Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zltbNMXCbMP9SuDC5VH3ks7LbFM.cer
File:                     zltbNMXCbMP9SuDC5VH3ks7LbFM.cer (raw, json)
Hash identifier:          4AzUGzX1jkHyvaimtrIyKw4aTs6yzPGU2xuVxNlWO3E=
Subject key identifier:   CE:5B:5B:34:C5:C2:6C:C3:FD:4A:E0:C2:E5:51:F7:92:CE:CB:6C:53
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DEA01910B1023C65BF661281D6BA66
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7c/e53aa0-5048-408f-a3a8-09cbf7b242c3/1/zltbNMXCbMP9SuDC5VH3ks7LbFM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7c/e53aa0-5048-408f-a3a8-09cbf7b242c3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:31:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210013

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a0:19:10:b1:02:3c:65:bf:66:12:81:d6:ba:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce5b5b34c5c26cc3fd4ae0c2e551f792cecb6c53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:72:e1:b1:50:8f:9f:c4:ab:69:97:2f:e3:ac:
                    a3:a7:82:e2:6d:6d:75:ec:9c:5d:97:23:74:a8:c7:
                    73:b7:d0:b9:96:ef:da:ed:a7:2a:f7:70:14:a7:e7:
                    26:27:74:dd:db:87:2b:01:1e:50:33:74:d5:4c:b2:
                    8c:37:49:79:04:c5:7b:cf:9e:02:e0:d5:7f:63:e9:
                    e8:1a:0d:de:f1:24:ee:67:e7:f1:a8:40:33:0b:b8:
                    b3:b1:28:1a:9b:36:95:c4:75:a6:73:82:56:c2:56:
                    0f:76:50:87:a4:42:f3:0d:93:ac:f0:9b:ec:72:31:
                    b6:61:69:90:c6:ed:2b:fe:c0:85:85:6c:2c:85:59:
                    a4:68:1b:e8:df:07:2a:e5:6c:8a:48:4c:df:2a:14:
                    40:0e:36:5b:2a:4d:e4:96:26:70:a8:e2:1d:75:88:
                    a9:08:9c:5d:ef:49:1e:44:df:95:f3:79:ca:5f:1e:
                    a8:73:a1:99:4b:21:e4:5a:33:07:49:f9:43:4f:98:
                    72:8e:6e:95:52:cb:24:54:4b:2e:73:55:a3:1a:1a:
                    39:38:cf:41:36:8b:06:48:27:1b:ed:da:0c:42:08:
                    92:ad:41:a6:00:09:84:e5:ec:31:d7:20:c3:b1:91:
                    99:1d:a0:fc:94:00:00:9b:d3:5e:63:b6:28:d7:28:
                    12:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:5B:5B:34:C5:C2:6C:C3:FD:4A:E0:C2:E5:51:F7:92:CE:CB:6C:53
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e53aa0-5048-408f-a3a8-09cbf7b242c3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e53aa0-5048-408f-a3a8-09cbf7b242c3/1/zltbNMXCbMP9SuDC5VH3ks7LbFM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210013

    Signature Algorithm: sha256WithRSAEncryption
         46:7c:19:98:5b:ab:d0:94:2d:da:b6:ca:0d:51:63:10:0c:4d:
         4a:2c:d1:41:c9:1f:38:94:33:0a:37:b4:bc:35:8e:d4:42:40:
         72:ad:8d:ad:e1:3a:6d:09:97:0d:0d:4c:c4:05:b8:09:c0:f6:
         ee:86:eb:7c:95:f0:55:d0:db:a1:d3:94:47:e3:41:bc:4c:d5:
         52:32:11:99:c8:39:aa:ca:5b:f6:19:49:86:45:50:7e:8e:4b:
         b2:51:ba:32:10:95:02:9c:95:7c:15:5a:7f:7f:01:02:18:5f:
         df:e7:6b:7e:dc:e8:89:5a:d0:85:d0:e5:2b:5f:31:c5:56:99:
         71:df:56:c2:3c:f5:fb:b1:96:eb:8d:ae:f7:1c:36:16:90:b5:
         d4:d5:5b:3b:d4:ba:0b:62:73:e4:36:82:45:4d:58:91:c3:89:
         9d:17:f6:39:e6:54:a8:12:8e:12:b8:a3:d9:72:7c:e2:6a:20:
         09:46:28:47:64:18:9b:91:ce:78:6c:49:82:6b:77:4e:c4:fb:
         17:0e:9a:d7:0e:37:57:d6:9a:28:cc:ce:a4:63:13:3b:9e:d8:
         a2:e7:01:4b:59:06:47:4e:8f:9d:6e:c8:dc:dc:13:a0:1c:9b:
         41:1d:f0:af:c4:7e:06:1c:35:bc:33:fa:40:de:c6:9f:79:6e:
         c8:d2:e2:73
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzI3qAZELECPGW/ZhKB1rpmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTViNWIzNGM1YzI2Y2MzZmQ0YWUwYzJlNTUxZjc5MmNlY2I2YzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HLhsVCPn8SraZcv46yjp4LibW11
7JxdlyN0qMdzt9C5lu/a7acq93AUp+cmJ3Td24crAR5QM3TVTLKMN0l5BMV7z54C
4NV/Y+noGg3e8STuZ+fxqEAzC7izsSgamzaVxHWmc4JWwlYPdlCHpELzDZOs8Jvs
cjG2YWmQxu0r/sCFhWwshVmkaBvo3wcq5WyKSEzfKhRADjZbKk3kliZwqOIddYip
CJxd70keRN+V83nKXx6oc6GZSyHkWjMHSflDT5hyjm6VUsskVEsuc1WjGho5OM9B
NosGSCcb7doMQgiSrUGmAAmE5ewx1yDDsZGZHaD8lAAAm9NeY7Yo1ygSdQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFM5bWzTFwmzD/UrgwuVR95LOy2xTMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdjL2U1M2Fh
MC01MDQ4LTQwOGYtYTNhOC0wOWNiZjdiMjQyYzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvZTUzYWEw
LTUwNDgtNDA4Zi1hM2E4LTA5Y2JmN2IyNDJjMy8xL3psdGJOTVhDYk1QOVN1REM1
Vkgza3M3TGJGTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM0XTANBgkqhkiG9w0BAQsFAAOCAQEARnwZmFur0JQt
2rbKDVFjEAxNSizRQckfOJQzCje0vDWO1EJAcq2NreE6bQmXDQ1MxAW4CcD27obr
fJXwVdDbodOUR+NBvEzVUjIRmcg5qspb9hlJhkVQfo5LslG6MhCVApyVfBVaf38B
Ahhf3+drftzoiVrQhdDlK18xxVaZcd9Wwjz1+7GW642u9xw2FpC11NVbO9S6C2Jz
5DaCRU1YkcOJnRf2OeZUqBKOErij2XJ84mogCUYoR2QYm5HOeGxJgmt3TsT7Fw6a
1w43V9aaKMzOpGMTO57YoucBS1kGR06PnW7I3NwToBybQR3wr8R+Bhw1vDP6QN7G
n3luyNLicw==
-----END CERTIFICATE-----