Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8wxX4bfX1otJUdjEfs9Xmj8O8bc.cer
File:                     8wxX4bfX1otJUdjEfs9Xmj8O8bc.cer (raw, json)
Hash identifier:          EbJj/ye985Z9llpJ5A5q4ipawtNYr8WBWvXAEvFIV5Q=
Subject key identifier:   F3:0C:57:E1:B7:D7:D6:8B:49:51:D8:C4:7E:CF:57:9A:3F:0E:F1:B7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019199F2C6CF0DB67572F75D1DBD9B1046FA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/13/933ad8-c0bb-4be1-84a7-1a1dc0890678/1/8wxX4bfX1otJUdjEfs9Xmj8O8bc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/13/933ad8-c0bb-4be1-84a7-1a1dc0890678/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 28 Aug 2024 17:05:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214311

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:99:f2:c6:cf:0d:b6:75:72:f7:5d:1d:bd:9b:10:46:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 28 17:05:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f30c57e1b7d7d68b4951d8c47ecf579a3f0ef1b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b4:06:12:40:47:c5:65:ad:61:07:f3:b5:0c:
                    01:ea:79:33:93:e9:74:3b:4f:bb:9d:42:42:d0:ef:
                    85:f2:28:bb:5e:8e:e8:a6:c8:ac:6d:87:54:7d:68:
                    80:c4:1e:b9:0c:22:25:ae:14:1d:47:8d:28:5b:98:
                    1e:12:ef:e9:f8:1a:06:12:53:96:8e:d0:2e:ec:a8:
                    14:23:d7:2f:6a:51:8b:ea:f3:2f:b3:e0:31:ec:ae:
                    0c:93:d5:57:21:ab:f3:23:74:22:7b:10:1c:33:7d:
                    38:4e:09:72:17:25:f5:15:42:8b:a8:da:64:82:a1:
                    8c:c4:4b:aa:36:e3:3d:fa:c8:c6:42:38:f1:08:5b:
                    0c:99:a2:53:96:35:c3:bb:25:f3:a9:47:cf:50:3a:
                    c3:65:1d:6e:37:b4:3f:25:db:59:c4:8b:2c:0b:b4:
                    fd:01:3a:24:d2:12:13:d0:6c:26:6d:da:84:18:19:
                    16:ca:c2:54:1a:43:b4:8b:bf:24:e2:45:96:3e:5d:
                    1a:6f:73:82:f7:d6:10:1a:b5:20:10:92:57:d4:e1:
                    7d:81:4c:d4:11:fa:48:33:65:b3:4e:8e:f8:c6:ee:
                    96:3a:99:0c:0f:20:1f:4f:01:d8:af:b8:11:f1:33:
                    56:9d:05:29:62:02:1e:b3:e7:cc:db:18:43:c5:a4:
                    52:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:0C:57:E1:B7:D7:D6:8B:49:51:D8:C4:7E:CF:57:9A:3F:0E:F1:B7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/933ad8-c0bb-4be1-84a7-1a1dc0890678/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/933ad8-c0bb-4be1-84a7-1a1dc0890678/1/8wxX4bfX1otJUdjEfs9Xmj8O8bc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214311

    Signature Algorithm: sha256WithRSAEncryption
         41:7f:75:3b:8f:ba:79:fa:8a:83:cd:d4:c3:24:2a:5b:3b:2a:
         7d:9f:10:ac:90:b1:47:f0:4f:c4:d0:d4:99:fd:39:93:b7:a9:
         e7:0f:9a:aa:f3:cd:ef:0a:0b:00:96:a2:69:e0:d5:ed:6e:61:
         5d:24:0f:38:52:58:ba:a0:14:f1:25:88:db:a6:a5:93:d9:c6:
         45:31:fc:47:c5:3a:1d:a8:78:06:1d:a3:2a:0b:47:be:19:cb:
         c9:9e:e2:05:21:1b:c9:03:f2:5b:4f:79:b0:7e:e9:bc:99:0c:
         4b:78:57:61:a9:a8:27:70:54:07:32:48:fe:d1:13:c5:93:5a:
         51:c4:18:70:30:d9:9e:10:24:0e:17:04:cf:d5:39:ea:00:9c:
         40:23:82:49:c1:a3:1c:ca:30:89:5b:8c:c5:52:df:e2:74:18:
         2b:aa:1e:99:e3:96:68:73:2e:2f:ac:71:ad:d7:68:0e:ed:76:
         eb:ce:ac:4c:bd:02:25:d6:93:80:e4:26:8e:fa:5f:bd:7c:8a:
         b5:2d:ed:1b:75:b5:bc:95:3e:a8:ee:3d:48:cf:f7:44:44:f5:
         17:35:b1:bf:ad:44:e0:3d:e8:72:c0:9b:6e:ae:2c:9c:34:8b:
         24:b7:3f:0d:15:45:fc:61:47:c2:11:b2:4c:51:ce:b2:7b:79:
         c5:df:52:25
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZGZ8sbPDbZ1cvddHb2bEEb6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODI4MTcwNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzBjNTdlMWI3ZDdkNjhiNDk1MWQ4YzQ3ZWNmNTc5YTNmMGVmMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7QGEkBHxWWtYQfztQwB6nkzk+l0
O0+7nUJC0O+F8ii7Xo7opsisbYdUfWiAxB65DCIlrhQdR40oW5geEu/p+BoGElOW
jtAu7KgUI9cvalGL6vMvs+Ax7K4Mk9VXIavzI3QiexAcM304TglyFyX1FUKLqNpk
gqGMxEuqNuM9+sjGQjjxCFsMmaJTljXDuyXzqUfPUDrDZR1uN7Q/JdtZxIssC7T9
ATok0hIT0GwmbdqEGBkWysJUGkO0i78k4kWWPl0ab3OC99YQGrUgEJJX1OF9gUzU
EfpIM2WzTo74xu6WOpkMDyAfTwHYr7gR8TNWnQUpYgIes+fM2xhDxaRSQQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFPMMV+G319aLSVHYxH7PV5o/DvG3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEzLzkzM2Fk
OC1jMGJiLTRiZTEtODRhNy0xYTFkYzA4OTA2NzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMvOTMzYWQ4
LWMwYmItNGJlMS04NGE3LTFhMWRjMDg5MDY3OC8xLzh3eFg0YmZYMW90SlVkakVm
czlYbWo4TzhiYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNFJzANBgkqhkiG9w0BAQsFAAOCAQEAQX91O4+6efqK
g83UwyQqWzsqfZ8QrJCxR/BPxNDUmf05k7ep5w+aqvPN7woLAJaiaeDV7W5hXSQP
OFJYuqAU8SWI26alk9nGRTH8R8U6Hah4Bh2jKgtHvhnLyZ7iBSEbyQPyW095sH7p
vJkMS3hXYamoJ3BUBzJI/tETxZNaUcQYcDDZnhAkDhcEz9U56gCcQCOCScGjHMow
iVuMxVLf4nQYK6oemeOWaHMuL6xxrddoDu12686sTL0CJdaTgOQmjvpfvXyKtS3t
G3W1vJU+qO49SM/3RET1FzWxv61E4D3ocsCbbq4snDSLJLc/DRVF/GFHwhGyTFHO
snt5xd9SJQ==
-----END CERTIFICATE-----