Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/w_sAsiDqeEoEaDBU_L9OS0ietCA.cer
File:                     w_sAsiDqeEoEaDBU_L9OS0ietCA.cer (raw, json)
Hash identifier:          dRD6N10XQWJodkkIt2P5PWkEPNdGg/Imc8sopBpge/0=
Subject key identifier:   C3:FB:00:B2:20:EA:78:4A:04:68:30:54:FC:BF:4E:4B:48:9E:B4:20
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8023159EAB49F109D0284435EC381C8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/w_sAsiDqeEoEaDBU_L9OS0ietCA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 201636
                          IP: 185.198.154.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:31:59:ea:b4:9f:10:9d:02:84:43:5e:c3:81:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3fb00b220ea784a04683054fcbf4e4b489eb420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:7c:77:e4:51:87:c9:14:29:91:66:93:e7:d7:
                    65:89:11:f5:24:ab:93:cd:7f:23:78:d1:21:c3:5e:
                    ac:cf:eb:99:b1:fd:98:30:5f:c1:b8:31:de:4d:a3:
                    c8:f5:76:87:8f:51:3c:fe:15:b3:33:b6:52:f5:8e:
                    9a:ef:97:9a:12:3d:f6:15:0f:95:c4:c1:0d:1f:8c:
                    ef:9f:49:60:1d:45:97:de:32:26:f8:94:c1:d6:f9:
                    d4:38:9b:63:98:da:3d:c0:67:55:f7:ae:89:39:3e:
                    39:ef:06:52:22:7e:08:c0:d8:0e:83:12:55:56:34:
                    13:71:a3:63:d5:91:5f:db:0d:b2:f9:2a:06:69:e7:
                    3c:f9:b4:d5:19:5b:21:3b:34:00:fc:ed:91:78:78:
                    69:41:42:bf:bd:c5:dc:ca:1e:d0:55:46:22:ae:bf:
                    14:85:ec:f6:1a:39:ec:e3:c9:99:1b:c7:4d:40:e8:
                    a2:cd:64:80:d7:0d:95:4c:86:49:2b:03:73:0a:cc:
                    03:ca:b7:d3:4a:50:42:40:fb:2e:b4:eb:10:87:2e:
                    63:f4:52:ed:92:71:00:5c:bf:b8:6e:ac:b5:f1:ad:
                    5c:ab:03:53:06:20:bd:1e:9a:5b:a8:61:36:a9:48:
                    a4:d0:ac:14:41:3b:97:11:bb:e0:14:b0:79:f0:fe:
                    19:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:FB:00:B2:20:EA:78:4A:04:68:30:54:FC:BF:4E:4B:48:9E:B4:20
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/w_sAsiDqeEoEaDBU_L9OS0ietCA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.154.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201636

    Signature Algorithm: sha256WithRSAEncryption
         0b:49:f6:65:e2:71:cc:89:38:23:5e:90:68:9b:cd:74:a8:63:
         bd:9e:bf:01:b1:b5:ea:c2:46:7e:7a:d3:4b:2d:8d:2e:44:97:
         38:8c:b3:98:5c:2c:b2:eb:89:eb:ef:4d:91:6b:a7:4c:0b:b7:
         9b:5b:6d:49:f8:0c:9e:2f:e2:6f:da:00:ee:47:e8:1a:65:ef:
         2d:9b:de:31:84:9d:f5:de:92:b3:ac:3c:df:90:d7:09:b3:a7:
         54:d7:81:08:74:fc:98:79:9b:6f:ef:ae:23:1f:97:34:eb:86:
         fc:e3:db:17:15:c2:49:4a:d6:cc:60:53:1f:9e:90:c1:dc:07:
         83:01:83:97:42:22:1e:2a:fe:58:51:5c:48:ba:46:03:65:44:
         3e:f9:bf:a8:29:fe:7f:63:2c:d3:1d:86:9e:5c:29:aa:54:3d:
         42:c1:ae:76:86:a1:21:5b:1d:1f:38:12:7f:e4:79:a0:bb:c8:
         24:e8:89:7a:4e:6e:30:1e:fd:0c:5a:2c:b0:ce:10:98:14:db:
         af:b7:08:0c:3f:18:e3:b2:b5:20:47:8a:da:3d:16:68:14:72:
         95:02:e0:f3:03:5d:df:12:9c:19:c8:11:6b:88:c9:da:2a:04:
         66:77:f9:bf:e2:c8:9b:2f:39:60:4b:fe:c4:01:f3:6d:31:7d:
         03:99:24:aa
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIAjFZ6rSfEJ0ChENew4HIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2ZiMDBiMjIwZWE3ODRhMDQ2ODMwNTRmY2JmNGU0YjQ4OWViNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnx35FGHyRQpkWaT59dliRH1JKuT
zX8jeNEhw16sz+uZsf2YMF/BuDHeTaPI9XaHj1E8/hWzM7ZS9Y6a75eaEj32FQ+V
xMENH4zvn0lgHUWX3jIm+JTB1vnUOJtjmNo9wGdV966JOT457wZSIn4IwNgOgxJV
VjQTcaNj1ZFf2w2y+SoGaec8+bTVGVshOzQA/O2ReHhpQUK/vcXcyh7QVUYirr8U
hez2Gjns48mZG8dNQOiizWSA1w2VTIZJKwNzCswDyrfTSlBCQPsutOsQhy5j9FLt
knEAXL+4bqy18a1cqwNTBiC9HppbqGE2qUik0KwUQTuXEbvgFLB58P4ZNwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFMP7ALIg6nhKBGgwVPy/TktInrQgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M0LzIxMDIx
MS1mZmVhLTQ3ZWUtODliYS02Y2NjYmE5OTc0ZWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzQvMjEwMjEx
LWZmZWEtNDdlZS04OWJhLTZjY2NiYTk5NzRlYy8xL3dfc0FzaURxZUVvRWFEQlVf
TDlPUzBpZXRDQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAucaaMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMTpDANBgkqhkiG9w0BAQsFAAOCAQEAC0n2ZeJxzIk4I16QaJvNdKhjvZ6/AbG1
6sJGfnrTSy2NLkSXOIyzmFwssuuJ6+9NkWunTAu3m1ttSfgMni/ib9oA7kfoGmXv
LZveMYSd9d6Ss6w835DXCbOnVNeBCHT8mHmbb++uIx+XNOuG/OPbFxXCSUrWzGBT
H56QwdwHgwGDl0IiHir+WFFcSLpGA2VEPvm/qCn+f2Ms0x2GnlwpqlQ9QsGudoah
IVsdHzgSf+R5oLvIJOiJek5uMB79DFossM4QmBTbr7cIDD8Y47K1IEeK2j0WaBRy
lQLg8wNd3xKcGcgRa4jJ2ioEZnf5v+LImy85YEv+xAHzbTF9A5kkqg==
-----END CERTIFICATE-----