrWHi4toAkBFlxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhiL2YyYjA4
My1iM2I5LTRhYTYtYTE0OS1mYmI1NTNiODQ2NDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvZjJiMDgz
LWIzYjktNGFhNi1hMTQ5LWZiYjU1M2I4NDY0MS8xL3A5MzY4VHQ5dmdYYW95dFll
TGkyZ0NRRVdYRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAB0MBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMXQDANBgkqhkiG9w0BAQsFAAOCAQEAawqVWjjNs4XxF+p52eEwm5qftb5c
MSUbY/dpJBl/l+2R1VS9hF7giy/Ay3fU4XkTJrSGDy/lfYzvQU+Q9guWJVxXACVh
CTobBN5kiAPtF0MAjCiUZGpKLLqYKz/g6ZFrGRD3r7jobOnwXpuOj7H0z42nF2Ji
mFpzd7csUM9LeIqxUl4M0ztQOn6TILMBvK5EsMt16shMPvsTxNa6XYnsgubHNvoG
6BhKFzdado+AhMKHZnWM4KDMwj30EP8S/X3EIr9KTo+tmrYERJZsM21A1wKsRRwo
qJer7YRUNPF6WfgYGkWCqUb4Uk/72jv2FIAGlKgs9OVP9DNmkms0YZPYdw==
-----END CERTIFICATE-----