Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8Ss4HgDWFiGsxFzxij5wWX1bkYY.cer
File:                     8Ss4HgDWFiGsxFzxij5wWX1bkYY.cer (raw, json)
Hash identifier:          QnwZj74ke6+mZUjdtWlIlfF2qieaS8BDcbcOxTVLSvw=
Subject key identifier:   F1:2B:38:1E:00:D6:16:21:AC:C4:5C:F1:8A:3E:70:59:7D:5B:91:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420685BA460F31D13665E0F29327D6B95
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d9/8b2c9f-15ce-434e-be93-5d436cef608f/1/8Ss4HgDWFiGsxFzxij5wWX1bkYY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d9/8b2c9f-15ce-434e-be93-5d436cef608f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208074
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:5b:a4:60:f3:1d:13:66:5e:0f:29:32:7d:6b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f12b381e00d61621acc45cf18a3e70597d5b9186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:96:00:77:9c:b7:19:af:89:7f:ea:33:b3:16:
                    47:04:73:bb:6d:b8:6a:d2:4c:0c:34:32:ff:aa:52:
                    ca:67:2a:82:93:21:82:14:4c:b4:23:d6:8c:f6:72:
                    6f:51:c2:fd:0b:78:ce:59:54:c5:c2:dc:93:b8:9b:
                    c1:7f:7f:0f:60:c9:46:24:ce:04:1c:8f:48:54:d0:
                    f5:f3:b4:13:d2:05:94:87:e8:a3:97:20:e6:5d:80:
                    92:1e:45:f2:78:ce:3e:35:5c:da:13:b3:db:bb:29:
                    51:1d:7e:57:b1:51:83:99:21:39:16:c1:d8:a5:b7:
                    f1:9d:08:aa:da:af:cd:29:22:e6:e8:98:9d:e4:08:
                    1f:d3:6d:e0:32:da:17:f4:ac:3f:bd:86:6f:4b:99:
                    ce:99:a0:ee:f6:cd:8d:ae:20:ef:30:da:6a:ae:ce:
                    9e:4f:55:a4:2e:7a:40:95:f4:7c:e2:8b:78:5f:7c:
                    7f:9f:25:44:34:74:d0:4e:dd:d7:ec:1b:8e:85:81:
                    e7:7e:54:d0:3c:e0:c0:ec:63:cd:37:f2:46:02:4c:
                    88:d3:ec:ca:fc:c4:ff:b0:d3:14:22:0f:cd:8b:13:
                    6d:5a:0a:99:71:d2:21:46:a6:e1:0b:55:75:2b:d7:
                    a1:7c:b8:41:da:e7:46:c5:b6:ad:7b:4b:1e:49:bc:
                    1b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:2B:38:1E:00:D6:16:21:AC:C4:5C:F1:8A:3E:70:59:7D:5B:91:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/8b2c9f-15ce-434e-be93-5d436cef608f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/8b2c9f-15ce-434e-be93-5d436cef608f/1/8Ss4HgDWFiGsxFzxij5wWX1bkYY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208074

    Signature Algorithm: sha256WithRSAEncryption
         79:3f:49:35:94:17:ff:57:20:ae:83:9e:c5:31:fd:c8:1e:81:
         cb:dd:fe:7f:9c:38:0b:39:d6:b6:c2:87:17:1e:6a:0f:ff:41:
         b7:c5:57:08:be:23:fb:c9:14:3d:e6:ad:11:20:52:9b:27:0d:
         c8:43:f3:a9:1d:9a:c8:e9:c5:66:6d:0f:36:c3:6f:a4:dd:1b:
         38:25:54:5b:7a:f7:6e:3d:d9:d1:0e:ce:34:9e:e4:30:38:84:
         ab:50:a3:dd:c2:a8:c1:18:08:2c:1f:ac:85:da:14:97:9b:7c:
         3a:33:27:87:80:49:9d:7f:99:d6:d9:95:53:24:e3:32:eb:25:
         c3:a6:3a:4c:15:7f:3c:f5:56:02:37:96:a0:81:a7:52:d7:84:
         16:13:5b:81:ad:2c:4b:7f:68:04:b8:f6:ac:45:17:d5:7b:0e:
         0c:77:36:97:df:ea:50:e4:d6:d8:51:77:c3:c9:7e:47:f7:a8:
         91:0b:d4:59:08:ae:0d:39:a7:e9:6a:63:0d:86:da:95:ac:19:
         9f:ce:f3:14:03:8d:1a:86:21:e7:55:0e:3e:31:1f:3d:96:3a:
         2a:5f:ef:f8:9a:de:ae:80:0b:77:ef:2e:26:fb:2f:91:42:7e:
         2c:f5:c6:be:ea:0c:8e:0d:a9:97:8c:b5:66:03:91:15:99:f4:
         91:45:c7:77
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQgaFukYPMdE2ZeDykyfWuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTJiMzgxZTAwZDYxNjIxYWNjNDVjZjE4YTNlNzA1OTdkNWI5MTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5YAd5y3Ga+Jf+ozsxZHBHO7bbhq
0kwMNDL/qlLKZyqCkyGCFEy0I9aM9nJvUcL9C3jOWVTFwtyTuJvBf38PYMlGJM4E
HI9IVND187QT0gWUh+ijlyDmXYCSHkXyeM4+NVzaE7PbuylRHX5XsVGDmSE5FsHY
pbfxnQiq2q/NKSLm6Jid5Agf023gMtoX9Kw/vYZvS5nOmaDu9s2NriDvMNpqrs6e
T1WkLnpAlfR84ot4X3x/nyVENHTQTt3X7BuOhYHnflTQPODA7GPNN/JGAkyI0+zK
/MT/sNMUIg/NixNtWgqZcdIhRqbhC1V1K9ehfLhB2udGxbate0seSbwb+wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFPErOB4A1hYhrMRc8Yo+cFl9W5GGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q5LzhiMmM5
Zi0xNWNlLTQzNGUtYmU5My01ZDQzNmNlZjYwOGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDkvOGIyYzlm
LTE1Y2UtNDM0ZS1iZTkzLTVkNDM2Y2VmNjA4Zi8xLzhTczRIZ0RXRmlHc3hGenhp
ajV3V1gxYmtZWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMsyjANBgkqhkiG9w0BAQsFAAOCAQEAeT9JNZQX/1cg
roOexTH9yB6By93+f5w4CznWtsKHFx5qD/9Bt8VXCL4j+8kUPeatESBSmycNyEPz
qR2ayOnFZm0PNsNvpN0bOCVUW3r3bj3Z0Q7ONJ7kMDiEq1Cj3cKowRgILB+shdoU
l5t8OjMnh4BJnX+Z1tmVUyTjMuslw6Y6TBV/PPVWAjeWoIGnUteEFhNbga0sS39o
BLj2rEUX1XsODHc2l9/qUOTW2FF3w8l+R/eokQvUWQiuDTmn6WpjDYbalawZn87z
FAONGoYh51UOPjEfPZY6Kl/v+JreroALd+8uJvsvkUJ+LPXGvuoMjg2pl4y1ZgOR
FZn0kUXHdw==
-----END CERTIFICATE-----