Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3GsGuFW_l8OXvbhRaUS02xhmP5I.cer
File:                     3GsGuFW_l8OXvbhRaUS02xhmP5I.cer (raw, json)
Hash identifier:          +10ySO1E/Pl8ne6TSEAZPctg/hAxxcMcPL2FRYNqpDs=
Subject key identifier:   DC:6B:06:B8:55:BF:97:C3:97:BD:B8:51:69:44:B4:DB:18:66:3F:92
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC29ED0D3615AA46F83282C3623DA4F8C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/39721b99-0b2e-4f77-9a2f-8c335a3e27ad/0/DC6B06B855BF97C397BDB8516944B4DB18663F92.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/39721b99-0b2e-4f77-9a2f-8c335a3e27ad/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 01:23:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 197919

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:9e:d0:d3:61:5a:a4:6f:83:28:2c:36:23:da:4f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:23:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc6b06b855bf97c397bdb8516944b4db18663f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cf:ea:7f:a8:60:00:17:23:4a:35:1a:66:f7:
                    bc:9d:70:ff:71:d7:51:d2:f1:f6:ab:74:be:06:43:
                    3b:50:3c:21:65:f0:80:f5:44:d9:f8:30:a3:0b:78:
                    55:ae:24:b8:4f:04:44:ff:8d:fc:46:2c:10:b8:6d:
                    7c:17:dd:bb:46:e8:00:86:46:5e:fc:82:ec:d6:c4:
                    92:45:73:35:dc:8f:ae:db:eb:70:f1:c4:cc:7b:c0:
                    31:be:09:d4:b4:dc:d8:96:01:6f:ca:5e:72:cb:e5:
                    61:6c:6e:05:5a:80:8a:4d:39:f1:c6:56:d0:78:30:
                    18:b1:e2:e7:d0:f5:6e:89:b4:04:10:04:71:d2:1b:
                    ac:33:08:95:cc:16:fd:77:22:24:31:3d:c2:5b:58:
                    ab:42:ec:67:c8:df:18:c5:f8:89:94:72:66:80:36:
                    c7:d1:a0:20:5c:2c:fc:22:a2:a1:ee:3c:cf:e5:41:
                    1a:2c:f7:63:81:db:52:fd:3e:3f:cb:14:ee:f2:59:
                    df:92:c2:a4:f2:5b:cd:7b:0f:00:ef:a6:a7:ec:80:
                    64:0b:5d:e0:2c:a9:13:6a:04:32:76:ce:56:8f:76:
                    3e:1b:5b:a0:65:bf:b8:33:0f:da:89:57:35:47:a6:
                    79:16:dc:a9:b9:11:af:b0:ea:f2:2c:bc:00:c2:40:
                    09:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:6B:06:B8:55:BF:97:C3:97:BD:B8:51:69:44:B4:DB:18:66:3F:92
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/39721b99-0b2e-4f77-9a2f-8c335a3e27ad/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/39721b99-0b2e-4f77-9a2f-8c335a3e27ad/0/DC6B06B855BF97C397BDB8516944B4DB18663F92.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197919

    Signature Algorithm: sha256WithRSAEncryption
         3e:0b:cb:4c:5e:37:3a:42:cf:0d:bd:48:77:79:d2:47:f0:f1:
         78:7f:29:d0:fb:78:6a:3c:f2:6a:9a:02:db:f4:d1:a4:8f:04:
         43:64:45:ca:55:82:38:1b:db:d2:41:ee:3d:71:de:19:16:60:
         56:c0:b7:4e:c1:a9:e1:68:b1:a9:2e:cf:62:6e:9b:24:e4:d3:
         24:2a:83:27:15:e4:c7:ae:7f:81:9a:cb:6d:e9:a2:c6:83:8c:
         7b:1e:c9:86:60:f3:6c:69:26:c6:35:5d:39:68:79:e4:66:30:
         93:3f:6c:32:f4:83:26:92:4a:ef:be:11:8f:22:c8:76:78:c3:
         21:c3:a9:8e:6b:cc:63:a3:5b:f1:6b:ff:3c:0e:c8:6c:e1:a3:
         f9:f0:78:bb:88:25:8f:4c:40:e7:8c:7d:5a:36:bb:44:1d:d1:
         2e:a3:81:60:7d:80:57:50:7a:50:b6:36:c7:65:bb:d5:0a:91:
         1d:86:9b:49:24:83:cb:b7:43:80:85:c7:3f:a2:e5:a6:8e:f8:
         fd:bd:c6:30:f9:fd:a7:73:17:f4:47:f2:e3:72:83:78:23:24:
         24:6b:1a:8a:83:3e:54:5f:92:23:84:c6:a4:27:53:80:02:bd:
         09:32:a6:28:ce:fd:12:e2:47:53:9c:53:cd:16:5f:d1:42:03:
         6d:8d:9c:4f
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAYzCntDTYVqkb4MoLDYj2k+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDEyMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzZiMDZiODU1YmY5N2MzOTdiZGI4NTE2OTQ0YjRkYjE4NjYzZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8/qf6hgABcjSjUaZve8nXD/cddR
0vH2q3S+BkM7UDwhZfCA9UTZ+DCjC3hVriS4TwRE/438RiwQuG18F927RugAhkZe
/ILs1sSSRXM13I+u2+tw8cTMe8AxvgnUtNzYlgFvyl5yy+VhbG4FWoCKTTnxxlbQ
eDAYseLn0PVuibQEEARx0husMwiVzBb9dyIkMT3CW1irQuxnyN8YxfiJlHJmgDbH
0aAgXCz8IqKh7jzP5UEaLPdjgdtS/T4/yxTu8lnfksKk8lvNew8A76an7IBkC13g
LKkTagQyds5Wj3Y+G1ugZb+4Mw/aiVc1R6Z5FtypuRGvsOryLLwAwkAJaQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFNxrBrhVv5fDl724UWlEtNsYZj+SMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzM5NzIx
Yjk5LTBiMmUtNGY3Ny05YTJmLThjMzM1YTNlMjdhZC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMzk3
MjFiOTktMGIyZS00Zjc3LTlhMmYtOGMzMzVhM2UyN2FkLzAvREM2QjA2Qjg1NUJG
OTdDMzk3QkRCODUxNjk0NEI0REIxODY2M0Y5Mi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDBR8w
DQYJKoZIhvcNAQELBQADggEBAD4Ly0xeNzpCzw29SHd50kfw8Xh/KdD7eGo88mqa
Atv00aSPBENkRcpVgjgb29JB7j1x3hkWYFbAt07BqeFosakuz2JumyTk0yQqgycV
5Meuf4Gay23posaDjHseyYZg82xpJsY1XTloeeRmMJM/bDL0gyaSSu++EY8iyHZ4
wyHDqY5rzGOjW/Fr/zwOyGzho/nweLuIJY9MQOeMfVo2u0Qd0S6jgWB9gFdQelC2
Nsdlu9UKkR2Gm0kkg8u3Q4CFxz+i5aaO+P29xjD5/adzF/RH8uNyg3gjJCRrGoqD
PlRfkiOExqQnU4ACvQkypijO/RLiR1OcU80WX9FCA22NnE8=
-----END CERTIFICATE-----