Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/umwdlY_wlMrxNGzGb3FszrbcUAk.cer
File:                     umwdlY_wlMrxNGzGb3FszrbcUAk.cer (raw, json)
Hash identifier:          03hGydiTCLO0gjLXI3Gu/O5q7WOmzEuXfTG7ujUXvcE=
Subject key identifier:   BA:6C:1D:95:8F:F0:94:CA:F1:34:6C:C6:6F:71:6C:CE:B6:DC:50:09
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC870C27990A976506E9EC9173BC2E99A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/86/e02035-73ae-4fd2-80c1-e151d4d39b41/1/umwdlY_wlMrxNGzGb3FszrbcUAk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/86/e02035-73ae-4fd2-80c1-e151d4d39b41/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:31:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49995
                          IP: 195.178.10.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:c2:79:90:a9:76:50:6e:9e:c9:17:3b:c2:e9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba6c1d958ff094caf1346cc66f716cceb6dc5009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:1e:7c:c8:dd:6b:f9:61:34:51:3a:73:00:54:
                    03:4b:90:62:c6:84:56:ca:6e:9b:0c:fa:11:fb:96:
                    57:f6:16:d7:04:8d:9d:74:c7:28:b7:7b:53:e8:43:
                    cd:2e:db:42:61:2e:12:11:bc:2c:8e:f3:7c:ca:d9:
                    b6:e3:a0:d1:bb:39:d3:dd:ff:16:68:09:2f:67:d9:
                    a7:20:af:6c:27:e8:40:5e:f7:b7:12:96:d4:d9:fa:
                    8f:08:80:99:bd:25:f8:14:2c:73:8f:cf:28:fc:64:
                    08:e4:ee:67:b4:1f:e2:23:f1:94:54:63:1e:f5:85:
                    a7:b0:f1:6c:72:3f:9d:bf:2e:94:cc:40:66:72:72:
                    c4:6b:e0:e1:3f:aa:22:4e:c2:2c:fe:ed:34:58:eb:
                    37:15:4a:ba:66:4f:94:91:c9:5e:ae:96:17:d4:57:
                    ac:6c:56:41:9a:41:5a:2f:5f:fa:42:5d:7d:bf:74:
                    db:40:6e:ce:f6:18:5b:fd:e8:fd:f8:d8:aa:71:81:
                    3d:e5:47:b9:2b:c5:37:53:ec:69:3d:40:d0:ef:3e:
                    60:d9:82:ef:18:4e:38:b0:1b:89:10:7f:41:03:33:
                    36:ca:c3:5a:57:7e:5c:ff:20:07:26:96:38:77:d3:
                    e7:ec:7e:86:85:b9:25:a9:61:3c:25:c9:86:1f:8d:
                    c9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:6C:1D:95:8F:F0:94:CA:F1:34:6C:C6:6F:71:6C:CE:B6:DC:50:09
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/e02035-73ae-4fd2-80c1-e151d4d39b41/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/e02035-73ae-4fd2-80c1-e151d4d39b41/1/umwdlY_wlMrxNGzGb3FszrbcUAk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.10.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49995

    Signature Algorithm: sha256WithRSAEncryption
         a9:74:33:8b:83:28:68:9d:c6:77:24:5b:8e:f8:bb:2a:94:26:
         04:df:9f:e0:fa:45:aa:20:cb:fd:84:98:15:15:1f:bd:5d:2b:
         33:b9:fe:4c:b9:60:c5:34:10:41:00:4a:d8:c6:1c:fe:e6:77:
         0c:79:b9:f0:4d:43:48:27:9e:e7:8d:e2:9b:df:79:44:9d:c3:
         02:97:5f:76:3a:82:cd:37:9c:b6:e1:1f:7a:25:7e:32:09:3b:
         a8:e0:d0:81:2e:c0:a7:50:43:ec:a6:2a:9a:99:30:1b:99:a1:
         38:7d:43:13:e4:25:5a:c6:23:51:a6:51:f4:3a:f7:68:a0:a7:
         ff:7f:f0:b5:b2:a3:4f:98:8a:cc:8b:89:1e:9e:5d:54:78:6d:
         a1:8a:39:83:2f:fc:04:1c:c4:f9:7f:fc:78:6d:2e:d0:90:8c:
         c7:c4:b7:69:16:22:40:c7:0f:5e:e0:44:d9:cb:09:e9:fa:6a:
         79:89:89:39:e5:aa:44:15:a8:0e:c9:80:bb:75:9a:3b:77:94:
         3d:ab:c2:f0:b3:bb:53:ed:01:46:ff:79:6d:e3:29:85:db:e1:
         47:f2:20:22:cf:cf:13:34:70:59:55:a9:a9:75:93:6a:f3:2a:
         8b:a2:57:4b:4e:16:6c:df:6c:d1:5c:f8:c1:55:33:62:11:14:
         b6:e4:6c:33
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIcMJ5kKl2UG6eyRc7wumaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTZjMWQ5NThmZjA5NGNhZjEzNDZjYzY2ZjcxNmNjZWI2ZGM1MDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1x58yN1r+WE0UTpzAFQDS5BixoRW
ym6bDPoR+5ZX9hbXBI2ddMcot3tT6EPNLttCYS4SEbwsjvN8ytm246DRuznT3f8W
aAkvZ9mnIK9sJ+hAXve3EpbU2fqPCICZvSX4FCxzj88o/GQI5O5ntB/iI/GUVGMe
9YWnsPFscj+dvy6UzEBmcnLEa+DhP6oiTsIs/u00WOs3FUq6Zk+UkclerpYX1Fes
bFZBmkFaL1/6Ql19v3TbQG7O9hhb/ej9+NiqcYE95Ue5K8U3U+xpPUDQ7z5g2YLv
GE44sBuJEH9BAzM2ysNaV35c/yAHJpY4d9Pn7H6GhbklqWE8JcmGH43J1QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLpsHZWP8JTK8TRsxm9xbM623FAJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg2L2UwMjAz
NS03M2FlLTRmZDItODBjMS1lMTUxZDRkMzliNDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvZTAyMDM1
LTczYWUtNGZkMi04MGMxLWUxNTFkNGQzOWI0MS8xL3Vtd2RsWV93bE1yeE5Hekdi
M0ZzenJiY1VBay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBw7IKMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDDSzANBgkqhkiG9w0BAQsFAAOCAQEAqXQzi4MoaJ3GdyRbjvi7KpQmBN+f4PpF
qiDL/YSYFRUfvV0rM7n+TLlgxTQQQQBK2MYc/uZ3DHm58E1DSCee543im995RJ3D
ApdfdjqCzTectuEfeiV+Mgk7qODQgS7Ap1BD7KYqmpkwG5mhOH1DE+QlWsYjUaZR
9Dr3aKCn/3/wtbKjT5iKzIuJHp5dVHhtoYo5gy/8BBzE+X/8eG0u0JCMx8S3aRYi
QMcPXuBE2csJ6fpqeYmJOeWqRBWoDsmAu3WaO3eUPavC8LO7U+0BRv95beMphdvh
R/IgIs/PEzRwWVWpqXWTavMqi6JXS04WbN9s0Vz4wVUzYhEUtuRsMw==
-----END CERTIFICATE-----