Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xA3Iplr2fnLf3zHMiJR5cZ5P16M.cer
File:                     xA3Iplr2fnLf3zHMiJR5cZ5P16M.cer (raw, json)
Hash identifier:          gUc2CAOQMKYKbzIqBio0urU4PZJ8LEjASQ0dM9PZmRI=
Subject key identifier:   C4:0D:C8:A6:5A:F6:7E:72:DF:DF:31:CC:88:94:79:71:9E:4F:D7:A3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A4849C9721A88AC49D27D7FF6D29D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/30/18b255-805a-41e7-8955-40d4a8226a36/1/xA3Iplr2fnLf3zHMiJR5cZ5P16M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/30/18b255-805a-41e7-8955-40d4a8226a36/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212194

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:48:49:c9:72:1a:88:ac:49:d2:7d:7f:f6:d2:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c40dc8a65af67e72dfdf31cc889479719e4fd7a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:32:19:4f:c3:a3:09:92:6a:c0:b3:89:c5:6c:
                    f5:b8:7d:01:88:84:e7:05:77:7a:58:9d:1b:f8:a9:
                    a4:80:f7:cb:f6:06:11:15:4e:f6:66:52:ae:d8:f4:
                    5e:51:92:f4:60:df:11:86:10:55:bf:62:b4:32:65:
                    46:6d:a8:8d:b8:c4:e4:cb:3b:c2:ce:ed:3f:8b:20:
                    1d:95:82:ec:8f:fd:de:3d:3a:f5:7e:f0:1f:c4:0f:
                    df:e8:0f:a1:54:ba:83:48:6d:be:e3:e7:24:82:4c:
                    77:d7:43:e1:8e:c4:b6:04:6f:41:9a:da:01:33:81:
                    0c:76:a3:42:1d:01:3a:4c:1f:30:24:69:79:51:9d:
                    65:a0:ed:a4:1c:43:10:13:43:25:25:24:ee:34:12:
                    e0:8c:6d:73:a3:6e:7d:0f:c3:b3:82:93:30:87:20:
                    7a:53:68:cb:63:e5:52:f2:47:3d:2e:08:3c:60:3a:
                    e3:41:fc:af:48:fc:fc:95:b0:cc:4e:84:e6:eb:dc:
                    c5:68:12:16:4e:6c:24:4f:9a:8e:22:65:c7:7d:9b:
                    88:35:d3:6c:50:64:7a:23:65:5b:62:8d:46:a8:93:
                    d8:08:46:b1:de:a8:10:23:ea:4a:84:95:2f:e0:ce:
                    a0:12:ee:0b:a8:eb:03:ec:e2:50:96:91:78:ec:0b:
                    78:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:0D:C8:A6:5A:F6:7E:72:DF:DF:31:CC:88:94:79:71:9E:4F:D7:A3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/18b255-805a-41e7-8955-40d4a8226a36/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/18b255-805a-41e7-8955-40d4a8226a36/1/xA3Iplr2fnLf3zHMiJR5cZ5P16M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212194

    Signature Algorithm: sha256WithRSAEncryption
         b2:08:70:2b:fe:81:33:6f:78:c3:a5:2c:ae:a5:60:d9:c6:e0:
         6f:9a:a8:4c:7c:af:11:56:21:17:40:5e:67:63:50:7e:59:35:
         da:6c:1e:dd:24:48:6d:8d:9d:7d:fd:5a:6a:44:a6:de:1b:f5:
         59:10:05:82:9f:97:81:7f:64:c7:51:85:f2:e2:36:cf:95:a5:
         a5:8f:9d:35:be:18:90:d1:a6:1c:f1:ab:1c:95:28:ae:10:9a:
         99:85:60:ca:52:b3:c3:7d:7b:4f:67:d9:b0:08:12:9d:93:f9:
         6f:40:bd:c9:bc:45:05:55:af:f4:0b:17:aa:9b:c5:cf:b2:6a:
         60:48:13:52:81:8e:90:2e:07:47:1a:c8:12:d5:d4:48:b4:90:
         25:56:57:4a:d8:5f:3b:01:8a:36:80:b2:4c:aa:ad:d8:a0:30:
         ae:90:07:a6:53:22:02:f1:9f:54:17:87:0b:8d:12:cb:66:d8:
         dd:e5:44:cc:17:cf:d5:53:04:90:b1:2f:55:00:71:6e:0f:c2:
         b6:d1:0d:7d:fc:50:99:ea:5d:75:25:5e:4b:22:ab:6a:74:2a:
         8c:fc:20:2b:f7:74:16:2c:e1:07:74:30:33:90:ae:8c:4d:25:
         cd:fd:bd:ca:0f:ca:79:a2:07:0d:bb:4e:0c:a1:05:63:c2:48:
         cb:98:03:6e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKKkhJyXIaiKxJ0n1/9tKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDBkYzhhNjVhZjY3ZTcyZGZkZjMxY2M4ODk0Nzk3MTllNGZkN2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DIZT8OjCZJqwLOJxWz1uH0BiITn
BXd6WJ0b+KmkgPfL9gYRFU72ZlKu2PReUZL0YN8RhhBVv2K0MmVGbaiNuMTkyzvC
zu0/iyAdlYLsj/3ePTr1fvAfxA/f6A+hVLqDSG2+4+ckgkx310PhjsS2BG9BmtoB
M4EMdqNCHQE6TB8wJGl5UZ1loO2kHEMQE0MlJSTuNBLgjG1zo259D8OzgpMwhyB6
U2jLY+VS8kc9Lgg8YDrjQfyvSPz8lbDMToTm69zFaBIWTmwkT5qOImXHfZuINdNs
UGR6I2VbYo1GqJPYCEax3qgQI+pKhJUv4M6gEu4LqOsD7OJQlpF47At43wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFMQNyKZa9n5y398xzIiUeXGeT9ejMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMwLzE4YjI1
NS04MDVhLTQxZTctODk1NS00MGQ0YTgyMjZhMzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzAvMThiMjU1
LTgwNWEtNDFlNy04OTU1LTQwZDRhODIyNmEzNi8xL3hBM0lwbHIyZm5MZjN6SE1p
SlI1Y1o1UDE2TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM84jANBgkqhkiG9w0BAQsFAAOCAQEAsghwK/6BM294
w6UsrqVg2cbgb5qoTHyvEVYhF0BeZ2NQflk12mwe3SRIbY2dff1aakSm3hv1WRAF
gp+XgX9kx1GF8uI2z5WlpY+dNb4YkNGmHPGrHJUorhCamYVgylKzw317T2fZsAgS
nZP5b0C9ybxFBVWv9AsXqpvFz7JqYEgTUoGOkC4HRxrIEtXUSLSQJVZXSthfOwGK
NoCyTKqt2KAwrpAHplMiAvGfVBeHC40Sy2bY3eVEzBfP1VMEkLEvVQBxbg/CttEN
ffxQmepddSVeSyKranQqjPwgK/d0FizhB3QwM5CujE0lzf29yg/KeaIHDbtODKEF
Y8JIy5gDbg==
-----END CERTIFICATE-----