Certificate

$ rpki-client -vvf dev.tw/rpki/August/10/3FF5D408DA7870E6667792E8F8613A14C6562654.cer
File:                     3FF5D408DA7870E6667792E8F8613A14C6562654.cer (raw, json)
Hash identifier:          AsPFoqyGHQWptRHO31fjKUAIDrVuoJWQk7bnouk+/lg=
Subject key identifier:   3F:F5:D4:08:DA:78:70:E6:66:77:92:E8:F8:61:3A:14:C6:56:26:54
Authority key identifier: 1D:71:08:A1:2E:33:39:EA:0B:02:37:F0:AC:54:4A:EA:EB:6B:DA:D3
Certificate issuer:       /CN=1d7108a12e3339ea0b0237f0ac544aeaeb6bdad3
Certificate serial:       44948624BBBC9E59347A1D9F41FDFB526846A855
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HXEIoS4zOeoLAjfwrFRK6utr2tM.cer
Manifest:                 rsync://rpki.co/repo/AS945/4/3FF5D408DA7870E6667792E8F8613A14C6562654.mft
caRepository:             rsync://rpki.co/repo/AS945/4/
Notify URL:               https://rrdp.rpki.co/rrdp/notification.xml
Certificate not before:   Sun 15 Oct 2023 19:20:33 +0000
Certificate not after:    Sun 13 Oct 2024 19:25:33 +0000
Subordinate resources:    AS: 49867

Validation:               OK
Signature path:           rsync://dev.tw/rpki/August/10/1D7108A12E3339EA0B0237F0AC544AEAEB6BDAD3.crl
                          rsync://dev.tw/rpki/August/10/1D7108A12E3339EA0B0237F0AC544AEAEB6BDAD3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HXEIoS4zOeoLAjfwrFRK6utr2tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 17:37:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:94:86:24:bb:bc:9e:59:34:7a:1d:9f:41:fd:fb:52:68:46:a8:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d7108a12e3339ea0b0237f0ac544aeaeb6bdad3
        Validity
            Not Before: Oct 15 19:20:33 2023 GMT
            Not After : Oct 13 19:25:33 2024 GMT
        Subject: CN=3FF5D408DA7870E6667792E8F8613A14C6562654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:09:7c:5b:33:6d:59:f0:92:e8:d5:6a:e8:c8:
                    47:fd:9f:aa:23:15:35:c3:5c:e0:36:32:9c:e3:04:
                    1f:58:e0:dd:64:e8:54:b3:09:ad:e6:89:11:34:f4:
                    a8:92:e8:f9:72:8b:d0:0a:7b:4b:0d:72:62:6f:c8:
                    44:6b:b9:a4:fb:1a:32:87:c8:5b:55:ef:a2:9c:cd:
                    83:10:5d:6a:eb:75:bf:f9:8f:c7:19:f2:7c:bc:e3:
                    c9:73:a4:d3:64:8a:d4:4e:f8:8a:2b:ef:9f:a9:55:
                    76:c3:16:41:18:10:b9:a4:6d:31:a8:44:1f:92:5b:
                    02:ed:3f:23:55:dc:6d:ba:e2:13:9d:8c:59:f1:c4:
                    03:01:b9:d7:d8:a7:03:5f:52:e7:39:49:50:64:b0:
                    42:72:76:84:9e:ad:97:01:c8:8b:f9:47:5d:16:84:
                    c9:51:80:be:8d:df:8c:2b:9e:85:5d:25:ba:f4:f3:
                    7a:25:c6:a5:2d:45:2c:94:0e:cb:48:7c:c1:76:7c:
                    e1:62:d4:e2:8b:7f:c8:17:4e:2f:7b:ea:9d:c4:ea:
                    20:47:53:28:67:a6:35:6f:a3:e5:76:63:57:67:e2:
                    3a:a9:96:d2:f0:73:37:4e:91:5c:ca:f5:4f:0d:db:
                    91:28:ec:72:db:6d:c3:9e:cb:1d:73:7b:5c:30:6e:
                    1e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                3F:F5:D4:08:DA:78:70:E6:66:77:92:E8:F8:61:3A:14:C6:56:26:54
            X509v3 Authority Key Identifier:
                keyid:1D:71:08:A1:2E:33:39:EA:0B:02:37:F0:AC:54:4A:EA:EB:6B:DA:D3

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/August/10/1D7108A12E3339EA0B0237F0AC544AEAEB6BDAD3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HXEIoS4zOeoLAjfwrFRK6utr2tM.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.co/repo/AS945/4/
                RPKI Manifest - URI:rsync://rpki.co/repo/AS945/4/3FF5D408DA7870E6667792E8F8613A14C6562654.mft
                RPKI Notify - URI:https://rrdp.rpki.co/rrdp/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49867

