Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer
File:                     w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer (raw, json)
Hash identifier:          3rQ4Php3H1jASjR/RaNWZAc74j3LLZLuywf7O4rJHmg=
Subject key identifier:   C3:D7:CB:33:3C:50:FF:21:26:E2:6F:22:EC:B7:91:CF:6F:D9:5C:21
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4245C4778EB37BE26AFD8E725BD5B27
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:26 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211640
                          IP: 2001:678:f3c::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5c:47:78:eb:37:be:26:af:d8:e7:25:bd:5b:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3d7cb333c50ff2126e26f22ecb791cf6fd95c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0a:ca:e1:68:3e:61:2f:d1:0a:d1:1b:f7:ef:
                    0e:a7:a0:29:fa:5d:f7:31:7a:7e:68:94:2a:df:f5:
                    11:e4:76:f6:5e:f8:a7:88:db:88:61:ad:1a:13:e5:
                    ac:d9:54:a2:f2:28:11:75:93:29:e5:dc:f4:fb:93:
                    aa:fa:e8:27:01:28:5e:72:02:6b:2f:1f:99:fc:2c:
                    64:00:08:7b:c3:ec:49:09:1c:c0:5f:c0:a3:e7:44:
                    ec:d8:97:ad:54:aa:7d:28:53:84:78:84:fe:35:f3:
                    7a:53:eb:97:7f:57:6c:54:6e:8a:ce:bb:7a:e7:f3:
                    9b:24:16:b3:7c:23:fb:ee:18:36:bd:e1:69:e7:ee:
                    99:1c:82:58:c0:48:8a:3d:5e:fc:25:d7:a6:70:99:
                    ec:82:4c:98:04:4d:fb:4e:e8:70:e9:9d:fb:18:1f:
                    f7:b2:74:59:51:bf:06:de:93:bc:3e:42:bc:99:cf:
                    50:10:93:89:a1:df:f5:a4:fc:b7:bb:bf:f6:09:3b:
                    5b:7a:2f:9f:61:3c:85:80:1d:ee:bc:45:a9:50:45:
                    cf:6a:0e:f7:86:0e:21:38:d1:a1:96:b9:3c:99:97:
                    50:b5:0f:eb:aa:db:49:06:ff:51:3f:fb:c3:cd:e7:
                    32:4d:aa:a6:50:ed:00:27:bb:85:92:dd:b5:c2:0b:
                    8c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D7:CB:33:3C:50:FF:21:26:E2:6F:22:EC:B7:91:CF:6F:D9:5C:21
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f3c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211640

    Signature Algorithm: sha256WithRSAEncryption
         8e:c5:93:ca:ed:f4:51:d5:4d:46:16:a8:ef:c6:dc:f7:8e:78:
         8e:ce:18:24:cf:f9:2e:a2:a4:c2:a6:c8:7b:a1:cf:75:76:fc:
         09:27:8e:60:56:2a:46:13:ba:e8:9f:4c:cf:89:31:17:35:a7:
         4f:33:bf:0c:c2:b3:e1:08:42:c0:5f:8d:94:47:1d:62:7e:f5:
         84:7d:e1:ee:03:c2:17:aa:9f:82:fe:4f:66:53:22:bf:7e:85:
         2e:7c:7b:3f:c2:1a:a2:8f:21:14:7a:e6:aa:f9:81:d8:59:4e:
         7f:b4:96:d9:0e:54:6a:36:e2:6f:5f:1f:97:5f:68:0a:9e:5b:
         1c:a7:ed:a3:9b:31:b6:34:dc:54:2a:f5:1c:84:36:6a:82:4e:
         0d:52:95:bd:9a:39:f6:c0:7f:0a:0a:13:c6:1e:98:99:76:6d:
         b5:ed:72:a4:6b:f3:42:77:9b:15:5c:0f:39:cf:50:6f:c4:1a:
         40:58:ec:ea:52:9d:e2:26:13:c2:06:9f:7b:a4:9a:39:f3:5b:
         9b:44:1d:03:e1:64:31:31:f5:b6:da:b2:6b:bf:b7:e1:05:ce:
         6c:ad:41:43:59:7b:1a:ed:fa:2f:96:0e:4e:15:69:32:84:d2:
         1f:93:d0:e9:03:0d:82:c5:4b:e2:e0:86:26:00:c2:ee:7f:89:
         50:6a:c4:b6
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzEJFxHeOs3viav2OclvVsnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Q3Y2IzMzNjNTBmZjIxMjZlMjZmMjJlY2I3OTFjZjZmZDk1YzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApArK4Wg+YS/RCtEb9+8Op6Ap+l33
MXp+aJQq3/UR5Hb2XviniNuIYa0aE+Ws2VSi8igRdZMp5dz0+5Oq+ugnAShecgJr
Lx+Z/CxkAAh7w+xJCRzAX8Cj50Ts2JetVKp9KFOEeIT+NfN6U+uXf1dsVG6Kzrt6
5/ObJBazfCP77hg2veFp5+6ZHIJYwEiKPV78JdemcJnsgkyYBE37Tuhw6Z37GB/3
snRZUb8G3pO8PkK8mc9QEJOJod/1pPy3u7/2CTtbei+fYTyFgB3uvEWpUEXPag73
hg4hONGhlrk8mZdQtQ/rqttJBv9RP/vDzecyTaqmUO0AJ7uFkt21wguMHQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFMPXyzM8UP8hJuJvIuy3kc9v2VwhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U1Lzc3ZjU2
OS02YTVkLTQyNTgtOGRlOS0xZjA5YzhiNmEwOGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTUvNzdmNTY5
LTZhNWQtNDI1OC04ZGU5LTFmMDljOGI2YTA4ZC8xL3c5ZkxNenhRX3lFbTRtOGk3
TGVSejJfWlhDRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA88MBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM6uDANBgkqhkiG9w0BAQsFAAOCAQEAjsWTyu30UdVNRhao78bc9454js4Y
JM/5LqKkwqbIe6HPdXb8CSeOYFYqRhO66J9Mz4kxFzWnTzO/DMKz4QhCwF+NlEcd
Yn71hH3h7gPCF6qfgv5PZlMiv36FLnx7P8Iaoo8hFHrmqvmB2FlOf7SW2Q5Uajbi
b18fl19oCp5bHKfto5sxtjTcVCr1HIQ2aoJODVKVvZo59sB/CgoTxh6YmXZtte1y
pGvzQnebFVwPOc9Qb8QaQFjs6lKd4iYTwgafe6SaOfNbm0QdA+FkMTH1ttqya7+3
4QXObK1BQ1l7Gu36L5YOThVpMoTSH5PQ6QMNgsVL4uCGJgDC7n+JUGrEtg==
-----END CERTIFICATE-----