Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/u0CY4P3tthLyOdpSSgS14N6kxT8.cer
File:                     u0CY4P3tthLyOdpSSgS14N6kxT8.cer (raw, json)
Hash identifier:          b3qxMpGkKqSIFGVvhBWgd3QHNBWuuOVVvj2ZQXQeG4k=
Subject key identifier:   BB:40:98:E0:FD:ED:B6:12:F2:39:DA:52:4A:04:B5:E0:DE:A4:C5:3F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8703CFF852B8EF31161AFF4017CA157
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e2/9b733e-9839-4f6f-b4b6-ff5aa9eef4e2/1/u0CY4P3tthLyOdpSSgS14N6kxT8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e2/9b733e-9839-4f6f-b4b6-ff5aa9eef4e2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:30:48 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 42223
                          IP: 91.233.15.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:3c:ff:85:2b:8e:f3:11:61:af:f4:01:7c:a1:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb4098e0fdedb612f239da524a04b5e0dea4c53f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4f:ab:34:df:10:f3:6d:6a:08:ed:85:7a:83:
                    7b:18:f8:99:26:d0:85:f2:3b:af:0e:8c:ae:d4:ee:
                    c8:20:8c:fc:66:5e:39:19:3a:d7:7f:94:ff:e3:d3:
                    4c:8a:4b:6e:25:58:41:41:6c:ca:cb:9c:49:49:13:
                    83:3f:b1:26:a0:f0:8c:e9:6e:95:92:88:53:7e:94:
                    5e:e4:b2:21:ca:4f:59:0a:9c:83:10:13:30:56:49:
                    f7:7f:66:15:4a:2d:85:78:21:40:bd:e2:3a:a1:40:
                    a4:79:1f:80:4f:13:2e:b3:be:a4:81:b5:a5:70:91:
                    bc:2c:aa:6d:20:fd:6c:63:46:8a:e2:f4:f5:79:ce:
                    01:c5:a6:d7:64:be:99:40:f8:9b:2d:76:ad:2d:bd:
                    9b:86:bd:bb:32:1b:e3:d6:aa:04:56:11:df:74:2e:
                    23:53:e5:19:8b:14:50:f0:ca:13:09:c9:c9:a8:67:
                    9f:33:98:c5:0d:d4:91:5a:fe:60:f4:d7:3b:c1:bc:
                    97:27:70:7b:a3:78:61:1b:f9:63:60:c4:0f:be:51:
                    ce:80:1a:c6:47:0e:37:c5:ec:1a:ea:41:26:bc:b0:
                    29:d9:d3:fe:5a:fd:c1:ec:f2:0b:4a:e5:29:73:e7:
                    9d:a0:86:36:47:d6:02:47:8d:da:70:c6:b4:d7:1a:
                    a2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:40:98:E0:FD:ED:B6:12:F2:39:DA:52:4A:04:B5:E0:DE:A4:C5:3F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9b733e-9839-4f6f-b4b6-ff5aa9eef4e2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9b733e-9839-4f6f-b4b6-ff5aa9eef4e2/1/u0CY4P3tthLyOdpSSgS14N6kxT8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.15.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42223

    Signature Algorithm: sha256WithRSAEncryption
         ab:1c:09:3c:53:0f:0a:e5:c9:96:c5:b1:63:60:11:1a:b8:ca:
         d0:eb:8e:05:93:cf:89:c0:5e:b4:8a:7e:d2:3b:e2:90:15:99:
         db:ab:97:2d:72:ae:fc:90:95:5d:87:51:7c:5d:6f:b9:d0:14:
         02:c1:65:9a:06:f8:07:e3:28:a8:b5:d1:9c:0d:db:73:5a:6b:
         2c:56:f1:4e:2f:86:cc:03:e7:6a:55:fe:d4:ab:4f:13:28:6f:
         c8:ab:85:4d:d8:94:e4:8b:f5:a2:0b:f0:22:21:95:78:fb:75:
         51:1d:f5:2c:ed:52:71:72:1f:de:70:de:e7:8c:6b:b1:0e:db:
         70:83:7c:98:34:05:36:ed:79:09:9a:b7:27:21:f1:fd:f6:6e:
         38:8a:31:2a:5a:5f:8d:93:78:62:7a:f5:fb:5b:d5:42:a4:10:
         fa:ec:4f:85:cc:d1:5a:f6:f0:28:b8:c7:77:55:0c:06:d5:83:
         32:2c:51:3e:a3:6f:8a:3d:27:b4:56:e7:59:bd:3d:ef:4d:85:
         25:94:70:e1:b6:9f:ca:3f:5b:c4:63:95:c1:47:6e:eb:3d:60:
         b5:48:e3:60:a3:27:65:4f:6e:05:e4:ba:2c:8f:d4:ca:d9:1a:
         b5:f5:ae:41:b9:8c:cc:f7:6b:17:f7:43:65:10:6c:e4:8b:5c:
         b8:d4:82:0f
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIcDz/hSuO8xFhr/QBfKFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjQwOThlMGZkZWRiNjEyZjIzOWRhNTI0YTA0YjVlMGRlYTRjNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqU+rNN8Q821qCO2FeoN7GPiZJtCF
8juvDoyu1O7IIIz8Zl45GTrXf5T/49NMiktuJVhBQWzKy5xJSRODP7EmoPCM6W6V
kohTfpRe5LIhyk9ZCpyDEBMwVkn3f2YVSi2FeCFAveI6oUCkeR+ATxMus76kgbWl
cJG8LKptIP1sY0aK4vT1ec4BxabXZL6ZQPibLXatLb2bhr27Mhvj1qoEVhHfdC4j
U+UZixRQ8MoTCcnJqGefM5jFDdSRWv5g9Nc7wbyXJ3B7o3hhG/ljYMQPvlHOgBrG
Rw43xewa6kEmvLAp2dP+Wv3B7PILSuUpc+edoIY2R9YCR43acMa01xqiKwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLtAmOD97bYS8jnaUkoEteDepMU/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UyLzliNzMz
ZS05ODM5LTRmNmYtYjRiNi1mZjVhYTllZWY0ZTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvOWI3MzNl
LTk4MzktNGY2Zi1iNGI2LWZmNWFhOWVlZjRlMi8xL3UwQ1k0UDN0dGhMeU9kcFNT
Z1MxNE42a3hUOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+kPMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCk7zANBgkqhkiG9w0BAQsFAAOCAQEAqxwJPFMPCuXJlsWxY2ARGrjK0OuOBZPP
icBetIp+0jvikBWZ26uXLXKu/JCVXYdRfF1vudAUAsFlmgb4B+MoqLXRnA3bc1pr
LFbxTi+GzAPnalX+1KtPEyhvyKuFTdiU5Iv1ogvwIiGVePt1UR31LO1ScXIf3nDe
54xrsQ7bcIN8mDQFNu15CZq3JyHx/fZuOIoxKlpfjZN4Ynr1+1vVQqQQ+uxPhczR
WvbwKLjHd1UMBtWDMixRPqNvij0ntFbnWb09702FJZRw4bafyj9bxGOVwUdu6z1g
tUjjYKMnZU9uBeS6LI/UytkatfWuQbmMzPdrF/dDZRBs5ItcuNSCDw==
-----END CERTIFICATE-----