Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1IdkFNyZXRTt46AaMjtiuQb4PFc.cer
File:                     1IdkFNyZXRTt46AaMjtiuQb4PFc.cer (raw, json)
Hash identifier:          z3S8nysltz2F+S058gP1Usi1YxB1kSjDP/IfSmkuVjc=
Subject key identifier:   D4:87:64:14:DC:99:5D:14:ED:E3:A0:1A:32:3B:62:B9:06:F8:3C:57
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D9D68470F6B023E389E73DEAF8D87C15B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e3/469a73-2cf3-4687-acc6-102c4ba8cc4b/1/1IdkFNyZXRTt46AaMjtiuQb4PFc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e3/469a73-2cf3-4687-acc6-102c4ba8cc4b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 12 Feb 2024 13:01:13 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215663

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:68:47:0f:6b:02:3e:38:9e:73:de:af:8d:87:c1:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 12 13:01:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4876414dc995d14ede3a01a323b62b906f83c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a3:4e:4d:56:41:c6:e8:5d:ee:52:35:4e:80:
                    ca:b6:83:4c:58:a3:b2:4e:60:8c:42:38:d3:89:41:
                    a0:4e:d6:9a:7b:22:21:b3:6c:f4:32:39:1d:69:15:
                    d5:dc:09:f5:04:42:90:ed:4a:3e:88:b0:dc:e2:0c:
                    57:f6:d5:ef:f3:0f:60:1d:95:99:e2:41:8f:01:d5:
                    66:eb:c8:4e:c4:74:0d:93:7d:22:f5:ee:35:b6:75:
                    9f:7e:b9:4a:be:48:00:f4:40:53:23:a2:bd:96:57:
                    38:25:4a:88:1f:2d:0a:5e:d9:c5:58:83:95:46:ba:
                    37:40:2a:d5:06:f9:09:3e:a5:2f:1b:45:fd:d7:a2:
                    fd:ab:26:b8:a9:69:11:6f:ea:3f:85:f9:07:64:8e:
                    14:85:65:6e:bf:07:fa:d3:1f:59:7a:c9:16:1e:04:
                    e9:8c:44:44:c7:dd:45:29:5f:f8:01:a9:21:8c:30:
                    e7:f3:5f:2c:55:c5:54:ab:86:94:75:66:b7:36:9b:
                    5e:d4:17:8d:67:f7:cd:ba:6d:94:69:f6:b5:03:cf:
                    17:82:04:6a:44:26:68:9c:2a:f1:0c:76:b7:67:c3:
                    9b:93:d1:1f:42:ba:0d:55:58:e0:c7:e4:c0:1e:ab:
                    c3:f0:82:00:a5:47:4d:e8:42:2c:f2:71:41:91:0e:
                    77:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:87:64:14:DC:99:5D:14:ED:E3:A0:1A:32:3B:62:B9:06:F8:3C:57
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/469a73-2cf3-4687-acc6-102c4ba8cc4b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/469a73-2cf3-4687-acc6-102c4ba8cc4b/1/1IdkFNyZXRTt46AaMjtiuQb4PFc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215663

    Signature Algorithm: sha256WithRSAEncryption
         56:c5:c9:0a:94:e7:15:72:04:6c:08:f1:61:40:e2:ac:dd:68:
         1c:0a:01:fd:f7:e8:39:20:fb:68:1f:9b:cb:eb:2e:54:a2:73:
         cf:0d:1d:42:cf:db:e9:0c:9c:75:66:7a:e6:f4:48:fd:80:0d:
         99:39:7b:43:6f:08:d1:dd:42:6a:e4:be:be:81:97:f5:74:fc:
         f3:6a:45:c7:b5:0e:45:e0:2c:2a:4f:73:35:83:58:75:c8:75:
         31:50:e4:94:6f:55:c6:95:07:77:7e:73:fd:fb:c7:fb:fe:67:
         79:f0:9a:db:f5:e7:43:0d:49:4a:76:f5:b3:ca:59:34:f2:fb:
         8b:25:37:ee:43:c4:f0:cd:80:54:9c:7b:f1:1e:37:6b:4f:f0:
         9d:e3:08:e9:29:93:90:10:a6:27:57:03:57:29:21:c4:28:9c:
         1d:d2:5f:74:22:3d:ca:c9:6e:0a:4f:df:bf:f8:83:ec:a7:1b:
         0c:8a:f8:ab:f2:fc:ab:5c:75:3c:2e:9e:9c:c5:31:9e:6a:90:
         48:e3:e6:60:3c:82:cc:d7:e0:43:b0:cd:46:10:46:d3:fe:57:
         9c:b5:8c:78:2f:ea:84:ae:b8:6c:d8:7c:c3:89:54:10:cf:62:
         b4:e2:fc:33:19:38:16:4a:71:a8:5e:eb:d2:13:bf:12:1f:b4:
         c6:75:b2:4b
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY2daEcPawI+OJ5z3q+Nh8FbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjEyMTMwMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDg3NjQxNGRjOTk1ZDE0ZWRlM2EwMWEzMjNiNjJiOTA2ZjgzYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qNOTVZBxuhd7lI1ToDKtoNMWKOy
TmCMQjjTiUGgTtaaeyIhs2z0MjkdaRXV3An1BEKQ7Uo+iLDc4gxX9tXv8w9gHZWZ
4kGPAdVm68hOxHQNk30i9e41tnWffrlKvkgA9EBTI6K9llc4JUqIHy0KXtnFWIOV
Rro3QCrVBvkJPqUvG0X916L9qya4qWkRb+o/hfkHZI4UhWVuvwf60x9ZeskWHgTp
jEREx91FKV/4AakhjDDn818sVcVUq4aUdWa3Npte1BeNZ/fNum2Uafa1A88XggRq
RCZonCrxDHa3Z8Obk9EfQroNVVjgx+TAHqvD8IIApUdN6EIs8nFBkQ53QwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFNSHZBTcmV0U7eOgGjI7YrkG+DxXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UzLzQ2OWE3
My0yY2YzLTQ2ODctYWNjNi0xMDJjNGJhOGNjNGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTMvNDY5YTcz
LTJjZjMtNDY4Ny1hY2M2LTEwMmM0YmE4Y2M0Yi8xLzFJZGtGTnlaWFJUdDQ2QWFN
anRpdVFiNFBGYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNKbzANBgkqhkiG9w0BAQsFAAOCAQEAVsXJCpTnFXIE
bAjxYUDirN1oHAoB/ffoOSD7aB+by+suVKJzzw0dQs/b6QycdWZ65vRI/YANmTl7
Q28I0d1CauS+voGX9XT882pFx7UOReAsKk9zNYNYdch1MVDklG9VxpUHd35z/fvH
+/5nefCa2/XnQw1JSnb1s8pZNPL7iyU37kPE8M2AVJx78R43a0/wneMI6SmTkBCm
J1cDVykhxCicHdJfdCI9ysluCk/fv/iD7KcbDIr4q/L8q1x1PC6enMUxnmqQSOPm
YDyCzNfgQ7DNRhBG0/5XnLWMeC/qhK64bNh8w4lUEM9itOL8Mxk4FkpxqF7r0hO/
Eh+0xnWySw==
-----END CERTIFICATE-----