Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31JSbz0oJ2UyXBWm5XZdfNfx-J4.cer
File:                     31JSbz0oJ2UyXBWm5XZdfNfx-J4.cer (raw, json)
Hash identifier:          O3jYseVl8IuH0POeqGCHEeP4WCjf9eRyvF+WWgqH/sI=
Subject key identifier:   DF:52:52:6F:3D:28:27:65:32:5C:15:A6:E5:76:5D:7C:D7:F1:F8:9E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA293F98D3772767693CA0A0CC413114
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f3/0bf6db-cc7d-4697-9aec-623e6c9c4464/1/31JSbz0oJ2UyXBWm5XZdfNfx-J4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f3/0bf6db-cc7d-4697-9aec-623e6c9c4464/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:32:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 207831

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:3f:98:d3:77:27:67:69:3c:a0:a0:cc:41:31:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df52526f3d282765325c15a6e5765d7cd7f1f89e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:76:8e:8d:c2:7a:5a:e1:fc:55:33:a6:bc:96:
                    ce:98:7b:e3:8a:4a:ea:21:24:91:00:43:11:4d:15:
                    92:75:ca:83:68:c5:44:0b:d9:79:77:c1:6e:33:0c:
                    b6:78:25:bc:84:ad:27:0b:29:df:ac:18:89:5b:81:
                    30:77:f5:47:4c:17:27:92:e2:e1:91:2c:cc:b4:66:
                    b0:9b:76:34:07:53:fd:39:ac:ab:04:8e:e1:b6:14:
                    fc:72:16:e6:4c:1f:7c:52:f9:f0:2e:e3:dd:3b:04:
                    33:f3:21:7b:12:b7:54:f0:b0:85:61:fe:19:9e:bc:
                    d1:a1:a8:3c:97:af:7c:90:8e:f2:16:75:15:b2:fa:
                    53:e4:0c:ed:f8:9e:b6:ce:98:7c:5d:d0:a6:7c:e5:
                    27:16:83:f3:90:9b:0a:73:50:c7:80:53:ac:df:4a:
                    df:2f:1e:5b:11:4e:75:e0:27:23:6b:97:0b:2e:8f:
                    bf:a0:0e:7a:03:58:e9:24:0c:8f:f9:18:bb:39:cb:
                    ff:a9:1c:dc:cb:85:b8:b3:9c:d2:db:97:3c:a9:8d:
                    19:60:45:05:b1:24:6e:d4:f0:ed:d4:c8:81:fd:d4:
                    4c:9d:64:5a:86:d2:3c:02:f8:d4:cb:81:0a:36:9a:
                    3d:72:53:ff:2b:12:14:b5:82:a9:ff:93:78:57:f5:
                    aa:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:52:52:6F:3D:28:27:65:32:5C:15:A6:E5:76:5D:7C:D7:F1:F8:9E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0bf6db-cc7d-4697-9aec-623e6c9c4464/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0bf6db-cc7d-4697-9aec-623e6c9c4464/1/31JSbz0oJ2UyXBWm5XZdfNfx-J4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207831

    Signature Algorithm: sha256WithRSAEncryption
         83:b9:4a:95:c0:c7:92:48:b3:f6:bb:17:62:84:1d:f4:b1:b1:
         ac:68:2c:9e:2d:24:f4:ed:8b:f9:cb:db:33:a4:21:18:df:92:
         f3:23:82:43:7d:db:5b:86:6a:88:e2:a1:b4:1a:ee:e2:0c:93:
         51:78:e8:10:3f:97:b2:21:aa:02:62:6e:4f:93:22:3d:25:b5:
         eb:18:a0:d8:5b:cb:1a:65:c5:88:58:36:1b:3d:eb:c7:ac:0b:
         cb:59:a9:86:50:18:2d:75:50:98:be:1c:d3:e9:54:6e:37:8e:
         83:70:4b:74:fe:4b:1d:db:8f:b4:46:0e:3e:79:b9:41:a1:df:
         6d:a2:fb:5a:4d:40:b2:45:05:d2:c5:ce:d0:70:97:48:91:5a:
         73:f0:a6:40:f6:2e:cf:8a:61:39:b1:2c:0a:2e:af:53:a5:69:
         3f:df:eb:0f:98:0e:b8:d3:c1:62:56:fc:9a:4b:0d:62:65:2d:
         fc:6c:ce:4b:3e:d7:d0:88:b0:fa:33:b1:99:ce:67:e2:eb:64:
         8f:ca:fc:86:bf:bc:ae:4d:c5:34:5a:1b:99:eb:e3:78:5d:1c:
         03:96:79:69:89:28:18:04:99:48:ae:60:38:b2:3f:d5:bb:7d:
         86:78:9d:7a:29:fd:49:35:7d:bf:18:ce:71:75:3b:93:6b:8a:
         9c:df:5d:e6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKKT+Y03cnZ2k8oKDMQTEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjUyNTI2ZjNkMjgyNzY1MzI1YzE1YTZlNTc2NWQ3Y2Q3ZjFmODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3aOjcJ6WuH8VTOmvJbOmHvjikrq
ISSRAEMRTRWSdcqDaMVEC9l5d8FuMwy2eCW8hK0nCynfrBiJW4Ewd/VHTBcnkuLh
kSzMtGawm3Y0B1P9OayrBI7hthT8chbmTB98UvnwLuPdOwQz8yF7ErdU8LCFYf4Z
nrzRoag8l698kI7yFnUVsvpT5Azt+J62zph8XdCmfOUnFoPzkJsKc1DHgFOs30rf
Lx5bEU514Ccja5cLLo+/oA56A1jpJAyP+Ri7Ocv/qRzcy4W4s5zS25c8qY0ZYEUF
sSRu1PDt1MiB/dRMnWRahtI8AvjUy4EKNpo9clP/KxIUtYKp/5N4V/WqawIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFN9SUm89KCdlMlwVpuV2XXzX8fieMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YzLzBiZjZk
Yi1jYzdkLTQ2OTctOWFlYy02MjNlNmM5YzQ0NjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvMGJmNmRi
LWNjN2QtNDY5Ny05YWVjLTYyM2U2YzljNDQ2NC8xLzMxSlNiejBvSjJVeVhCV201
WFpkZk5meC1KNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMr1zANBgkqhkiG9w0BAQsFAAOCAQEAg7lKlcDHkkiz
9rsXYoQd9LGxrGgsni0k9O2L+cvbM6QhGN+S8yOCQ33bW4ZqiOKhtBru4gyTUXjo
ED+XsiGqAmJuT5MiPSW16xig2FvLGmXFiFg2Gz3rx6wLy1mphlAYLXVQmL4c0+lU
bjeOg3BLdP5LHduPtEYOPnm5QaHfbaL7Wk1AskUF0sXO0HCXSJFac/CmQPYuz4ph
ObEsCi6vU6VpP9/rD5gOuNPBYlb8mksNYmUt/GzOSz7X0Iiw+jOxmc5n4utkj8r8
hr+8rk3FNFobmevjeF0cA5Z5aYkoGASZSK5gOLI/1bt9hnidein9STV9vxjOcXU7
k2uKnN9d5g==
-----END CERTIFICATE-----