Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jZwH5-jehYsuaBPQD5s5kt9Tgn8.cer
File:                     jZwH5-jehYsuaBPQD5s5kt9Tgn8.cer (raw, json)
Hash identifier:          ldeoayol+4TGnctHReBSO2IUWT29gx9OJG5+/thl8EA=
Subject key identifier:   8D:9C:07:E7:E8:DE:85:8B:2E:68:13:D0:0F:9B:39:92:DF:53:82:7F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D9F8EFB661C2710067C7676F06A103
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7b/e14e2a-a0ea-43d9-b05f-f363c5138702/1/jZwH5-jehYsuaBPQD5s5kt9Tgn8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7b/e14e2a-a0ea-43d9-b05f-f363c5138702/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:50:06 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 206756
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f8:ef:b6:61:c2:71:00:67:c7:67:6f:06:a1:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d9c07e7e8de858b2e6813d00f9b3992df53827f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ce:79:94:1e:88:99:c8:de:23:e8:89:98:c8:
                    12:db:50:54:b3:3a:82:2f:bf:7e:fc:d1:15:a6:18:
                    c4:4b:7e:ae:c7:c7:21:82:1e:dd:7c:5b:1c:3c:38:
                    72:26:6b:20:30:e6:61:a7:86:5a:ef:0b:a5:54:21:
                    80:be:0d:fa:c4:4e:9b:69:20:fc:04:d2:06:4a:f2:
                    78:c3:3c:8c:66:b3:98:3d:fa:0c:68:8f:e5:b7:58:
                    b6:73:78:53:f8:a8:bd:69:18:17:9c:6c:1b:57:f1:
                    f9:38:5d:d9:5c:50:54:ea:bd:0a:f1:92:36:b4:bc:
                    73:c7:fc:8d:f2:86:db:3e:c3:1e:77:1b:83:b5:c5:
                    b3:26:9f:a2:92:ec:58:df:9b:9c:d7:3b:07:78:42:
                    d4:d3:ec:d8:43:32:7a:f8:4b:df:9f:5e:9e:ea:37:
                    1f:3d:0a:3f:67:84:e6:5c:44:3e:2b:cf:02:3c:51:
                    83:1d:5a:19:c5:b6:5b:dd:94:2f:91:47:df:78:db:
                    bd:a4:a1:c3:a4:83:a6:cb:87:84:28:f3:3f:b7:c7:
                    92:17:9b:49:43:68:f0:a0:3d:3f:cd:10:6b:77:c3:
                    1c:09:56:b8:d7:0c:cc:0a:f2:b1:fb:4f:4b:fa:4b:
                    71:b9:3e:3e:99:bd:15:d4:17:ab:07:f4:bb:b6:7d:
                    df:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:9C:07:E7:E8:DE:85:8B:2E:68:13:D0:0F:9B:39:92:DF:53:82:7F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e14e2a-a0ea-43d9-b05f-f363c5138702/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e14e2a-a0ea-43d9-b05f-f363c5138702/1/jZwH5-jehYsuaBPQD5s5kt9Tgn8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206756

    Signature Algorithm: sha256WithRSAEncryption
         70:db:02:65:e9:d3:a8:d5:28:c8:2c:d3:7f:a9:ad:65:5c:81:
         13:bd:24:ce:66:24:66:c7:51:2e:2c:b7:16:5b:df:4b:f9:9e:
         e6:18:6c:6c:a2:ba:31:b3:42:56:2f:b8:d8:2d:0a:f8:81:df:
         94:c0:84:17:11:c1:01:21:e2:a7:1e:95:7f:55:0e:6c:e7:a4:
         e6:9d:b4:54:d0:07:0b:d0:82:f0:b1:ae:81:94:1b:44:d0:0c:
         07:f3:ef:d6:b2:1d:4f:51:d2:65:eb:7e:7c:09:42:1b:0a:4c:
         f6:75:03:ee:97:75:d4:c4:b3:a7:30:82:dd:79:5e:23:d5:9a:
         20:bb:be:c1:b1:65:82:a4:6f:c0:5b:98:0b:7b:b4:96:05:82:
         76:84:1a:b4:94:9a:43:bb:c3:77:a0:3c:c8:4f:0c:c5:cf:de:
         4e:ea:a3:75:f8:68:f2:47:e6:97:64:ff:9f:e0:cf:33:42:ad:
         3e:88:6e:22:09:c5:32:b1:be:e6:75:f8:92:5a:e9:f6:6f:f0:
         0d:a8:39:71:08:d1:25:6d:5c:51:0a:45:da:51:a2:53:93:cc:
         3e:9e:5b:e0:5a:12:5c:a6:ce:48:d2:f8:18:e5:aa:1f:5b:5c:
         8e:e9:0f:bf:66:5a:f0:a6:0c:3f:67:83:b9:d9:4c:99:d5:2c:
         03:3a:3a:82
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQm2fjvtmHCcQBnx2dvBqEDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDljMDdlN2U4ZGU4NThiMmU2ODEzZDAwZjliMzk5MmRmNTM4MjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs855lB6ImcjeI+iJmMgS21BUszqC
L79+/NEVphjES36ux8chgh7dfFscPDhyJmsgMOZhp4Za7wulVCGAvg36xE6baSD8
BNIGSvJ4wzyMZrOYPfoMaI/lt1i2c3hT+Ki9aRgXnGwbV/H5OF3ZXFBU6r0K8ZI2
tLxzx/yN8obbPsMedxuDtcWzJp+ikuxY35uc1zsHeELU0+zYQzJ6+Evfn16e6jcf
PQo/Z4TmXEQ+K88CPFGDHVoZxbZb3ZQvkUffeNu9pKHDpIOmy4eEKPM/t8eSF5tJ
Q2jwoD0/zRBrd8McCVa41wzMCvKx+09L+ktxuT4+mb0V1BerB/S7tn3fBQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFI2cB+fo3oWLLmgT0A+bOZLfU4J/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdiL2UxNGUy
YS1hMGVhLTQzZDktYjA1Zi1mMzYzYzUxMzg3MDIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvZTE0ZTJh
LWEwZWEtNDNkOS1iMDVmLWYzNjNjNTEzODcwMi8xL2pad0g1LWplaFlzdWFCUFFE
NXM1a3Q5VGduOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMnpDANBgkqhkiG9w0BAQsFAAOCAQEAcNsCZenTqNUo
yCzTf6mtZVyBE70kzmYkZsdRLiy3FlvfS/me5hhsbKK6MbNCVi+42C0K+IHflMCE
FxHBASHipx6Vf1UObOek5p20VNAHC9CC8LGugZQbRNAMB/Pv1rIdT1HSZet+fAlC
GwpM9nUD7pd11MSzpzCC3XleI9WaILu+wbFlgqRvwFuYC3u0lgWCdoQatJSaQ7vD
d6A8yE8Mxc/eTuqjdfho8kfml2T/n+DPM0KtPohuIgnFMrG+5nX4klrp9m/wDag5
cQjRJW1cUQpF2lGiU5PMPp5b4FoSXKbOSNL4GOWqH1tcjukPv2Za8KYMP2eDudlM
mdUsAzo6gg==
-----END CERTIFICATE-----