Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-2fE4ThzE8A0RTje_SzPoDTnwww.cer
File:                     1-2fE4ThzE8A0RTje_SzPoDTnwww.cer (raw, json)
Hash identifier:          ohKIpBldfxa+I0etm7tjLNzR4QR/3LGF7Mpp+WPdlqk=
Subject key identifier:   FB:67:C4:E1:38:73:13:C0:34:45:38:DE:FD:2C:CF:A0:34:E7:C3:0C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DD0F82F35DF561551281F151E70FCD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1c/43b363-d64a-4507-a6fd-e50ce5367e7b/1/1-2fE4ThzE8A0RTje_SzPoDTnwww.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1c/43b363-d64a-4507-a6fd-e50ce5367e7b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:30:48 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 203629

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Apr 2024 20:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:0f:82:f3:5d:f5:61:55:12:81:f1:51:e7:0f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb67c4e1387313c0344538defd2ccfa034e7c30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:1c:93:d3:f3:6d:7f:24:fc:b9:00:af:d8:40:
                    4a:d8:e8:65:f6:94:4b:be:16:0f:8d:07:fc:29:ea:
                    67:d7:6a:21:aa:f3:aa:16:bf:bc:c8:73:74:5a:40:
                    68:39:6c:2e:93:86:e7:50:70:a7:8e:e0:eb:b6:bb:
                    b2:00:86:b7:ba:a8:e9:cc:a7:13:a9:d1:e8:c6:6d:
                    f6:ff:bd:76:6f:c4:75:8c:72:72:a7:85:b7:c6:e7:
                    b5:bb:90:c6:74:27:84:6d:9a:d9:ef:11:96:c1:22:
                    14:5a:43:55:5d:95:ab:98:35:10:d9:76:61:05:1e:
                    7e:b3:51:76:f6:fe:83:96:73:ef:0b:f8:9f:be:73:
                    be:93:93:25:52:c8:6a:bf:a4:ef:f0:1a:03:8d:98:
                    64:cb:6d:c9:7f:57:55:82:ec:92:d2:ef:c2:cb:de:
                    59:2f:7d:8d:7f:91:36:05:bd:20:cf:61:00:58:06:
                    7c:6f:a8:b1:5a:01:8a:9d:89:a3:de:ba:30:cc:46:
                    aa:96:e6:f4:50:cc:ab:31:4e:94:47:91:ec:4b:3a:
                    06:2f:e4:2c:aa:99:40:88:18:34:31:0d:f5:be:c4:
                    50:24:f9:1a:c2:50:23:71:96:6a:3c:b3:92:2e:63:
                    ea:25:ae:f9:c9:38:05:53:c2:18:6e:32:5a:3b:ec:
                    5b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:67:C4:E1:38:73:13:C0:34:45:38:DE:FD:2C:CF:A0:34:E7:C3:0C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/43b363-d64a-4507-a6fd-e50ce5367e7b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/43b363-d64a-4507-a6fd-e50ce5367e7b/1/1-2fE4ThzE8A0RTje_SzPoDTnwww.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203629

    Signature Algorithm: sha256WithRSAEncryption
         7a:34:da:44:51:bc:d0:bf:3c:47:0b:5c:64:2b:ab:0e:3e:d8:
         16:ee:65:b7:78:ce:90:fa:e8:34:79:bf:84:03:63:2b:64:99:
         da:59:91:57:bb:cc:f3:a5:ee:82:1f:e6:d0:6f:5e:db:ab:a1:
         28:8a:a7:b0:d1:de:13:78:f6:06:64:2c:cc:66:13:91:6b:34:
         88:a9:5b:0e:24:fd:b2:78:c3:11:77:61:ac:61:d5:e5:db:10:
         5f:e1:04:d7:92:00:90:30:ef:3d:21:1d:e7:bf:a6:30:55:e4:
         f0:75:87:ef:24:d8:18:f5:c2:36:39:92:5b:66:ac:fb:21:b3:
         5c:ba:1e:69:f2:5e:12:bd:d7:c9:16:a4:95:db:d0:94:ac:14:
         ec:da:8d:8e:20:15:43:9c:1f:bb:3d:2c:29:a0:ce:a0:b3:82:
         b2:f8:db:96:b5:32:63:ae:fe:c9:13:12:28:c7:90:8c:d2:b1:
         d8:27:35:20:5e:d2:69:8e:f0:d8:18:7a:fb:49:8a:3b:3d:28:
         a9:9d:cf:99:9b:6c:20:73:49:11:2e:95:b5:ff:47:33:39:61:
         cf:79:a3:bf:9a:ce:e7:fd:9c:34:0c:25:ec:31:63:3b:4d:f6:
         53:bc:13:c2:b4:b4:d0:36:90:9b:a2:5c:27:1a:f8:5b:3b:36:
         39:b9:e2:dd
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAYzF3Q+C8131YVUSgfFR5w/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjY3YzRlMTM4NzMxM2MwMzQ0NTM4ZGVmZDJjY2ZhMDM0ZTdjMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ByT0/NtfyT8uQCv2EBK2Ohl9pRL
vhYPjQf8Kepn12ohqvOqFr+8yHN0WkBoOWwuk4bnUHCnjuDrtruyAIa3uqjpzKcT
qdHoxm32/712b8R1jHJyp4W3xue1u5DGdCeEbZrZ7xGWwSIUWkNVXZWrmDUQ2XZh
BR5+s1F29v6DlnPvC/ifvnO+k5MlUshqv6Tv8BoDjZhky23Jf1dVguyS0u/Cy95Z
L32Nf5E2Bb0gz2EAWAZ8b6ixWgGKnYmj3rowzEaqlub0UMyrMU6UR5HsSzoGL+Qs
qplAiBg0MQ31vsRQJPkawlAjcZZqPLOSLmPqJa75yTgFU8IYbjJaO+xbywIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFPtnxOE4cxPANEU43v0sz6A058MMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjLzQzYjM2
My1kNjRhLTQ1MDctYTZmZC1lNTBjZTUzNjdlN2IvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWMvNDNiMzYz
LWQ2NGEtNDUwNy1hNmZkLWU1MGNlNTM2N2U3Yi8xLzEtMmZFNFRoekU4QTBSVGpl
X1N6UG9EVG53d3cubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEF
BQcBCAEB/wQLMAmgBzAFAgMDG20wDQYJKoZIhvcNAQELBQADggEBAHo02kRRvNC/
PEcLXGQrqw4+2BbuZbd4zpD66DR5v4QDYytkmdpZkVe7zPOl7oIf5tBvXturoSiK
p7DR3hN49gZkLMxmE5FrNIipWw4k/bJ4wxF3Yaxh1eXbEF/hBNeSAJAw7z0hHee/
pjBV5PB1h+8k2Bj1wjY5kltmrPshs1y6HmnyXhK918kWpJXb0JSsFOzajY4gFUOc
H7s9LCmgzqCzgrL425a1MmOu/skTEijHkIzSsdgnNSBe0mmO8NgYevtJijs9KKmd
z5mbbCBzSREulbX/RzM5Yc95o7+azuf9nDQMJewxYztN9lO8E8K0tNA2kJuiXCca
+Fs7Njm54t0=
-----END CERTIFICATE-----