Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FS_tsCWmy9JIaEGaDLVinUhjWRc.cer
File:                     FS_tsCWmy9JIaEGaDLVinUhjWRc.cer (raw, json)
Hash identifier:          PxtAM7OnXhJCLiJmOk57vM58pcGwnWD2f5XqmcPjYzQ=
Subject key identifier:   15:2F:ED:B0:25:A6:CB:D2:48:68:41:9A:0C:B5:62:9D:48:63:59:17
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A98BBA9F9556F71143D472B861F0C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/FS_tsCWmy9JIaEGaDLVinUhjWRc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 57958
                          IP: 164.138.232.0/21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:98:bb:a9:f9:55:6f:71:14:3d:47:2b:86:1f:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=152fedb025a6cbd24868419a0cb5629d48635917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0a:d5:00:71:16:31:93:ae:3a:ad:25:b6:5f:
                    d5:00:df:99:9a:bf:05:ad:d7:c3:74:17:67:76:e8:
                    1b:6e:c2:cb:5a:59:87:46:a7:fe:d3:b2:e6:3a:6e:
                    3c:8b:3b:75:b0:91:3a:61:bb:d1:2d:a3:11:82:43:
                    a5:0f:09:1f:03:34:06:cc:82:4f:f2:d7:b7:4e:7d:
                    34:5d:dc:5e:7d:f6:a7:06:e1:9a:97:26:de:a7:01:
                    19:35:25:82:ed:56:81:eb:38:da:96:b3:8d:1b:c6:
                    33:65:d7:04:97:72:6f:c7:4f:6b:a5:0a:9e:b5:cf:
                    a4:20:50:13:09:35:f0:fe:59:f6:02:25:cc:7e:46:
                    d3:1b:56:b7:ae:a1:b2:1f:97:d0:c1:3e:4a:47:f2:
                    cb:cf:d6:27:6d:f8:c6:df:37:23:fb:bb:c4:e7:39:
                    1a:3c:35:88:c0:48:22:89:a7:62:6b:0f:c4:1a:0d:
                    44:ce:bb:67:81:b5:91:a9:0c:95:60:20:5f:d8:ab:
                    d7:29:42:5a:02:57:ae:05:9e:f5:8a:8f:70:ac:ce:
                    e3:d3:c3:cc:93:75:29:30:34:e8:24:d9:51:21:b9:
                    89:8f:1c:05:cb:79:8b:03:2e:0d:51:d5:05:69:72:
                    27:c8:6a:a6:4a:59:10:4e:bd:a2:9d:bc:20:5a:bd:
                    5c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:2F:ED:B0:25:A6:CB:D2:48:68:41:9A:0C:B5:62:9D:48:63:59:17
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/FS_tsCWmy9JIaEGaDLVinUhjWRc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.232.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57958

    Signature Algorithm: sha256WithRSAEncryption
         93:f0:9d:6e:d1:c1:7c:23:d3:c2:86:1a:a9:18:37:fa:40:1d:
         e6:57:71:1b:94:6f:0f:0f:6b:55:b2:15:72:bd:f6:28:7a:13:
         8f:b0:14:ab:c8:1c:ec:2b:8f:a4:a8:e4:20:90:a1:c7:94:f1:
         38:ce:a3:9b:20:91:14:04:ae:c4:d6:af:75:b5:34:d7:9c:f9:
         43:65:c8:ef:24:d7:76:38:70:85:4c:9a:f2:6a:fa:1f:98:15:
         2f:33:4c:58:14:79:49:97:39:35:f3:e5:e8:77:79:61:6b:67:
         5f:8c:12:6a:72:1a:2d:64:db:78:68:db:90:ea:4b:a4:b1:c0:
         61:76:4b:df:ba:d1:1b:b1:05:dc:1a:ab:ca:69:01:ba:3d:23:
         cf:65:e6:bf:db:13:11:84:ef:cd:6f:59:aa:36:ac:24:7c:aa:
         12:8c:65:2e:be:b8:f3:3a:4a:89:75:ef:c6:7a:97:6d:d6:f0:
         98:2c:58:f6:7d:a8:cc:06:ce:11:14:cd:cd:b8:86:15:16:3e:
         fe:ad:be:0c:26:1d:0a:31:e4:c3:35:f1:f1:e5:20:22:7e:97:
         4b:b5:12:44:11:12:55:74:c6:80:7a:94:46:02:c5:68:ea:ec:
         b1:9f:94:d6:b1:73:e8:34:01:db:98:ff:82:d4:c6:84:09:1e:
         d4:49:16:67
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzKKpi7qflVb3EUPUcrhh8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTJmZWRiMDI1YTZjYmQyNDg2ODQxOWEwY2I1NjI5ZDQ4NjM1OTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuArVAHEWMZOuOq0ltl/VAN+Zmr8F
rdfDdBdndugbbsLLWlmHRqf+07LmOm48izt1sJE6YbvRLaMRgkOlDwkfAzQGzIJP
8te3Tn00XdxeffanBuGalybepwEZNSWC7VaB6zjalrONG8YzZdcEl3Jvx09rpQqe
tc+kIFATCTXw/ln2AiXMfkbTG1a3rqGyH5fQwT5KR/LLz9YnbfjG3zcj+7vE5zka
PDWIwEgiiadiaw/EGg1EzrtngbWRqQyVYCBf2KvXKUJaAleuBZ71io9wrM7j08PM
k3UpMDToJNlRIbmJjxwFy3mLAy4NUdUFaXInyGqmSlkQTr2inbwgWr1cnwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBUv7bAlpsvSSGhBmgy1Yp1IY1kXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I4L2E1OWI2
ZC0wMjM5LTQyMTEtOWJiYi0xYTIxMjE5ZTkxMDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgvYTU5YjZk
LTAyMzktNDIxMS05YmJiLTFhMjEyMTllOTEwMC8xL0ZTX3RzQ1dteTlKSWFFR2FE
TFZpblVoaldSYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDpIroMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDiZjANBgkqhkiG9w0BAQsFAAOCAQEAk/CdbtHBfCPTwoYaqRg3+kAd5ldxG5Rv
Dw9rVbIVcr32KHoTj7AUq8gc7CuPpKjkIJChx5TxOM6jmyCRFASuxNavdbU015z5
Q2XI7yTXdjhwhUya8mr6H5gVLzNMWBR5SZc5NfPl6Hd5YWtnX4wSanIaLWTbeGjb
kOpLpLHAYXZL37rRG7EF3BqrymkBuj0jz2Xmv9sTEYTvzW9ZqjasJHyqEoxlLr64
8zpKiXXvxnqXbdbwmCxY9n2ozAbOERTNzbiGFRY+/q2+DCYdCjHkwzXx8eUgIn6X
S7USRBESVXTGgHqURgLFaOrssZ+U1rFz6DQB25j/gtTGhAke1EkWZw==
-----END CERTIFICATE-----