Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wU1yTKWa3dD3-BCLAQWXlfNNM0U.cer
File:                     wU1yTKWa3dD3-BCLAQWXlfNNM0U.cer (raw, json)
Hash identifier:          qf4McLQqEZvc4V1QCNDdeHYjZI3Nt/oSJk4RtLZGKXY=
Subject key identifier:   C1:4D:72:4C:A5:9A:DD:D0:F7:F8:10:8B:01:05:97:95:F3:4D:33:45
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5E5C93797F723795519B645A54F94
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/48/b4ddd7-cd41-46b5-ac38-4f564ce07126/1/wU1yTKWa3dD3-BCLAQWXlfNNM0U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/48/b4ddd7-cd41-46b5-ac38-4f564ce07126/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:56 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214276
                          AS: 216344
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e5:c9:37:97:f7:23:79:55:19:b6:45:a5:4f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c14d724ca59addd0f7f8108b01059795f34d3345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:28:30:75:7a:aa:f6:51:3a:b1:2c:2c:37:30:
                    d4:e8:33:88:c6:89:de:f9:72:ee:15:3b:f0:f7:2c:
                    cb:cd:eb:f0:2c:23:ac:2a:35:05:ad:2d:25:5e:4b:
                    48:02:04:36:02:9f:e3:70:01:d3:f1:bb:76:36:ee:
                    f3:9a:be:1f:37:27:bf:67:8a:d2:b3:2b:4b:a6:f8:
                    88:76:37:f7:c5:ad:d4:12:19:7c:37:d6:8a:77:db:
                    7c:e7:79:4c:fe:28:11:1e:18:07:fc:4d:e0:13:aa:
                    85:53:4b:91:d4:5b:15:e2:4a:a6:dd:90:e3:52:56:
                    b9:5a:b6:70:a0:56:7e:9f:4b:d2:17:5a:4a:81:d3:
                    40:a2:a3:f4:b3:69:d1:0b:b5:dc:2a:b8:ce:57:a5:
                    f2:f9:75:90:4e:9a:4a:7a:38:41:7e:cd:fa:00:76:
                    9f:c7:41:16:40:00:a5:01:9c:9f:b4:67:2b:32:b1:
                    d4:96:02:8a:b7:a5:ab:62:47:88:3c:96:41:03:b2:
                    69:d7:9e:fd:c6:d6:cd:22:8a:e1:87:c1:9e:cb:77:
                    8e:d2:e4:b8:6e:05:8f:42:18:c0:4f:ac:6c:9b:94:
                    be:7c:af:dc:9c:fd:31:e0:e6:ee:74:26:0f:8a:1e:
                    8a:70:f4:4f:90:c1:bf:82:88:41:30:b6:9d:2f:c2:
                    46:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:4D:72:4C:A5:9A:DD:D0:F7:F8:10:8B:01:05:97:95:F3:4D:33:45
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b4ddd7-cd41-46b5-ac38-4f564ce07126/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b4ddd7-cd41-46b5-ac38-4f564ce07126/1/wU1yTKWa3dD3-BCLAQWXlfNNM0U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214276
                  216344

    Signature Algorithm: sha256WithRSAEncryption
         7b:de:06:78:cb:b9:c2:c9:88:b8:15:b5:f5:f3:62:1b:59:7b:
         c3:71:d3:07:19:02:60:b5:fc:f3:9a:31:bb:f1:70:11:52:c6:
         c3:6f:09:e7:1b:71:45:bb:da:fe:7c:b9:0f:ed:bf:2c:1c:a0:
         35:4a:bc:fd:d8:65:c8:b4:09:78:ae:6e:49:16:b3:c6:da:ba:
         40:8f:5b:98:1c:a4:62:74:1b:27:10:42:72:50:7a:ab:24:bc:
         7d:53:9f:d5:b8:cb:1c:9f:7f:03:dd:3c:ec:ec:0b:9f:c0:7d:
         e5:6d:42:16:82:c2:a8:e3:65:e5:7e:4a:93:26:f7:0e:30:ab:
         5f:68:2c:c5:51:8f:33:a0:be:e1:2d:be:b2:81:ad:89:13:ad:
         e9:d8:f4:49:f3:01:ff:20:d5:30:53:8f:26:f0:2e:21:93:85:
         f5:c7:1b:46:48:0f:ee:06:34:b9:24:7e:62:b1:ab:aa:c3:fa:
         42:fb:bf:bf:c9:80:8e:45:65:00:cc:08:81:3d:03:12:86:9e:
         2b:49:95:f9:22:8a:25:d3:6e:b1:e4:af:59:f0:49:7e:b9:cd:
         55:db:d5:2c:c9:1a:da:0a:aa:27:ba:13:d6:72:15:1a:9c:48:
         7a:fa:48:17:86:52:5d:bd:ef:a8:6c:2b:ca:ae:63:c4:21:ff:
         e7:f0:bf:13
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQg1eXJN5f3I3lVGbZFpU+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTRkNzI0Y2E1OWFkZGQwZjdmODEwOGIwMTA1OTc5NWYzNGQzMzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ygwdXqq9lE6sSwsNzDU6DOIxone
+XLuFTvw9yzLzevwLCOsKjUFrS0lXktIAgQ2Ap/jcAHT8bt2Nu7zmr4fNye/Z4rS
sytLpviIdjf3xa3UEhl8N9aKd9t853lM/igRHhgH/E3gE6qFU0uR1FsV4kqm3ZDj
Ula5WrZwoFZ+n0vSF1pKgdNAoqP0s2nRC7XcKrjOV6Xy+XWQTppKejhBfs36AHaf
x0EWQAClAZyftGcrMrHUlgKKt6WrYkeIPJZBA7Jp1579xtbNIorhh8Gey3eO0uS4
bgWPQhjAT6xsm5S+fK/cnP0x4ObudCYPih6KcPRPkMG/gohBMLadL8JGeQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFMFNckylmt3Q9/gQiwEFl5XzTTNFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ4L2I0ZGRk
Ny1jZDQxLTQ2YjUtYWMzOC00ZjU2NGNlMDcxMjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDgvYjRkZGQ3
LWNkNDEtNDZiNS1hYzM4LTRmNTY0Y2UwNzEyNi8xL3dVMXlUS1dhM2REMy1CQ0xB
UVdYbGZOTk0wVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEIAQH/BBAwDqAMMAoCAwNFBAIDA00YMA0GCSqGSIb3DQEBCwUAA4IBAQB73gZ4
y7nCyYi4FbX182IbWXvDcdMHGQJgtfzzmjG78XARUsbDbwnnG3FFu9r+fLkP7b8s
HKA1Srz92GXItAl4rm5JFrPG2rpAj1uYHKRidBsnEEJyUHqrJLx9U5/VuMscn38D
3Tzs7AufwH3lbUIWgsKo42XlfkqTJvcOMKtfaCzFUY8zoL7hLb6yga2JE63p2PRJ
8wH/INUwU48m8C4hk4X1xxtGSA/uBjS5JH5isauqw/pC+7+/yYCORWUAzAiBPQMS
hp4rSZX5Iool026x5K9Z8El+uc1V29UsyRraCqonuhPWchUanEh6+kgXhlJdve+o
bCvKrmPEIf/n8L8T
-----END CERTIFICATE-----