Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wAVeMuzXcq4oA6TDVtd2h4fnLiA.cer
File:                     wAVeMuzXcq4oA6TDVtd2h4fnLiA.cer (raw, json)
Hash identifier:          Ar1zEIggyFncYljiIJqMfMdcCGKqO1l+UtXk6uIIHKM=
Subject key identifier:   C0:05:5E:32:EC:D7:72:AE:28:03:A4:C3:56:D7:76:87:87:E7:2E:20
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D8036CCDB2CA46D4BF6233B374076
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a1/7a0b3f-8942-4d47-86dc-7c2d409ac89a/1/wAVeMuzXcq4oA6TDVtd2h4fnLiA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a1/7a0b3f-8942-4d47-86dc-7c2d409ac89a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:30:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211231

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:80:36:cc:db:2c:a4:6d:4b:f6:23:3b:37:40:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0055e32ecd772ae2803a4c356d7768787e72e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c3:3a:89:35:b6:7e:d5:82:ed:21:86:08:aa:
                    7d:bf:e1:a4:fd:db:78:82:2f:78:0f:e4:23:b1:d5:
                    9b:14:5c:a4:20:a0:30:86:75:8f:d7:1d:83:b2:41:
                    56:5c:19:b7:06:42:95:6a:ca:99:01:e9:7f:19:86:
                    37:31:1e:96:51:7e:a8:9e:f1:a2:70:52:06:5b:09:
                    ca:e7:6e:1e:e4:25:a6:2f:42:27:7a:7a:21:56:4c:
                    2c:fe:5d:bc:48:8d:45:43:d2:9c:ae:7b:8a:e7:c7:
                    03:bb:fd:ea:32:b7:18:65:c6:72:91:9a:b3:02:7f:
                    fc:93:cc:18:48:ac:60:58:77:a1:55:89:fb:b8:e6:
                    4e:61:7e:ff:75:60:fb:3d:3c:fe:7b:71:60:3d:97:
                    5f:69:79:2b:a0:1c:a7:ca:4a:d9:b8:67:19:74:13:
                    4c:d1:8f:21:e1:d3:30:96:5d:52:14:53:bd:b0:72:
                    5f:2a:88:b5:b4:bc:85:5a:e4:f3:d0:db:60:0b:a3:
                    dc:dd:aa:17:82:82:94:8b:b8:09:04:61:1f:5f:87:
                    1e:57:39:47:d0:40:18:83:29:ed:20:e0:9a:e4:a3:
                    ee:0e:51:c7:61:42:68:36:6f:41:c6:70:09:f4:e3:
                    21:24:03:e0:31:26:e0:d1:36:91:a4:f9:9d:07:99:
                    46:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:05:5E:32:EC:D7:72:AE:28:03:A4:C3:56:D7:76:87:87:E7:2E:20
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/7a0b3f-8942-4d47-86dc-7c2d409ac89a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/7a0b3f-8942-4d47-86dc-7c2d409ac89a/1/wAVeMuzXcq4oA6TDVtd2h4fnLiA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211231

    Signature Algorithm: sha256WithRSAEncryption
         a5:41:78:0d:f1:8c:50:65:5c:c5:2f:ac:f9:79:f4:11:e4:16:
         e5:36:29:d3:98:48:3a:db:5f:d4:7a:bf:9f:9e:f2:3b:9b:af:
         e5:5b:f4:15:2a:6a:53:86:4f:d1:85:98:cc:f7:38:42:7d:c7:
         01:a8:a1:7a:0e:4d:da:4f:69:29:7f:7a:3f:67:88:de:1a:e4:
         20:90:99:e7:62:f9:02:3a:0e:e2:5b:ed:5e:0a:d0:5d:97:42:
         4e:d6:f1:46:2b:3e:50:d9:b1:cd:85:95:2c:f6:a7:86:8c:3a:
         32:4e:9c:29:ef:61:98:36:35:d6:eb:b2:d3:93:7b:b2:c4:e9:
         d1:2b:86:10:51:1b:07:aa:ad:05:09:49:35:d8:3a:b5:ab:03:
         80:fc:ed:f6:73:ef:16:88:dd:45:3f:1b:6e:a3:24:86:98:fe:
         84:18:01:74:c4:e4:a0:0b:73:3b:91:aa:37:23:eb:f4:31:95:
         7f:89:ff:1d:78:5d:6c:b8:51:69:d7:5e:d4:35:38:10:8c:6c:
         13:5e:68:b3:a5:30:98:af:a1:e9:53:50:89:27:ad:cf:c8:36:
         f5:d0:44:b1:f0:f3:fc:de:db:cb:94:db:93:39:9c:d5:ba:b1:
         48:6d:c6:d7:c0:3b:19:37:ac:37:d2:0b:3e:31:6a:d1:b8:d8:
         7a:8a:f7:1d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzCbYA2zNsspG1L9iM7N0B2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDA1NWUzMmVjZDc3MmFlMjgwM2E0YzM1NmQ3NzY4Nzg3ZTcyZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMM6iTW2ftWC7SGGCKp9v+Gk/dt4
gi94D+QjsdWbFFykIKAwhnWP1x2DskFWXBm3BkKVasqZAel/GYY3MR6WUX6onvGi
cFIGWwnK524e5CWmL0InenohVkws/l28SI1FQ9KcrnuK58cDu/3qMrcYZcZykZqz
An/8k8wYSKxgWHehVYn7uOZOYX7/dWD7PTz+e3FgPZdfaXkroBynykrZuGcZdBNM
0Y8h4dMwll1SFFO9sHJfKoi1tLyFWuTz0NtgC6Pc3aoXgoKUi7gJBGEfX4ceVzlH
0EAYgyntIOCa5KPuDlHHYUJoNm9BxnAJ9OMhJAPgMSbg0TaRpPmdB5lGLQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFMAFXjLs13KuKAOkw1bXdoeH5y4gMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ExLzdhMGIz
Zi04OTQyLTRkNDctODZkYy03YzJkNDA5YWM4OWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEvN2EwYjNm
LTg5NDItNGQ0Ny04NmRjLTdjMmQ0MDlhYzg5YS8xL3dBVmVNdXpYY3E0b0E2VERW
dGQyaDRmbkxpQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM5HzANBgkqhkiG9w0BAQsFAAOCAQEApUF4DfGMUGVc
xS+s+Xn0EeQW5TYp05hIOttf1Hq/n57yO5uv5Vv0FSpqU4ZP0YWYzPc4Qn3HAaih
eg5N2k9pKX96P2eI3hrkIJCZ52L5AjoO4lvtXgrQXZdCTtbxRis+UNmxzYWVLPan
how6Mk6cKe9hmDY11uuy05N7ssTp0SuGEFEbB6qtBQlJNdg6tasDgPzt9nPvFojd
RT8bbqMkhpj+hBgBdMTkoAtzO5GqNyPr9DGVf4n/HXhdbLhRadde1DU4EIxsE15o
s6UwmK+h6VNQiSetz8g29dBEsfDz/N7by5Tbkzmc1bqxSG3G18A7GTesN9ILPjFq
0bjYeor3HQ==
-----END CERTIFICATE-----