Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1kJOUxpa1qyAryDw1twssYcyLsE.cer
File:                     1kJOUxpa1qyAryDw1twssYcyLsE.cer (raw, json)
Hash identifier:          vPSySOCie/oiHlMkh6p7JXhq2NH4LAH07CLC/rrBP6M=
Subject key identifier:   D6:42:4E:53:1A:5A:D6:AC:80:AF:20:F0:D6:DC:2C:B1:87:32:2E:C1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942067EB24ECCACE531161282F93C21996
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/30df2d1b-1498-4686-91bb-64b582010328/0/D6424E531A5AD6AC80AF20F0D6DC2CB187322EC1.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/30df2d1b-1498-4686-91bb-64b582010328/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 61302
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:eb:24:ec:ca:ce:53:11:61:28:2f:93:c2:19:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6424e531a5ad6ac80af20f0d6dc2cb187322ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:f5:71:5d:5a:8b:f1:9a:f5:6c:89:59:16:be:
                    08:b5:a5:ca:a0:cd:b1:83:f9:6f:25:79:b6:d5:c7:
                    a3:48:05:40:56:61:24:66:c7:76:5c:93:f3:91:2f:
                    7d:88:cf:89:90:fc:15:5a:4c:fe:ff:2c:f0:f3:95:
                    37:fe:4a:37:f9:c4:8b:da:a8:98:5a:cc:37:22:ce:
                    cb:7d:46:d2:c1:90:25:36:a2:67:61:fb:a2:06:51:
                    91:77:e1:53:c7:d7:1c:0d:ab:cf:c8:2e:db:31:aa:
                    5f:77:40:fd:d2:aa:cd:0c:ae:70:43:9c:0d:2b:4d:
                    c8:93:32:f3:2c:b7:44:ce:ae:c8:fa:b1:52:e2:3d:
                    61:15:b7:61:ad:a6:9d:5b:69:d8:06:89:01:87:89:
                    3e:58:c6:dd:ba:98:6f:5b:ce:8b:75:d9:27:46:60:
                    ac:fc:82:0d:20:6c:a4:b0:8c:a4:0d:d0:87:28:a7:
                    81:5f:5f:bc:01:71:a1:aa:cf:6e:f3:3c:3b:6e:29:
                    04:39:47:e2:64:de:62:6c:ff:c8:af:20:2d:3c:92:
                    4c:61:a6:22:57:7d:5e:07:ab:94:56:db:a9:bd:62:
                    0a:43:51:c2:8a:5b:fd:bc:95:b9:d8:24:82:ca:6d:
                    5a:9d:99:7f:30:bf:8c:2f:aa:db:bd:6a:fc:e6:67:
                    c1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:42:4E:53:1A:5A:D6:AC:80:AF:20:F0:D6:DC:2C:B1:87:32:2E:C1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/30df2d1b-1498-4686-91bb-64b582010328/0
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/30df2d1b-1498-4686-91bb-64b582010328/0/D6424E531A5AD6AC80AF20F0D6DC2CB187322EC1.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  61302

    Signature Algorithm: sha256WithRSAEncryption
         1a:76:51:50:65:c5:d8:9c:14:51:af:9e:a2:e4:14:ce:c4:69:
         8b:7b:f7:ee:8f:f4:13:7d:fe:cc:72:4a:5d:f9:cc:1d:23:f8:
         12:7a:93:a1:d7:c0:fc:4b:8c:03:dc:38:be:29:8d:06:a0:5e:
         52:f2:30:10:d9:7b:48:b5:78:b5:16:d1:4c:23:6b:2d:ef:6d:
         24:73:d8:be:c3:bb:35:ea:65:ee:11:45:1d:01:6b:40:1e:89:
         5a:83:a9:fd:d1:61:d5:2f:f6:a9:7e:08:f7:fc:a8:89:8f:d6:
         57:4b:3e:a2:72:05:ba:cb:60:c9:2f:6d:4b:42:44:28:ca:12:
         78:f4:fe:9a:23:f8:e6:79:47:6b:2f:9b:fe:dd:39:53:ce:c6:
         53:0b:d5:0c:c6:a3:c1:a7:2d:07:4d:af:64:bf:c3:2a:b7:31:
         b5:9f:a8:f6:f4:f7:7c:d8:db:98:6b:a5:1c:6a:ca:ce:1e:b7:
         a6:7e:3e:84:c4:42:f4:a0:4f:f3:a5:52:3c:15:ae:1d:5a:ac:
         5d:5f:7f:ea:a4:df:e1:43:87:05:8c:66:aa:85:60:ef:0d:55:
         65:8a:f8:96:16:6d:59:77:f5:c4:4c:35:3b:57:7e:ac:cb:24:
         5f:72:a7:16:1d:85:0a:9c:19:84:c4:0c:8b:5e:26:6e:d4:de:
         2b:8f:15:d0
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAZQgZ+sk7MrOUxFhKC+TwhmWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQyNGU1MzFhNWFkNmFjODBhZjIwZjBkNmRjMmNiMTg3MzIyZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/VxXVqL8Zr1bIlZFr4ItaXKoM2x
g/lvJXm21cejSAVAVmEkZsd2XJPzkS99iM+JkPwVWkz+/yzw85U3/ko3+cSL2qiY
Wsw3Is7LfUbSwZAlNqJnYfuiBlGRd+FTx9ccDavPyC7bMapfd0D90qrNDK5wQ5wN
K03IkzLzLLdEzq7I+rFS4j1hFbdhraadW2nYBokBh4k+WMbduphvW86LddknRmCs
/IINIGyksIykDdCHKKeBX1+8AXGhqs9u8zw7bikEOUfiZN5ibP/IryAtPJJMYaYi
V31eB6uUVtupvWIKQ1HCilv9vJW52CSCym1anZl/ML+ML6rbvWr85mfBHQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFNZCTlMaWtasgK8g8NbcLLGHMi7BMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE+BggrBgEFBQcBCwSCATAwggEsMF4GCCsGAQUFBzAFhlJy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzMwZGYy
ZDFiLTE0OTgtNDY4Ni05MWJiLTY0YjU4MjAxMDMyOC8wMIGLBggrBgEFBQcwCoZ/
cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8zMGRm
MmQxYi0xNDk4LTQ2ODYtOTFiYi02NGI1ODIwMTAzMjgvMC9ENjQyNEU1MzFBNUFE
NkFDODBBRjIwRjBENkRDMkNCMTg3MzIyRUMxLm1mdDA8BggrBgEFBQcwDYYwaHR0
cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3RpZmljYXRpb24ueG1sMFkG
A1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwDvdjAN
BgkqhkiG9w0BAQsFAAOCAQEAGnZRUGXF2JwUUa+eouQUzsRpi3v37o/0E33+zHJK
XfnMHSP4EnqTodfA/EuMA9w4vimNBqBeUvIwENl7SLV4tRbRTCNrLe9tJHPYvsO7
Nepl7hFFHQFrQB6JWoOp/dFh1S/2qX4I9/yoiY/WV0s+onIFustgyS9tS0JEKMoS
ePT+miP45nlHay+b/t05U87GUwvVDMajwactB02vZL/DKrcxtZ+o9vT3fNjbmGul
HGrKzh63pn4+hMRC9KBP86VSPBWuHVqsXV9/6qTf4UOHBYxmqoVg7w1VZYr4lhZt
WXf1xEw1O1d+rMskX3KnFh2FCpwZhMQMi14mbtTeK48V0A==
-----END CERTIFICATE-----