Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-8ds30PAkFJLPgKNdmlTxNI2do.cer
File:                     1-8ds30PAkFJLPgKNdmlTxNI2do.cer (raw, json)
Hash identifier:          L+UfSdtaRIMdK6//Y3xjRKJvqN8u2cUJUcYrE+WJcRE=
Subject key identifier:   D7:EF:1D:B3:7D:0F:02:41:49:2C:F8:0A:35:D9:A5:4F:13:48:D9:DA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64AA79C0584A1FB99D6EC3523788D37
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9d/1dc8de-5a56-480a-97d1-f80a0d54a8f7/1/1-8ds30PAkFJLPgKNdmlTxNI2do.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9d/1dc8de-5a56-480a-97d1-f80a0d54a8f7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:30:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216461

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a7:9c:05:84:a1:fb:99:d6:ec:35:23:78:8d:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7ef1db37d0f0241492cf80a35d9a54f1348d9da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5b:57:ea:a6:02:56:9b:fa:16:92:c2:4c:8a:
                    16:e2:df:41:32:d3:eb:f5:ef:3b:99:b8:58:2e:a1:
                    c6:8c:b0:61:0e:08:08:c3:04:ac:29:04:bd:77:32:
                    58:be:83:d1:0b:99:ab:4f:da:40:31:7f:32:23:3c:
                    35:a5:90:a8:56:59:ba:d8:5c:b0:cc:9c:e8:a4:d8:
                    da:18:79:fc:65:a2:d0:12:16:d7:8f:87:30:5d:3f:
                    99:86:62:6e:17:11:79:89:ab:53:07:e6:1f:58:ab:
                    c7:17:54:e1:42:eb:bc:60:03:ae:65:16:c8:ed:0c:
                    67:02:ef:78:66:cf:a4:4d:e9:42:aa:7c:4b:6d:aa:
                    a8:0f:32:3e:1c:1e:1c:1b:df:93:0e:08:c0:8f:db:
                    08:9e:c7:c7:bd:9a:d4:e8:ec:38:a1:35:81:c7:96:
                    b8:a0:e5:53:21:f4:ce:89:45:95:b1:1c:ca:d4:6b:
                    06:36:78:cc:db:2f:b2:f9:03:73:47:e1:cb:e3:a0:
                    6e:90:c2:31:6b:71:a7:95:53:6f:98:ab:14:aa:46:
                    97:18:2e:cc:f0:ab:c0:2b:1f:8c:94:02:2c:ae:7d:
                    bc:9f:2a:f5:88:e7:5b:43:86:72:7b:64:34:da:ba:
                    a6:5b:fb:6f:10:8e:e7:b6:d1:d3:49:64:bb:14:b5:
                    90:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:EF:1D:B3:7D:0F:02:41:49:2C:F8:0A:35:D9:A5:4F:13:48:D9:DA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/1dc8de-5a56-480a-97d1-f80a0d54a8f7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/1dc8de-5a56-480a-97d1-f80a0d54a8f7/1/1-8ds30PAkFJLPgKNdmlTxNI2do.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216461

    Signature Algorithm: sha256WithRSAEncryption
         94:69:87:dd:10:65:1b:05:23:1c:d3:19:2e:03:12:f3:41:eb:
         d6:a9:11:40:08:aa:70:e7:c1:4e:14:a3:3c:3e:f1:29:98:a4:
         c6:5c:5a:9e:01:ca:b0:9b:dc:38:c5:71:d9:31:f4:8d:9f:82:
         95:1f:06:d2:4e:02:74:5e:17:12:ce:b2:b9:2f:d6:43:ff:a0:
         3e:18:a4:5b:5a:50:88:ad:e8:da:0d:34:82:06:8e:04:d2:3c:
         d8:5e:bb:99:de:48:b3:3d:de:c8:bf:37:f5:2f:e8:48:54:2d:
         f4:b1:d6:96:d9:0f:0a:4b:3d:ed:f5:67:60:01:f8:67:c1:a4:
         ee:cd:e2:51:30:ca:73:7e:92:21:62:25:78:58:4e:23:2c:f6:
         b7:24:84:b2:dd:22:61:3f:d1:a9:f6:67:15:3c:f0:70:63:cd:
         c8:02:d7:2b:89:70:d0:d0:7b:c7:c1:97:8a:fe:19:55:fa:5c:
         01:69:37:c0:ff:be:ee:97:29:8b:84:c7:0a:df:d2:bd:60:95:
         b7:bd:7e:de:db:83:7a:2d:dc:6f:18:0b:f5:93:62:9e:b2:f2:
         cd:c0:7f:dd:e4:8b:bd:95:bc:9c:f3:6a:e1:62:f9:81:ad:ab:
         6c:7b:ce:10:e2:2b:e3:97:e9:ee:c0:e3:20:c6:b9:43:d5:0d:
         fd:e2:79:d5
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzGSqecBYSh+5nW7DUjeI03MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2VmMWRiMzdkMGYwMjQxNDkyY2Y4MGEzNWQ5YTU0ZjEzNDhkOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1tX6qYCVpv6FpLCTIoW4t9BMtPr
9e87mbhYLqHGjLBhDggIwwSsKQS9dzJYvoPRC5mrT9pAMX8yIzw1pZCoVlm62Fyw
zJzopNjaGHn8ZaLQEhbXj4cwXT+ZhmJuFxF5iatTB+YfWKvHF1ThQuu8YAOuZRbI
7QxnAu94Zs+kTelCqnxLbaqoDzI+HB4cG9+TDgjAj9sInsfHvZrU6Ow4oTWBx5a4
oOVTIfTOiUWVsRzK1GsGNnjM2y+y+QNzR+HL46BukMIxa3GnlVNvmKsUqkaXGC7M
8KvAKx+MlAIsrn28nyr1iOdbQ4Zye2Q02rqmW/tvEI7nttHTSWS7FLWQGQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFNfvHbN9DwJBSSz4CjXZpU8TSNnaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlkLzFkYzhk
ZS01YTU2LTQ4MGEtOTdkMS1mODBhMGQ1NGE4ZjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvMWRjOGRl
LTVhNTYtNDgwYS05N2QxLWY4MGEwZDU0YThmNy8xLzEtOGRzMzBQQWtGSkxQZ0tO
ZG1sVHhOSTJkby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNNjTANBgkqhkiG9w0BAQsFAAOCAQEAlGmH3RBlGwUj
HNMZLgMS80Hr1qkRQAiqcOfBThSjPD7xKZikxlxangHKsJvcOMVx2TH0jZ+ClR8G
0k4CdF4XEs6yuS/WQ/+gPhikW1pQiK3o2g00ggaOBNI82F67md5Isz3eyL839S/o
SFQt9LHWltkPCks97fVnYAH4Z8Gk7s3iUTDKc36SIWIleFhOIyz2tySEst0iYT/R
qfZnFTzwcGPNyALXK4lw0NB7x8GXiv4ZVfpcAWk3wP++7pcpi4THCt/SvWCVt71+
3tuDei3cbxgL9ZNinrLyzcB/3eSLvZW8nPNq4WL5ga2rbHvOEOIr45fp7sDjIMa5
Q9UN/eJ51Q==
-----END CERTIFICATE-----