Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/z14i55iuMWnaqxzrpnC9of_3tRc.cer
File:                     z14i55iuMWnaqxzrpnC9of_3tRc.cer (raw, json)
Hash identifier:          rtjEL3Px1Xwx7zILIBB+tfhVvQee54zud6cCzHZhf90=
Subject key identifier:   CF:5E:22:E7:98:AE:31:69:DA:AB:1C:EB:A6:70:BD:A1:FF:F7:B5:17
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B7A1626C7E79F22F10D4471C56BC7B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4c/9f9bf3-cf1d-4b33-8123-36a762fb5ec1/1/z14i55iuMWnaqxzrpnC9of_3tRc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4c/9f9bf3-cf1d-4b33-8123-36a762fb5ec1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 15701
                          IP: 2a13:28c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a1:62:6c:7e:79:f2:2f:10:d4:47:1c:56:bc:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf5e22e798ae3169daab1ceba670bda1fff7b517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:da:42:b8:f2:1b:d8:86:63:9b:23:60:2b:45:
                    84:f2:9f:80:dc:f2:41:0f:9a:08:7a:01:98:14:2f:
                    ee:85:9f:1c:e3:92:a1:6c:d0:4d:07:01:c5:fe:ec:
                    9d:04:c0:83:e8:91:1f:1a:6a:8b:bf:90:dd:8c:5d:
                    95:86:50:06:cd:ba:63:7f:95:ef:11:8e:db:54:b9:
                    82:a4:a5:80:94:8e:fc:56:c9:e8:f2:ba:cd:4a:26:
                    ec:24:01:20:e7:f4:b4:f5:01:5d:db:a0:08:0e:cd:
                    17:67:d5:34:f3:d0:1d:ad:d1:66:4f:2c:66:97:c2:
                    12:a3:28:e5:5b:04:30:20:db:68:c7:a1:74:23:3a:
                    57:67:13:48:44:08:0d:78:0f:73:89:2d:c8:d6:05:
                    73:54:b7:90:5d:28:e8:e9:54:7f:d2:d0:45:57:67:
                    97:10:13:0a:10:35:aa:ae:6d:95:62:d9:c1:00:b3:
                    cc:23:f4:ed:5a:30:97:08:7c:42:f7:27:cc:75:70:
                    9b:b3:61:ce:26:40:df:c3:93:c5:5e:f3:cb:a9:e5:
                    67:29:b0:d5:4d:72:2d:c9:7b:2f:75:de:09:14:17:
                    6f:f7:a2:be:6a:52:a9:41:af:fb:ee:17:74:de:bd:
                    74:7d:f0:9b:84:f9:de:55:0a:9d:b1:f6:67:2d:84:
                    9d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:5E:22:E7:98:AE:31:69:DA:AB:1C:EB:A6:70:BD:A1:FF:F7:B5:17
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/9f9bf3-cf1d-4b33-8123-36a762fb5ec1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/9f9bf3-cf1d-4b33-8123-36a762fb5ec1/1/z14i55iuMWnaqxzrpnC9of_3tRc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:28c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  15701

    Signature Algorithm: sha256WithRSAEncryption
         7d:21:e8:e0:d4:8c:d8:c5:f1:0f:05:c5:d0:4b:15:be:ea:82:
         04:97:1e:b2:d3:f2:1d:82:55:44:f6:e4:aa:41:01:e8:7d:ca:
         e7:d3:c1:8e:6e:57:d8:d8:ff:8b:74:6a:1f:6b:e4:e9:0c:a8:
         ab:01:85:9d:92:a6:bd:62:cb:56:3b:6d:01:2e:85:e7:a2:1a:
         84:4d:93:64:22:e3:d7:1c:fb:ab:18:28:b1:3a:e8:f4:70:a6:
         2c:e4:c7:46:0f:8b:39:c1:c8:a7:f6:f3:9f:3a:38:80:f7:eb:
         de:2f:ce:a0:8b:5f:7a:68:a2:fb:49:61:a5:4d:c0:a5:c7:cb:
         d6:bb:d9:fd:41:53:fb:e6:71:d8:c7:eb:4e:0c:3c:fe:87:79:
         41:95:b1:ee:6c:dc:d5:0a:7b:0d:25:c9:3f:4b:a1:80:18:a0:
         62:d1:47:5b:dc:b8:ce:32:ab:e5:fe:9a:7d:28:8c:dd:85:72:
         d8:72:b4:2d:d5:f9:fa:52:41:68:bc:b2:ed:4a:c8:f7:d9:ce:
         eb:b9:91:5c:4b:8b:a2:4d:64:2e:76:a4:2e:c5:61:ef:b5:b4:
         8d:76:c9:89:8b:73:9a:5d:46:ac:b6:98:48:f5:d4:0d:e7:89:
         e9:03:eb:34:31:d0:21:db:b0:63:a4:8f:ec:2c:04:c1:57:58:
         dc:0f:a7:bf
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzGt6FibH558i8Q1EccVrx7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjVlMjJlNzk4YWUzMTY5ZGFhYjFjZWJhNjcwYmRhMWZmZjdiNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdpCuPIb2IZjmyNgK0WE8p+A3PJB
D5oIegGYFC/uhZ8c45KhbNBNBwHF/uydBMCD6JEfGmqLv5DdjF2VhlAGzbpjf5Xv
EY7bVLmCpKWAlI78Vsno8rrNSibsJAEg5/S09QFd26AIDs0XZ9U089AdrdFmTyxm
l8ISoyjlWwQwINtox6F0IzpXZxNIRAgNeA9ziS3I1gVzVLeQXSjo6VR/0tBFV2eX
EBMKEDWqrm2VYtnBALPMI/TtWjCXCHxC9yfMdXCbs2HOJkDfw5PFXvPLqeVnKbDV
TXItyXsvdd4JFBdv96K+alKpQa/77hd03r10ffCbhPneVQqdsfZnLYSdGwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFM9eIueYrjFp2qsc66ZwvaH/97UXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRjLzlmOWJm
My1jZjFkLTRiMzMtODEyMy0zNmE3NjJmYjVlYzEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGMvOWY5YmYz
LWNmMWQtNGIzMy04MTIzLTM2YTc2MmZiNWVjMS8xL3oxNGk1NWl1TVduYXF4enJw
bkM5b2ZfM3RSYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhMowDAZBggrBgEFBQcBCAEB/wQKMAigBjAE
AgI9VTANBgkqhkiG9w0BAQsFAAOCAQEAfSHo4NSM2MXxDwXF0EsVvuqCBJcestPy
HYJVRPbkqkEB6H3K59PBjm5X2Nj/i3RqH2vk6QyoqwGFnZKmvWLLVjttAS6F56Ia
hE2TZCLj1xz7qxgosTro9HCmLOTHRg+LOcHIp/bznzo4gPfr3i/OoItfemii+0lh
pU3ApcfL1rvZ/UFT++Zx2MfrTgw8/od5QZWx7mzc1Qp7DSXJP0uhgBigYtFHW9y4
zjKr5f6afSiM3YVy2HK0LdX5+lJBaLyy7UrI99nO67mRXEuLok1kLnakLsVh77W0
jXbJiYtzml1GrLaYSPXUDeeJ6QPrNDHQIduwY6SP7CwEwVdY3A+nvw==
-----END CERTIFICATE-----