Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-KYcLUlziXAA5WrLPIQ_IDSqVqA.cer
File:                     1-KYcLUlziXAA5WrLPIQ_IDSqVqA.cer (raw, json)
Hash identifier:          8JkH4FhEk09h02dc58x2Rw+uj8cBtalPQTd2mFIi13k=
Subject key identifier:   F8:A6:1C:2D:49:73:89:70:00:E5:6A:CB:3C:84:3F:20:34:AA:56:A0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01909D43FDF81760C37F19D98AB35D376833
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/06/15a067-6916-4385-a292-2782ecee0e92/1/1-KYcLUlziXAA5WrLPIQ_IDSqVqA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/06/15a067-6916-4385-a292-2782ecee0e92/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 10 Jul 2024 15:29:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214598

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9d:43:fd:f8:17:60:c3:7f:19:d9:8a:b3:5d:37:68:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 10 15:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8a61c2d4973897000e56acb3c843f2034aa56a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:21:c7:b2:95:ba:f5:33:ba:16:20:9e:e6:b7:
                    53:1a:79:b4:f9:a8:31:10:af:5f:4a:f0:35:af:66:
                    16:16:23:83:2d:a2:75:77:28:69:49:a5:ce:28:9c:
                    be:cc:8c:af:09:b9:68:fe:aa:b9:5f:99:6f:fe:1f:
                    7c:b7:12:13:18:63:58:a3:f0:e3:d9:09:73:36:87:
                    f7:6e:ca:10:c7:d1:0a:5a:c1:1d:98:ca:6e:1c:8f:
                    3f:c8:e5:3b:16:8b:2f:ca:d0:aa:8c:24:18:3b:9a:
                    2e:79:0d:5b:b5:cb:11:aa:16:f8:2c:d8:0a:00:68:
                    cd:07:a5:3c:94:16:d8:03:f2:10:87:e2:c9:7a:e5:
                    d4:db:cb:7b:e3:0d:9f:53:16:51:a7:61:94:b2:a4:
                    f9:a2:3c:7b:d2:06:83:69:51:f1:46:10:b7:95:1a:
                    6a:f6:0d:7b:9a:c6:00:4b:91:dc:57:83:51:11:d6:
                    15:00:6c:c1:f5:c2:45:9a:b7:cc:2b:17:91:66:46:
                    92:a9:f6:ef:ff:2f:72:ae:ea:55:b0:2f:43:0a:82:
                    37:a8:25:d1:50:74:31:63:03:18:29:8b:8d:0d:59:
                    15:9e:0c:99:fa:30:80:0f:8f:4a:5e:ed:d2:38:cf:
                    73:a7:8a:97:9d:51:a2:6d:2e:d4:99:30:4d:a0:e6:
                    f2:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:A6:1C:2D:49:73:89:70:00:E5:6A:CB:3C:84:3F:20:34:AA:56:A0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/15a067-6916-4385-a292-2782ecee0e92/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/15a067-6916-4385-a292-2782ecee0e92/1/1-KYcLUlziXAA5WrLPIQ_IDSqVqA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214598

    Signature Algorithm: sha256WithRSAEncryption
         0c:8b:67:cd:d5:4f:08:0c:b6:3f:dd:4f:38:0b:cb:52:33:79:
         ab:ec:9a:8c:62:a8:91:b9:69:2d:a4:99:7f:6d:53:5a:93:5f:
         da:b3:58:1c:17:94:d3:11:fe:58:d5:6c:0d:1c:4f:f4:ce:39:
         a9:3f:0a:f0:23:c1:85:ca:a0:56:e2:8d:dc:6e:8a:2f:03:85:
         27:f7:2f:85:42:03:a0:b0:a9:9c:f7:7c:ab:96:cd:94:46:05:
         c2:cb:9e:eb:46:87:9c:b1:15:c5:a2:e2:02:5f:56:ad:28:45:
         0a:8d:ed:40:7c:32:03:d2:e6:74:6f:97:3e:9e:c4:cd:22:86:
         c1:50:ac:4a:f7:58:1b:2b:bd:69:9e:b6:84:95:61:9c:bf:ce:
         c5:74:12:a5:69:df:3e:4b:ce:c7:76:a2:de:c9:d9:d0:38:6b:
         40:02:92:de:a2:2f:e0:28:7c:3c:4a:41:d8:cd:b4:f5:2e:34:
         10:3d:72:5a:e7:af:d0:4e:e2:2f:72:d8:97:a1:42:3d:41:69:
         b7:3b:7e:1a:56:87:9a:6c:ed:a3:16:0b:34:16:cf:3c:f7:0f:
         74:1e:03:21:49:9b:3e:77:a7:63:21:92:4b:3d:80:fc:47:21:
         b9:66:47:6d:d2:78:5c:f4:cd:9c:45:c2:be:13:31:f3:d9:10:
         f1:4a:9e:9c
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAZCdQ/34F2DDfxnZirNdN2gzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzEwMTUyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGE2MWMyZDQ5NzM4OTcwMDBlNTZhY2IzYzg0M2YyMDM0YWE1NmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyHHspW69TO6FiCe5rdTGnm0+agx
EK9fSvA1r2YWFiODLaJ1dyhpSaXOKJy+zIyvCblo/qq5X5lv/h98txITGGNYo/Dj
2QlzNof3bsoQx9EKWsEdmMpuHI8/yOU7FosvytCqjCQYO5oueQ1btcsRqhb4LNgK
AGjNB6U8lBbYA/IQh+LJeuXU28t74w2fUxZRp2GUsqT5ojx70gaDaVHxRhC3lRpq
9g17msYAS5HcV4NREdYVAGzB9cJFmrfMKxeRZkaSqfbv/y9yrupVsC9DCoI3qCXR
UHQxYwMYKYuNDVkVngyZ+jCAD49KXu3SOM9zp4qXnVGibS7UmTBNoObybwIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFPimHC1Jc4lwAOVqyzyEPyA0qlagMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA2LzE1YTA2
Ny02OTE2LTQzODUtYTI5Mi0yNzgyZWNlZTBlOTIvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDYvMTVhMDY3
LTY5MTYtNDM4NS1hMjkyLTI3ODJlY2VlMGU5Mi8xLzEtS1ljTFVsemlYQUE1V3JM
UElRX0lEU3FWcUEubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEF
BQcBCAEB/wQLMAmgBzAFAgMDRkYwDQYJKoZIhvcNAQELBQADggEBAAyLZ83VTwgM
tj/dTzgLy1IzeavsmoxiqJG5aS2kmX9tU1qTX9qzWBwXlNMR/ljVbA0cT/TOOak/
CvAjwYXKoFbijdxuii8DhSf3L4VCA6CwqZz3fKuWzZRGBcLLnutGh5yxFcWi4gJf
Vq0oRQqN7UB8MgPS5nRvlz6exM0ihsFQrEr3WBsrvWmetoSVYZy/zsV0EqVp3z5L
zsd2ot7J2dA4a0ACkt6iL+AofDxKQdjNtPUuNBA9clrnr9BO4i9y2JehQj1Babc7
fhpWh5ps7aMWCzQWzzz3D3QeAyFJmz53p2Mhkks9gPxHIblmR23SeFz0zZxFwr4T
MfPZEPFKnpw=
-----END CERTIFICATE-----