Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/s8B44UnZdBQ0_Yh3q0ztRtwnINo.cer
File:                     s8B44UnZdBQ0_Yh3q0ztRtwnINo.cer (raw, json)
Hash identifier:          RSFwyVKGn+UAbMycPRus1aXm5CTgs3H+YK965+OOrZk=
Subject key identifier:   B3:C0:78:E1:49:D9:74:14:34:FD:88:77:AB:4C:ED:46:DC:27:20:DA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019039A8E1FF24782B5C7023E7BD5D2A4B0E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/0/B3C078E149D9741434FD8877AB4CED46DC2720DA.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 21 Jun 2024 07:18:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215147

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Oct 2024 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:39:a8:e1:ff:24:78:2b:5c:70:23:e7:bd:5d:2a:4b:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 21 07:18:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3c078e149d9741434fd8877ab4ced46dc2720da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:88:1c:47:c4:04:a6:f3:2a:1b:a9:b3:6d:e7:
                    81:4d:4f:f0:6f:d2:44:26:f0:48:d7:78:3f:48:10:
                    3d:b7:a8:b4:11:fb:91:e0:a5:3a:92:f0:1e:63:aa:
                    66:ec:cb:06:de:50:96:26:88:f3:68:fd:65:c0:07:
                    a7:9e:5c:93:df:b3:71:99:ee:13:b9:ba:2e:6e:cc:
                    44:08:1f:b6:07:46:d9:8c:b0:8a:cf:b4:0e:8a:55:
                    27:80:03:ae:75:aa:2f:65:03:7a:c1:bf:9d:8e:31:
                    9b:4b:96:c5:9b:35:3d:86:33:f1:5b:bc:a8:b1:9c:
                    45:00:22:6f:de:c4:56:ec:07:8a:0d:1a:2e:0d:08:
                    5e:af:09:3f:01:1b:52:88:5b:94:ae:92:14:d5:00:
                    db:52:2a:10:b1:79:9d:ce:b5:26:3d:0b:be:d5:76:
                    93:50:9a:b2:f7:85:f4:89:b4:32:98:a4:ad:c4:26:
                    12:bb:e0:67:c5:58:f5:56:0c:3e:4b:13:29:e5:7d:
                    66:31:62:88:d0:69:93:6d:9f:41:96:16:57:7b:e6:
                    75:53:7b:9b:8b:23:a1:76:c9:68:24:a1:a7:5a:26:
                    a8:f9:c7:cc:de:65:1d:75:8a:3e:38:28:da:e8:87:
                    7d:6e:2a:73:6f:c0:e4:f9:90:87:a5:3d:77:a2:ba:
                    7d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C0:78:E1:49:D9:74:14:34:FD:88:77:AB:4C:ED:46:DC:27:20:DA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/0/B3C078E149D9741434FD8877AB4CED46DC2720DA.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215147

    Signature Algorithm: sha256WithRSAEncryption
         25:6c:4c:95:d6:c5:2e:db:b1:22:03:46:0e:14:4d:3d:85:63:
         23:08:87:18:01:0f:58:cc:a1:32:63:03:b7:38:50:c7:91:ec:
         2b:bb:c3:9f:67:a6:b0:f6:69:c4:49:1c:09:b1:50:25:95:b0:
         d2:37:d4:4f:42:0b:c8:33:84:7b:38:91:92:3d:f7:5f:16:c8:
         63:58:58:0d:9f:aa:89:8b:71:5a:8c:10:88:d8:aa:24:c8:fb:
         ee:67:87:c6:90:ef:12:c0:4d:9e:7a:e7:74:f9:fd:9d:74:17:
         3e:a0:64:9f:f0:85:86:f3:75:2e:63:47:b1:dd:3a:1a:cf:6b:
         88:82:c8:f8:9f:38:1a:02:63:02:e0:e8:31:61:d5:1c:1c:09:
         a3:5c:8e:ac:04:01:66:62:78:c7:d4:86:5c:83:bb:ea:20:dd:
         a0:f1:7a:11:61:50:18:83:08:4b:7b:f8:71:1d:98:61:4c:d3:
         50:08:6d:d3:fc:93:e6:28:00:d1:30:e1:4c:e9:ab:12:80:3a:
         25:6e:7d:97:2e:fd:11:69:fa:f8:1b:89:41:86:b5:31:ff:51:
         e8:dd:9f:19:de:6d:1f:d1:1c:de:ab:00:45:2c:2a:e5:03:c5:
         80:c7:8c:84:c2:69:5d:a5:27:9d:d4:d4:ee:29:20:fa:cd:72:
         6e:46:d2:92
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZA5qOH/JHgrXHAj571dKksOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjIxMDcxODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2MwNzhlMTQ5ZDk3NDE0MzRmZDg4NzdhYjRjZWQ0NmRjMjcyMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYgcR8QEpvMqG6mzbeeBTU/wb9JE
JvBI13g/SBA9t6i0EfuR4KU6kvAeY6pm7MsG3lCWJojzaP1lwAennlyT37Nxme4T
uboubsxECB+2B0bZjLCKz7QOilUngAOudaovZQN6wb+djjGbS5bFmzU9hjPxW7yo
sZxFACJv3sRW7AeKDRouDQherwk/ARtSiFuUrpIU1QDbUioQsXmdzrUmPQu+1XaT
UJqy94X0ibQymKStxCYSu+BnxVj1Vgw+SxMp5X1mMWKI0GmTbZ9BlhZXe+Z1U3ub
iyOhdsloJKGnWiao+cfM3mUddYo+OCja6Id9bipzb8Dk+ZCHpT13orp9XwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFLPAeOFJ2XQUNP2Id6tM7UbcJyDaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY4YWJh
YmJiLWYwNDgtNGRlMS05MjA2LThkNDBmMDcxODA4Yi8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNjhh
YmFiYmItZjA0OC00ZGUxLTkyMDYtOGQ0MGYwNzE4MDhiLzAvQjNDMDc4RTE0OUQ5
NzQxNDM0RkQ4ODc3QUI0Q0VENDZEQzI3MjBEQS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDSGsw
DQYJKoZIhvcNAQELBQADggEBACVsTJXWxS7bsSIDRg4UTT2FYyMIhxgBD1jMoTJj
A7c4UMeR7Cu7w59nprD2acRJHAmxUCWVsNI31E9CC8gzhHs4kZI9918WyGNYWA2f
qomLcVqMEIjYqiTI++5nh8aQ7xLATZ5653T5/Z10Fz6gZJ/whYbzdS5jR7HdOhrP
a4iCyPifOBoCYwLg6DFh1RwcCaNcjqwEAWZieMfUhlyDu+og3aDxehFhUBiDCEt7
+HEdmGFM01AIbdP8k+YoANEw4UzpqxKAOiVufZcu/RFp+vgbiUGGtTH/Uejdnxne
bR/RHN6rAEUsKuUDxYDHjITCaV2lJ53U1O4pIPrNcm5G0pI=
-----END CERTIFICATE-----