Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36U2RiiDKd9mVeJT5WsihIG-lZY.cer
File:                     36U2RiiDKd9mVeJT5WsihIG-lZY.cer (raw, json)
Hash identifier:          QUlPTvtCZC7PbCfTe9C27bTc5N+1Q4XbsWIyx/fOep0=
Subject key identifier:   DF:A5:36:46:28:83:29:DF:66:55:E2:53:E5:6B:22:84:81:BE:95:96
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194236A163EA0518744A1AF63484D3D7A7F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/72/49fe06-36f1-411c-85c3-79afd1188d37/1/36U2RiiDKd9mVeJT5WsihIG-lZY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/72/49fe06-36f1-411c-85c3-79afd1188d37/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:49:02 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213883
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:16:3e:a0:51:87:44:a1:af:63:48:4d:3d:7a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfa53646288329df6655e253e56b228481be9596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:77:ae:5b:78:d7:7f:2f:e0:ae:b0:45:a6:43:
                    0a:60:cd:3e:69:ec:0c:4f:f8:f8:f8:be:61:8b:62:
                    ad:73:cb:39:f6:5d:96:94:31:f0:07:01:c7:16:c6:
                    15:a2:31:1e:d4:07:64:b8:b5:93:24:7b:ba:bc:b8:
                    5a:01:9d:c1:38:ae:28:58:e0:36:81:83:cf:b2:44:
                    d7:ef:d8:73:4e:72:59:4b:f9:91:a7:f1:4b:10:ff:
                    6d:9f:4c:5e:7f:91:6b:ee:0d:34:6d:3b:76:1f:01:
                    e7:a1:bc:13:7a:0e:4b:63:11:e7:4e:01:aa:08:d1:
                    14:af:d4:61:fc:7c:a9:6f:32:21:59:e9:4f:54:b2:
                    e6:50:73:21:08:40:85:e7:37:2d:15:d0:b7:c4:31:
                    58:0f:a2:4e:69:d9:ec:05:b0:cb:96:a6:d1:f0:a4:
                    17:c9:f6:08:d6:7d:1c:93:a1:05:c3:31:a0:b2:2d:
                    7f:69:6a:f5:a0:1c:a4:7d:98:16:25:29:94:24:70:
                    30:8f:6d:6b:10:c9:17:3c:8f:5f:ce:d7:2e:d5:05:
                    08:aa:f3:ed:13:70:6c:f0:ee:6a:85:6c:01:c2:e0:
                    9f:39:64:10:2b:04:55:46:d0:60:4d:fd:a6:bc:4f:
                    88:b0:d0:8d:ef:79:30:71:70:11:83:82:46:4d:b0:
                    06:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A5:36:46:28:83:29:DF:66:55:E2:53:E5:6B:22:84:81:BE:95:96
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/49fe06-36f1-411c-85c3-79afd1188d37/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/49fe06-36f1-411c-85c3-79afd1188d37/1/36U2RiiDKd9mVeJT5WsihIG-lZY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213883

    Signature Algorithm: sha256WithRSAEncryption
         35:30:5f:8b:a4:9e:54:e6:87:79:d2:a3:f1:5b:45:75:d8:e7:
         f2:43:cb:4a:1a:19:bf:70:e5:cb:9d:78:0b:3f:56:ca:ff:00:
         55:d6:e9:ab:17:8b:41:d6:a0:c5:ef:f0:d2:de:cb:6b:5c:a2:
         d4:99:07:42:45:4f:11:88:cf:3e:bf:2e:30:b2:b1:08:49:71:
         c7:52:4d:d0:a4:9b:b6:b8:ea:ea:26:a1:a4:c7:ea:ee:df:ae:
         aa:76:79:65:43:8a:91:49:0a:5a:8b:fd:2e:03:46:46:0e:d1:
         04:fa:9f:91:b4:7c:36:af:17:4d:8a:47:34:11:bf:66:25:45:
         2e:b5:a0:1f:e4:57:ca:3b:f9:ea:55:0f:88:e8:5b:be:7d:3d:
         66:3c:93:68:e4:69:a6:92:cf:d0:88:14:7d:ae:15:20:b3:42:
         ae:ec:14:fa:64:e3:20:28:e4:a3:6e:d5:ef:5a:9b:70:87:27:
         f9:c1:7e:14:84:a8:16:64:5b:59:ee:9a:c0:26:de:6e:03:14:
         77:df:fd:d3:36:94:ce:fb:c0:53:a4:d7:51:ec:d5:a3:56:a3:
         17:78:84:8e:70:2c:86:9b:30:44:82:e8:88:3c:55:3a:26:cc:
         47:8a:30:93:4e:d0:cd:ee:ba:14:90:89:36:28:b8:c3:8a:4e:
         b3:b1:7e:01
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQjahY+oFGHRKGvY0hNPXp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmE1MzY0NjI4ODMyOWRmNjY1NWUyNTNlNTZiMjI4NDgxYmU5NTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXeuW3jXfy/grrBFpkMKYM0+aewM
T/j4+L5hi2Ktc8s59l2WlDHwBwHHFsYVojEe1AdkuLWTJHu6vLhaAZ3BOK4oWOA2
gYPPskTX79hzTnJZS/mRp/FLEP9tn0xef5Fr7g00bTt2HwHnobwTeg5LYxHnTgGq
CNEUr9Rh/HypbzIhWelPVLLmUHMhCECF5zctFdC3xDFYD6JOadnsBbDLlqbR8KQX
yfYI1n0ck6EFwzGgsi1/aWr1oBykfZgWJSmUJHAwj21rEMkXPI9fztcu1QUIqvPt
E3Bs8O5qhWwBwuCfOWQQKwRVRtBgTf2mvE+IsNCN73kwcXARg4JGTbAGswIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFN+lNkYogynfZlXiU+VrIoSBvpWWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcyLzQ5ZmUw
Ni0zNmYxLTQxMWMtODVjMy03OWFmZDExODhkMzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIvNDlmZTA2
LTM2ZjEtNDExYy04NWMzLTc5YWZkMTE4OGQzNy8xLzM2VTJSaWlES2Q5bVZlSlQ1
V3NpaElHLWxaWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNDezANBgkqhkiG9w0BAQsFAAOCAQEANTBfi6SeVOaH
edKj8VtFddjn8kPLShoZv3Dly514Cz9Wyv8AVdbpqxeLQdagxe/w0t7La1yi1JkH
QkVPEYjPPr8uMLKxCElxx1JN0KSbtrjq6iahpMfq7t+uqnZ5ZUOKkUkKWov9LgNG
Rg7RBPqfkbR8Nq8XTYpHNBG/ZiVFLrWgH+RXyjv56lUPiOhbvn09ZjyTaORpppLP
0IgUfa4VILNCruwU+mTjICjko27V71qbcIcn+cF+FISoFmRbWe6awCbebgMUd9/9
0zaUzvvAU6TXUezVo1ajF3iEjnAshpswRILoiDxVOibMR4owk07Qze66FJCJNii4
w4pOs7F+AQ==
-----END CERTIFICATE-----