Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zUDV6ln4DaYbRIa9mZvhEqGjU4c.cer
File:                     zUDV6ln4DaYbRIa9mZvhEqGjU4c.cer (raw, json)
Hash identifier:          WUQpy2xVnamDjblWYBL8V9FLnACWrEbtYJVbWXgbQ+g=
Subject key identifier:   CD:40:D5:EA:59:F8:0D:A6:1B:44:86:BD:99:9B:E1:12:A1:A3:53:87
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB63D1063898218FF41F25FC6FC5FF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/45/b329eb-fa5b-4fa8-b49b-f623304ed79a/1/zUDV6ln4DaYbRIa9mZvhEqGjU4c.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/45/b329eb-fa5b-4fa8-b49b-f623304ed79a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:30:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 38942
                          IP: 87.239.40.0/21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:63:d1:06:38:98:21:8f:f4:1f:25:fc:6f:c5:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd40d5ea59f80da61b4486bd999be112a1a35387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c1:cb:f2:59:ea:39:f3:b7:86:ab:c0:e5:73:
                    4e:08:96:c5:56:e4:f0:a6:00:0a:fe:6e:5d:72:48:
                    57:0a:dd:63:b0:19:82:8e:24:60:d5:8a:f1:c9:9f:
                    d6:21:8a:bd:95:ca:fb:a8:76:57:56:3b:9c:41:62:
                    b0:b0:e5:4a:8e:38:fa:13:00:ee:be:0d:0e:33:fe:
                    fa:d1:57:ed:20:ec:fa:56:a7:86:75:f0:04:0d:20:
                    da:8d:b4:b9:63:cc:66:53:39:10:9c:c8:f3:bc:de:
                    03:ae:33:57:da:88:65:3d:77:2e:d1:3d:f9:40:19:
                    78:cb:99:11:c9:e6:7b:1d:55:2d:7c:4b:e4:c1:3a:
                    da:ce:27:72:e4:c9:11:8c:c7:20:cc:83:df:2b:3b:
                    83:c4:31:f9:75:46:64:b2:b3:64:23:0f:24:2f:40:
                    38:35:38:0f:49:dd:0e:35:33:42:0c:41:32:1d:6f:
                    38:04:58:69:83:25:1a:3e:05:f1:1b:0a:89:bd:e9:
                    d0:03:88:ce:85:95:d9:6d:12:23:df:fe:d1:4a:c0:
                    08:d1:d0:16:85:8f:76:00:01:3f:ce:b3:16:47:e8:
                    17:be:c6:5c:20:82:9e:a9:02:de:fa:df:06:86:c9:
                    58:e3:02:d0:fd:31:b0:39:d2:cf:f8:71:59:d7:c7:
                    da:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:40:D5:EA:59:F8:0D:A6:1B:44:86:BD:99:9B:E1:12:A1:A3:53:87
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/b329eb-fa5b-4fa8-b49b-f623304ed79a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/b329eb-fa5b-4fa8-b49b-f623304ed79a/1/zUDV6ln4DaYbRIa9mZvhEqGjU4c.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.40.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  38942

    Signature Algorithm: sha256WithRSAEncryption
         34:a3:7d:00:0b:b5:79:4e:6e:e9:b5:39:e8:ec:08:db:89:d5:
         05:d7:18:b5:19:a7:53:bd:12:12:b7:80:5f:98:51:76:60:54:
         14:fc:03:b3:2e:d9:83:b1:a3:1d:ba:5c:5e:c5:9d:6c:47:f7:
         d8:80:ab:aa:dc:46:d7:74:ef:d7:81:36:c0:80:84:2d:27:cd:
         a5:e4:a9:4c:1a:04:1c:ad:9f:32:76:f1:01:9c:cd:6a:4b:dc:
         0e:fe:35:9b:3a:bc:90:d2:ed:c4:0f:bc:4e:1c:09:49:33:ae:
         32:bd:61:d2:b4:36:4a:90:6a:ad:d1:86:89:2c:06:1d:3f:b2:
         40:23:ef:ed:a0:de:d6:57:ca:c0:17:69:35:eb:f5:67:2b:67:
         7b:9c:b7:87:30:ce:e5:46:64:85:f9:0a:33:2a:44:68:ff:c9:
         97:b9:9c:4b:85:d5:31:06:cc:67:87:26:9c:6d:bb:63:02:1b:
         59:d5:66:1a:be:35:b1:81:50:e6:c1:b8:a9:3d:26:91:b7:2f:
         fb:88:7b:e2:ee:12:ee:c7:37:cc:cf:8b:35:75:7a:2b:02:74:
         47:39:53:ca:83:4b:3e:db:90:42:d4:ae:cc:f2:3a:6a:23:16:
         90:33:ec:d8:5a:8f:0b:a2:17:9f:d4:8b:d3:31:86:76:51:c6:
         11:18:2c:b6
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzC22PRBjiYIY/0HyX8b8X/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQwZDVlYTU5ZjgwZGE2MWI0NDg2YmQ5OTliZTExMmExYTM1Mzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusHL8lnqOfO3hqvA5XNOCJbFVuTw
pgAK/m5dckhXCt1jsBmCjiRg1YrxyZ/WIYq9lcr7qHZXVjucQWKwsOVKjjj6EwDu
vg0OM/760VftIOz6VqeGdfAEDSDajbS5Y8xmUzkQnMjzvN4DrjNX2ohlPXcu0T35
QBl4y5kRyeZ7HVUtfEvkwTrazidy5MkRjMcgzIPfKzuDxDH5dUZksrNkIw8kL0A4
NTgPSd0ONTNCDEEyHW84BFhpgyUaPgXxGwqJvenQA4jOhZXZbRIj3/7RSsAI0dAW
hY92AAE/zrMWR+gXvsZcIIKeqQLe+t8GhslY4wLQ/TGwOdLP+HFZ18faywIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFM1A1epZ+A2mG0SGvZmb4RKho1OHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ1L2IzMjll
Yi1mYTViLTRmYTgtYjQ5Yi1mNjIzMzA0ZWQ3OWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvYjMyOWVi
LWZhNWItNGZhOC1iNDliLWY2MjMzMDRlZDc5YS8xL3pVRFY2bG40RGFZYlJJYTlt
WnZoRXFHalU0Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDV+8oMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCYHjANBgkqhkiG9w0BAQsFAAOCAQEANKN9AAu1eU5u6bU56OwI24nVBdcYtRmn
U70SEreAX5hRdmBUFPwDsy7Zg7GjHbpcXsWdbEf32ICrqtxG13Tv14E2wICELSfN
peSpTBoEHK2fMnbxAZzNakvcDv41mzq8kNLtxA+8ThwJSTOuMr1h0rQ2SpBqrdGG
iSwGHT+yQCPv7aDe1lfKwBdpNev1Zytne5y3hzDO5UZkhfkKMypEaP/Jl7mcS4XV
MQbMZ4cmnG27YwIbWdVmGr41sYFQ5sG4qT0mkbcv+4h74u4S7sc3zM+LNXV6KwJ0
RzlTyoNLPtuQQtSuzPI6aiMWkDPs2FqPC6IXn9SL0zGGdlHGERgstg==
-----END CERTIFICATE-----