Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
File:                     tV4uctf_3mvOtzzibxhcZ4ojiS0.cer (raw, json)
Hash identifier:          vou6JV39LvYdHhmVkCSUA0G4M9IEbOj+Vmca25njMuU=
Subject key identifier:   B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D22E59461442E38D4162471D33ECF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
caRepository:             rsync://rpki.owl.net/rrdp/owl/1/
Notify URL:               https://rpki.owl.net/rrdp/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 43357
                          IP: 194.127.164.0/22
                          IP: 2a07:d880::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:22:e5:94:61:44:2e:38:d4:16:24:71:d3:3e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:64:4d:16:fb:84:28:c0:91:fb:12:82:38:39:
                    62:39:63:ea:21:10:bf:8b:e1:c6:f0:d5:c5:47:45:
                    c0:e5:46:39:57:09:5f:db:59:be:43:d2:fb:0b:eb:
                    4b:62:0f:67:1b:6a:d7:d8:38:af:05:3e:4c:bf:bb:
                    c7:d2:de:1f:2a:3f:68:6a:da:25:cc:e9:8d:63:71:
                    25:17:92:e4:ba:80:37:3b:88:dd:bd:f5:d8:ae:e7:
                    0d:99:d8:f1:20:1c:6a:7a:33:97:d0:1b:4b:60:72:
                    c9:42:7d:eb:c8:7b:a3:94:d8:f5:70:21:0a:3d:47:
                    f7:77:95:bb:bd:8e:ed:2e:d1:53:9a:22:5d:2c:83:
                    20:af:2f:c4:63:da:f7:79:52:b5:a0:cf:85:ab:a8:
                    79:fb:55:73:a6:6a:b3:53:1e:d5:54:0f:53:6e:30:
                    7c:83:a0:71:1a:73:6c:53:80:c4:31:da:6f:99:64:
                    5f:9a:49:16:9e:fa:f7:c3:3c:25:ab:75:e0:00:0e:
                    2f:e4:b2:0d:7a:e7:29:b0:2b:fe:ff:8e:59:42:c3:
                    70:bd:09:7b:40:03:41:4d:d6:36:a2:3e:41:7e:e3:
                    24:91:9e:07:63:aa:d7:66:c0:38:e5:65:5d:2e:73:
                    1e:d7:19:9d:f4:fb:bc:7b:bd:ce:d1:a3:a9:b8:90:
                    b0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.owl.net/rrdp/owl/1/
                RPKI Manifest - URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                RPKI Notify - URI:https://rpki.owl.net/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.164.0/22
                IPv6:
                  2a07:d880::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43357

    Signature Algorithm: sha256WithRSAEncryption
         01:38:dd:e5:c6:dd:d2:96:94:04:16:90:cc:0c:cd:81:2e:42:
         71:34:ad:a6:47:c9:66:e8:ec:32:6d:94:1e:3c:56:7d:c5:7f:
         18:cf:3a:c5:68:20:9a:97:fc:a0:8c:37:eb:86:c6:f9:ab:b7:
         6e:c1:2e:33:0c:d9:9a:dd:79:a7:a8:a0:d9:f5:54:64:78:ec:
         23:65:00:20:ba:a5:60:34:0a:d5:42:bb:9f:67:3f:14:7d:aa:
         3d:40:6e:ee:43:e8:bb:06:14:24:2f:65:ae:49:7a:2d:aa:52:
         96:7f:13:2f:b5:75:2e:bb:ca:8b:29:65:ca:a2:d3:86:8d:50:
         74:57:11:f4:bc:47:a1:d5:d5:66:1c:8d:2b:bb:24:57:18:9c:
         c3:97:41:b3:d3:bf:69:a4:97:0b:38:a3:d8:6c:df:be:11:18:
         4a:5e:3a:ce:f7:6a:17:be:b2:85:e1:e1:db:da:91:7c:22:68:
         88:01:24:3f:e8:48:c1:1e:17:80:fc:26:27:25:ea:73:19:b2:
         8f:42:91:10:d8:13:93:b3:bc:71:32:3d:5d:06:77:66:3f:01:
         a6:2f:31:5d:80:6b:36:b5:c9:bc:e5:20:fc:48:ce:90:41:00:
         36:c3:bd:69:88:c8:ad:de:44:76:2d:e7:6b:b7:75:19:a4:39:
         ec:77:f2:79
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYzCbSLllGFELjjUFiRx0z7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTVlMmU3MmQ3ZmZkZTZiY2ViNzNjZTI2ZjE4NWM2NzhhMjM4OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+mRNFvuEKMCR+xKCODliOWPqIRC/
i+HG8NXFR0XA5UY5Vwlf21m+Q9L7C+tLYg9nG2rX2DivBT5Mv7vH0t4fKj9oatol
zOmNY3ElF5LkuoA3O4jdvfXYrucNmdjxIBxqejOX0BtLYHLJQn3ryHujlNj1cCEK
PUf3d5W7vY7tLtFTmiJdLIMgry/EY9r3eVK1oM+Fq6h5+1VzpmqzUx7VVA9TbjB8
g6BxGnNsU4DEMdpvmWRfmkkWnvr3wzwlq3XgAA4v5LINeucpsCv+/45ZQsNwvQl7
QANBTdY2oj5BfuMkkZ4HY6rXZsA45WVdLnMe1xmd9Pu8e73O0aOpuJCwzQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFLVeLnLX/95rzrc84m8YXGeKI4ktMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgdAGCCsGAQUFBwELBIHDMIHAMCwGCCsGAQUFBzAFhiByc3lu
YzovL3Jwa2kub3dsLm5ldC9ycmRwL293bC8xLzBYBggrBgEFBQcwCoZMcnN5bmM6
Ly9ycGtpLm93bC5uZXQvcnJkcC9vd2wvMS9CNTVFMkU3MkQ3RkZERTZCQ0VCNzND
RTI2RjE4NUM2NzhBMjM4OTJELm1mdDA2BggrBgEFBQcwDYYqaHR0cHM6Ly9ycGtp
Lm93bC5uZXQvcnJkcC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqG
SHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNW
Vks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwn+kMA0EAgACMAcDBQMq
B9iAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCpXTANBgkqhkiG9w0BAQsFAAOC
AQEAATjd5cbd0paUBBaQzAzNgS5CcTStpkfJZujsMm2UHjxWfcV/GM86xWggmpf8
oIw364bG+au3bsEuMwzZmt15p6ig2fVUZHjsI2UAILqlYDQK1UK7n2c/FH2qPUBu
7kPouwYUJC9lrkl6LapSln8TL7V1LrvKiyllyqLTho1QdFcR9LxHodXVZhyNK7sk
Vxicw5dBs9O/aaSXCzij2GzfvhEYSl46zvdqF76yheHh29qRfCJoiAEkP+hIwR4X
gPwmJyXqcxmyj0KRENgTk7O8cTI9XQZ3Zj8Bpi8xXYBrNrXJvOUg/EjOkEEANsO9
aYjIrd5Edi3na7d1GaQ57HfyeQ==
-----END CERTIFICATE-----