    Signature Algorithm: sha256WithRSAEncryption
         bd:01:99:b0:49:39:02:05:7c:d2:2c:7e:b8:c2:b8:31:e9:53:
         28:b6:b0:b8:f8:15:4b:b7:7a:d1:86:4c:c4:41:c7:72:ed:a8:
         c5:b7:d0:60:be:49:8d:7e:91:78:98:ea:ea:ea:be:07:67:2a:
         ac:8c:45:d3:0f:9d:11:eb:85:15:43:d7:98:b1:ba:d6:fe:f8:
         4e:cf:4a:90:e6:56:21:91:d0:4b:b0:95:04:f5:96:20:19:aa:
         38:be:45:d9:b0:1a:6d:3e:09:dc:d8:e5:b1:50:13:19:95:09:
         88:d3:2f:6d:45:2a:bb:eb:43:96:26:4c:8b:d4:66:e9:a9:1b:
         d4:6a:6b:cc:5d:a9:11:fd:9e:65:d2:22:64:be:1e:cb:8b:e2:
         a5:a4:3a:ed:d1:44:f3:f9:b9:42:15:1f:f2:c5:ca:0e:ca:b3:
         ac:52:88:f1:59:67:41:92:0e:4b:52:b4:5b:b8:6b:ab:d8:52:
         5c:d0:b7:95:5b:9a:de:fb:e2:e5:3c:41:ce:3e:31:55:85:a9:
         79:36:34:78:d8:f2:7c:65:6a:e4:23:cb:ee:07:c2:1a:5d:f0:
         ca:9b:db:af:92:08:65:70:9e:0e:be:05:97:24:12:aa:ff:9a:
         03:bd:95:08:1f:d3:dc:99:78:21:83:d2:03:45:b9:4e:fd:23:
         6f:32:7b:32
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIURJSGJLu8nlk0eh2fQf37UmhGqFUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWQ3MTA4YTEyZTMzMzllYTBiMDIzN2YwYWM1NDRhZWFl
YjZiZGFkMzAeFw0yMzEwMTUxOTIwMzNaFw0yNDEwMTMxOTI1MzNaMDMxMTAvBgNV
BAMTKDNGRjVENDA4REE3ODcwRTY2Njc3OTJFOEY4NjEzQTE0QzY1NjI2NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSCXxbM21Z8JLo1WroyEf9n6oj
FTXDXOA2MpzjBB9Y4N1k6FSzCa3miRE09KiS6Plyi9AKe0sNcmJvyERruaT7GjKH
yFtV76KczYMQXWrrdb/5j8cZ8ny848lzpNNkitRO+Ior75+pVXbDFkEYELmkbTGo
RB+SWwLtPyNV3G264hOdjFnxxAMBudfYpwNfUuc5SVBksEJydoSerZcByIv5R10W
hMlRgL6N34wrnoVdJbr083olxqUtRSyUDstIfMF2fOFi1OKLf8gXTi976p3E6iBH
UyhnpjVvo+V2Y1dn4jqpltLwczdOkVzK9U8N25Eo7HLbbcOeyx1ze1wwbh6XAgMB
AAGjggIrMIICJzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ/9dQI2nhw5mZ3
kuj4YToUxlYmVDAfBgNVHSMEGDAWgBQdcQihLjM56gsCN/CsVErq62va0zAOBgNV
HQ8BAf8EBAMCAQYwWwYDVR0fBFQwUjBQoE6gTIZKcnN5bmM6Ly9kZXYudHcvcnBr
aS9BdWd1c3QvMTAvMUQ3MTA4QTEyRTMzMzlFQTBCMDIzN0YwQUM1NDRBRUFFQjZC
REFEMy5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0hYRUlvUzR6T2VvTEFqZndy
RlJLNnV0cjJ0TS5jZXIwgcoGCCsGAQUFBwELBIG9MIG6MCkGCCsGAQUFBzAFhh1y
c3luYzovL3Jwa2kuY28vcmVwby9BUzk0NS80LzBVBggrBgEFBQcwCoZJcnN5bmM6
Ly9ycGtpLmNvL3JlcG8vQVM5NDUvNC8zRkY1RDQwOERBNzg3MEU2NjY3NzkyRThG
ODYxM0ExNEM2NTYyNjU0Lm1mdDA2BggrBgEFBQcwDYYqaHR0cHM6Ly9ycmRwLnJw
a2kuY28vcnJkcC9ub3RpZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQIDAMLLMA0GCSqGSIb3DQEBCwUA
A4IBAQC9AZmwSTkCBXzSLH64wrgx6VMotrC4+BVLt3rRhkzEQcdy7ajFt9BgvkmN
fpF4mOrq6r4HZyqsjEXTD50R64UVQ9eYsbrW/vhOz0qQ5lYhkdBLsJUE9ZYgGao4
vkXZsBptPgnc2OWxUBMZlQmI0y9tRSq760OWJkyL1GbpqRvUamvMXakR/Z5l0iJk
vh7Li+KlpDrt0UTz+blCFR/yxcoOyrOsUojxWWdBkg5LUrRbuGur2FJc0LeVW5re
++LlPEHOPjFVhal5NjR42PJ8ZWrkI8vuB8IaXfDKm9uvkghlcJ4OvgWXJBKq/5oD
vZUIH9PcmXghg9IDRblO/SNvMnsy
-----END CERTIFICATE-----