Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wU1yTKWa3dD3-BCLAQWXlfNNM0U.cer
File:                     wU1yTKWa3dD3-BCLAQWXlfNNM0U.cer (raw, json)
Hash identifier:          sygD2s6rztWqthlkDtxV4KgQYHNZcr9R5t1pdeQeXKc=
Subject key identifier:   C1:4D:72:4C:A5:9A:DD:D0:F7:F8:10:8B:01:05:97:95:F3:4D:33:45
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2AA0C9C0A688A26032CE650322BDD8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/48/b4ddd7-cd41-46b5-ac38-4f564ce07126/1/wU1yTKWa3dD3-BCLAQWXlfNNM0U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/48/b4ddd7-cd41-46b5-ac38-4f564ce07126/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:34:00 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216344

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a0:c9:c0:a6:88:a2:60:32:ce:65:03:22:bd:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c14d724ca59addd0f7f8108b01059795f34d3345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:28:30:75:7a:aa:f6:51:3a:b1:2c:2c:37:30:
                    d4:e8:33:88:c6:89:de:f9:72:ee:15:3b:f0:f7:2c:
                    cb:cd:eb:f0:2c:23:ac:2a:35:05:ad:2d:25:5e:4b:
                    48:02:04:36:02:9f:e3:70:01:d3:f1:bb:76:36:ee:
                    f3:9a:be:1f:37:27:bf:67:8a:d2:b3:2b:4b:a6:f8:
                    88:76:37:f7:c5:ad:d4:12:19:7c:37:d6:8a:77:db:
                    7c:e7:79:4c:fe:28:11:1e:18:07:fc:4d:e0:13:aa:
                    85:53:4b:91:d4:5b:15:e2:4a:a6:dd:90:e3:52:56:
                    b9:5a:b6:70:a0:56:7e:9f:4b:d2:17:5a:4a:81:d3:
                    40:a2:a3:f4:b3:69:d1:0b:b5:dc:2a:b8:ce:57:a5:
                    f2:f9:75:90:4e:9a:4a:7a:38:41:7e:cd:fa:00:76:
                    9f:c7:41:16:40:00:a5:01:9c:9f:b4:67:2b:32:b1:
                    d4:96:02:8a:b7:a5:ab:62:47:88:3c:96:41:03:b2:
                    69:d7:9e:fd:c6:d6:cd:22:8a:e1:87:c1:9e:cb:77:
                    8e:d2:e4:b8:6e:05:8f:42:18:c0:4f:ac:6c:9b:94:
                    be:7c:af:dc:9c:fd:31:e0:e6:ee:74:26:0f:8a:1e:
                    8a:70:f4:4f:90:c1:bf:82:88:41:30:b6:9d:2f:c2:
                    46:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:4D:72:4C:A5:9A:DD:D0:F7:F8:10:8B:01:05:97:95:F3:4D:33:45
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b4ddd7-cd41-46b5-ac38-4f564ce07126/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b4ddd7-cd41-46b5-ac38-4f564ce07126/1/wU1yTKWa3dD3-BCLAQWXlfNNM0U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216344

    Signature Algorithm: sha256WithRSAEncryption
         30:31:33:c3:09:5f:50:3b:75:1e:69:be:a6:94:4a:b7:81:9d:
         ae:0f:e9:de:be:78:49:fb:9a:f3:71:d3:bc:be:61:c9:36:84:
         0e:b0:11:e0:04:6e:9e:a6:42:23:b0:dc:82:c0:e0:ca:eb:b4:
         e4:5b:30:e7:03:a8:95:67:2b:02:ba:71:46:c3:39:ae:62:cf:
         3a:9e:f0:f1:24:4c:fc:f2:ff:43:5a:09:1b:84:4b:a7:5e:e4:
         aa:f3:df:61:1a:fd:70:dc:74:44:d9:0c:06:6c:7a:17:98:7a:
         e8:7c:4b:44:6a:15:6c:ac:a5:7e:f4:bd:53:0a:8e:37:da:ee:
         e4:30:f1:f3:44:8a:9f:3f:ed:01:4e:4c:ae:1c:fc:30:66:c7:
         cf:6f:3a:e9:46:bf:d3:c7:a8:52:5d:a0:a0:4f:95:29:ca:e8:
         3b:bb:15:27:12:59:88:e6:67:d6:18:83:1b:3a:17:49:94:a6:
         a1:63:c5:cf:3a:c3:57:9d:69:a5:67:e6:9e:76:5e:2e:4d:93:
         f7:64:df:33:f5:c7:48:4c:bd:7e:e0:3a:bb:ab:2a:d9:82:4e:
         a4:21:93:43:02:ea:af:b9:b2:b6:52:39:05:f4:9a:aa:78:22:
         61:ec:bd:ac:21:4a:c9:2d:40:48:5a:41:28:34:c7:ee:c3:04:
         a7:69:2a:43
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKKqDJwKaIomAyzmUDIr3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTRkNzI0Y2E1OWFkZGQwZjdmODEwOGIwMTA1OTc5NWYzNGQzMzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ygwdXqq9lE6sSwsNzDU6DOIxone
+XLuFTvw9yzLzevwLCOsKjUFrS0lXktIAgQ2Ap/jcAHT8bt2Nu7zmr4fNye/Z4rS
sytLpviIdjf3xa3UEhl8N9aKd9t853lM/igRHhgH/E3gE6qFU0uR1FsV4kqm3ZDj
Ula5WrZwoFZ+n0vSF1pKgdNAoqP0s2nRC7XcKrjOV6Xy+XWQTppKejhBfs36AHaf
x0EWQAClAZyftGcrMrHUlgKKt6WrYkeIPJZBA7Jp1579xtbNIorhh8Gey3eO0uS4
bgWPQhjAT6xsm5S+fK/cnP0x4ObudCYPih6KcPRPkMG/gohBMLadL8JGeQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFMFNckylmt3Q9/gQiwEFl5XzTTNFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ4L2I0ZGRk
Ny1jZDQxLTQ2YjUtYWMzOC00ZjU2NGNlMDcxMjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDgvYjRkZGQ3
LWNkNDEtNDZiNS1hYzM4LTRmNTY0Y2UwNzEyNi8xL3dVMXlUS1dhM2REMy1CQ0xB
UVdYbGZOTk0wVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNNGDANBgkqhkiG9w0BAQsFAAOCAQEAMDEzwwlfUDt1
Hmm+ppRKt4Gdrg/p3r54Sfua83HTvL5hyTaEDrAR4ARunqZCI7DcgsDgyuu05Fsw
5wOolWcrArpxRsM5rmLPOp7w8SRM/PL/Q1oJG4RLp17kqvPfYRr9cNx0RNkMBmx6
F5h66HxLRGoVbKylfvS9UwqON9ru5DDx80SKnz/tAU5Mrhz8MGbHz2866Ua/08eo
Ul2goE+VKcroO7sVJxJZiOZn1hiDGzoXSZSmoWPFzzrDV51ppWfmnnZeLk2T92Tf
M/XHSEy9fuA6u6sq2YJOpCGTQwLqr7mytlI5BfSaqngiYey9rCFKyS1ASFpBKDTH
7sMEp2kqQw==
-----END CERTIFICATE-----