Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xvw4sqEAOV-puZGa15LnrLLbLgc.cer
File:                     xvw4sqEAOV-puZGa15LnrLLbLgc.cer (raw, json)
Hash identifier:          4Shvi/qMT8e27LGm4dwS9j9165tfQ0/jDUA0l2r6WWI=
Subject key identifier:   C6:FC:38:B2:A1:00:39:5F:A9:B9:91:9A:D7:92:E7:AC:B2:DB:2E:07
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D1871E60AE3E54B3DCAF25C4D47B3BA74
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/xvw4sqEAOV-puZGa15LnrLLbLgc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 17 Jan 2024 17:22:14 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215936
                          IP: 2001:67c:d54::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:71:e6:0a:e3:e5:4b:3d:ca:f2:5c:4d:47:b3:ba:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 17 17:22:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6fc38b2a100395fa9b9919ad792e7acb2db2e07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:3e:0c:ad:80:96:ee:c3:d0:70:95:bb:44:
                    da:e5:48:e0:df:8d:4e:7c:85:85:7f:8d:c7:90:ce:
                    10:78:84:ba:98:db:62:af:df:9c:69:5b:09:c7:13:
                    2c:ee:7d:13:e4:98:9f:2a:ec:b4:53:ec:d7:32:43:
                    f9:07:0c:40:a6:f6:df:3e:59:c4:0f:0c:52:37:6a:
                    2f:9d:61:55:a9:f2:79:6c:1c:47:b8:44:5c:59:60:
                    58:c1:d0:ef:ed:93:b5:ec:41:cd:a1:ed:11:e3:60:
                    c8:cd:e5:62:d2:cf:50:60:66:29:fb:a7:cd:1a:a4:
                    7a:e8:31:9b:f2:7f:92:05:51:e5:f8:51:a6:59:65:
                    52:38:6f:03:26:65:a1:7d:4b:cb:30:ed:98:d3:ea:
                    ae:25:6d:03:53:1c:64:e6:5e:f3:78:f5:f6:76:ec:
                    c2:7f:a2:0d:c5:13:db:f9:0a:33:6b:81:fd:17:7b:
                    d0:92:6d:df:1a:de:f7:79:9a:f8:66:cb:75:53:eb:
                    f5:ef:7b:3b:19:8c:b8:44:da:7e:89:19:cc:a8:5a:
                    fa:72:ce:49:69:41:2d:cf:b5:e2:7a:83:cd:60:a2:
                    9d:d9:90:44:2f:cb:f3:89:61:6b:73:44:9c:4c:d4:
                    81:20:66:19:d6:32:d3:6c:40:51:b1:9d:b4:cd:a8:
                    5f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:FC:38:B2:A1:00:39:5F:A9:B9:91:9A:D7:92:E7:AC:B2:DB:2E:07
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/xvw4sqEAOV-puZGa15LnrLLbLgc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d54::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215936

    Signature Algorithm: sha256WithRSAEncryption
         3a:eb:c7:7f:24:59:fb:ee:a9:51:1a:e4:48:87:06:69:4c:f4:
         36:13:3e:49:0f:7e:4f:fe:f7:bc:3b:2a:87:30:de:24:52:9a:
         11:7b:b2:d5:34:25:3f:2e:7c:79:e0:ba:71:82:89:5f:5f:dd:
         8b:8b:27:d8:ba:e7:19:a6:00:b9:31:0c:00:61:d9:d7:ab:fd:
         2b:5b:3d:5b:3a:76:a5:82:b8:7c:00:cc:d6:12:80:0a:fa:f6:
         2d:06:83:19:66:9d:45:5e:33:5d:b0:9a:db:8a:f4:ff:3c:de:
         16:f6:f0:14:fa:fb:c0:89:b5:53:11:69:1b:45:3c:a9:f5:80:
         a4:5f:50:7d:58:90:49:68:d3:bc:3c:43:06:f5:ce:87:bb:1e:
         31:2e:0e:17:f6:cd:b0:27:2e:79:73:30:7f:1b:f5:87:fe:29:
         5e:10:69:c1:f6:ed:8e:31:a6:a1:98:3a:01:62:47:b8:94:f0:
         8e:20:a3:8d:dd:52:9e:29:b2:a2:16:a5:04:7a:81:17:1d:82:
         b5:9d:77:cf:ff:09:57:c0:95:3e:4f:a9:af:6a:3e:fd:0c:aa:
         74:34:61:2f:60:a1:bb:46:f9:e9:80:ce:09:d8:fd:2f:17:e9:
         c7:f3:06:ab:b0:b2:37:6a:65:f8:b3:7d:88:5c:e6:b0:45:2e:
         7d:34:24:ed
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAY0YceYK4+VLPcryXE1Hs7p0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTE3MTcyMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmZjMzhiMmExMDAzOTVmYTliOTkxOWFkNzkyZTdhY2IyZGIyZTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjc+DK2Alu7D0HCVu0Ta5Ujg341O
fIWFf43HkM4QeIS6mNtir9+caVsJxxMs7n0T5JifKuy0U+zXMkP5BwxApvbfPlnE
DwxSN2ovnWFVqfJ5bBxHuERcWWBYwdDv7ZO17EHNoe0R42DIzeVi0s9QYGYp+6fN
GqR66DGb8n+SBVHl+FGmWWVSOG8DJmWhfUvLMO2Y0+quJW0DUxxk5l7zePX2duzC
f6INxRPb+Qoza4H9F3vQkm3fGt73eZr4Zst1U+v173s7GYy4RNp+iRnMqFr6cs5J
aUEtz7XieoPNYKKd2ZBEL8vziWFrc0ScTNSBIGYZ1jLTbEBRsZ20zahfjQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFMb8OLKhADlfqbmRmteS56yy2y4HMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FmLzk5ODAw
ZC0xNTFmLTRlMzAtOWZkOC1hODlhNzAyOGQ0MjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWYvOTk4MDBk
LTE1MWYtNGUzMC05ZmQ4LWE4OWE3MDI4ZDQyOS8xL3h2dzRzcUVBT1YtcHVaR2Ex
NUxuckxMYkxnYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA1UMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNLgDANBgkqhkiG9w0BAQsFAAOCAQEAOuvHfyRZ++6pURrkSIcGaUz0NhM+
SQ9+T/73vDsqhzDeJFKaEXuy1TQlPy58eeC6cYKJX1/di4sn2LrnGaYAuTEMAGHZ
16v9K1s9Wzp2pYK4fADM1hKACvr2LQaDGWadRV4zXbCa24r0/zzeFvbwFPr7wIm1
UxFpG0U8qfWApF9QfViQSWjTvDxDBvXOh7seMS4OF/bNsCcueXMwfxv1h/4pXhBp
wfbtjjGmoZg6AWJHuJTwjiCjjd1SnimyohalBHqBFx2CtZ13z/8JV8CVPk+pr2o+
/QyqdDRhL2Chu0b56YDOCdj9Lxfpx/MGq7CyN2pl+LN9iFzmsEUufTQk7Q==
-----END CERTIFICATE-----