Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0z3ubd_dv6ge6rxEHFPnAvklgWU.cer
File:                     0z3ubd_dv6ge6rxEHFPnAvklgWU.cer (raw, json)
Hash identifier:          IYJ1AuFZv+DJ/vykFZbj88aE+Udtyb2bWKliq0cTSQc=
Subject key identifier:   D3:3D:EE:6D:DF:DD:BF:A8:1E:EA:BC:44:1C:53:E7:02:F9:25:81:65
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DEBC162808D0FE466C747CA8FB7351
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c6/4eae11-8dc8-4aa0-87fb-1bcbb106ecfb/1/0z3ubd_dv6ge6rxEHFPnAvklgWU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c6/4eae11-8dc8-4aa0-87fb-1bcbb106ecfb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:31:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212706

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:bc:16:28:08:d0:fe:46:6c:74:7c:a8:fb:73:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d33dee6ddfddbfa81eeabc441c53e702f9258165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a4:32:2b:dc:f0:17:a1:05:4f:9e:f9:12:0f:
                    b2:29:52:ee:da:12:42:2c:7f:1c:27:63:9c:0b:42:
                    e7:25:5e:74:e3:1c:3a:a4:40:51:db:4d:8e:f9:b3:
                    48:cf:ab:97:ae:ce:06:7b:4e:8a:fd:60:f6:b3:97:
                    f4:7c:4e:05:70:88:3c:46:2f:ba:6f:94:d8:6a:83:
                    5b:94:73:a1:66:e5:b4:d5:d4:fa:79:fc:45:6b:a7:
                    5d:58:0c:86:af:c4:cc:ad:62:43:89:fe:32:85:06:
                    fd:f1:be:f0:e4:ef:77:b8:b7:29:18:82:2b:ad:dc:
                    ee:d4:cb:83:b0:53:3c:e2:d9:8e:67:64:bd:49:16:
                    5d:ac:81:01:80:41:b5:36:1e:4f:f0:7b:9e:7c:e9:
                    a3:9d:55:59:0f:98:d2:8b:84:bb:8d:41:f1:4c:19:
                    73:d7:6f:a1:15:bd:20:31:8b:09:f1:9c:cf:44:0a:
                    59:6e:33:1e:03:6f:a4:5f:9e:0d:34:0c:a2:9d:0c:
                    58:93:73:fe:9a:1b:67:4f:2e:f9:74:a9:33:78:d5:
                    b0:c8:4a:7c:d8:d6:cd:6c:83:a6:01:2a:4b:14:b5:
                    9c:c7:91:57:de:dc:38:6b:42:10:7c:ec:fe:d1:2f:
                    5b:be:17:66:6f:55:ed:a7:8b:b2:87:df:57:80:1e:
                    98:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:3D:EE:6D:DF:DD:BF:A8:1E:EA:BC:44:1C:53:E7:02:F9:25:81:65
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/4eae11-8dc8-4aa0-87fb-1bcbb106ecfb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/4eae11-8dc8-4aa0-87fb-1bcbb106ecfb/1/0z3ubd_dv6ge6rxEHFPnAvklgWU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212706

    Signature Algorithm: sha256WithRSAEncryption
         3d:b6:e1:0e:c5:8d:94:a2:f6:4e:d5:56:be:b3:63:d3:ce:96:
         a3:50:da:ab:ec:ed:b5:06:94:d4:25:0f:d4:97:79:e9:7a:d6:
         8f:fd:d7:05:a7:8b:fe:60:d6:0f:40:34:f3:30:b0:33:2a:84:
         c3:c1:5b:c1:31:60:53:89:7b:e2:c1:08:a9:4a:9a:4d:5a:62:
         a2:13:9f:0b:a4:02:06:0c:62:71:18:a6:5b:67:4d:58:7b:24:
         c4:f8:f1:e5:a8:1a:ea:88:23:40:1b:54:02:7e:ed:52:b3:98:
         e3:da:6c:ed:11:b3:87:d2:08:80:a0:a0:1a:5f:ea:8c:4c:e5:
         61:34:25:02:9d:81:2d:fb:80:3e:f5:3b:b8:4d:87:c6:f3:5c:
         18:81:17:95:23:c4:82:28:84:61:81:54:5f:bd:7c:26:09:6b:
         da:ba:e2:e0:3d:4f:7e:91:aa:38:78:99:44:03:34:48:1f:98:
         e1:b3:12:69:7e:c0:bd:cb:e8:7a:9e:61:1e:32:f1:08:0b:0e:
         1e:0e:80:8a:2e:64:23:1e:6b:4a:fc:09:6f:0a:83:15:a1:b5:
         3c:55:f5:5a:a8:5d:75:53:ab:bd:34:79:30:51:6a:92:65:53:
         c7:68:88:cd:f7:0b:59:55:78:a9:56:c2:14:59:9e:b0:9f:95:
         26:6e:7c:0c
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzI3rwWKAjQ/kZsdHyo+3NRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzNkZWU2ZGRmZGRiZmE4MWVlYWJjNDQxYzUzZTcwMmY5MjU4MTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qQyK9zwF6EFT575Eg+yKVLu2hJC
LH8cJ2OcC0LnJV504xw6pEBR202O+bNIz6uXrs4Ge06K/WD2s5f0fE4FcIg8Ri+6
b5TYaoNblHOhZuW01dT6efxFa6ddWAyGr8TMrWJDif4yhQb98b7w5O93uLcpGIIr
rdzu1MuDsFM84tmOZ2S9SRZdrIEBgEG1Nh5P8HuefOmjnVVZD5jSi4S7jUHxTBlz
12+hFb0gMYsJ8ZzPRApZbjMeA2+kX54NNAyinQxYk3P+mhtnTy75dKkzeNWwyEp8
2NbNbIOmASpLFLWcx5FX3tw4a0IQfOz+0S9bvhdmb1Xtp4uyh99XgB6YgQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFNM97m3f3b+oHuq8RBxT5wL5JYFlMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M2LzRlYWUx
MS04ZGM4LTRhYTAtODdmYi0xYmNiYjEwNmVjZmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzYvNGVhZTEx
LThkYzgtNGFhMC04N2ZiLTFiY2JiMTA2ZWNmYi8xLzB6M3ViZF9kdjZnZTZyeEVI
RlBuQXZrbGdXVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM+4jANBgkqhkiG9w0BAQsFAAOCAQEAPbbhDsWNlKL2
TtVWvrNj086Wo1Daq+zttQaU1CUP1Jd56XrWj/3XBaeL/mDWD0A08zCwMyqEw8Fb
wTFgU4l74sEIqUqaTVpiohOfC6QCBgxicRimW2dNWHskxPjx5aga6ogjQBtUAn7t
UrOY49ps7RGzh9IIgKCgGl/qjEzlYTQlAp2BLfuAPvU7uE2HxvNcGIEXlSPEgiiE
YYFUX718Jglr2rri4D1PfpGqOHiZRAM0SB+Y4bMSaX7Avcvoep5hHjLxCAsOHg6A
ii5kIx5rSvwJbwqDFaG1PFX1WqhddVOrvTR5MFFqkmVTx2iIzfcLWVV4qVbCFFme
sJ+VJm58DA==
-----END CERTIFICATE-----