Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3virX3TckOn_uo1CmI7Vp3SMHQU.cer
File:                     3virX3TckOn_uo1CmI7Vp3SMHQU.cer (raw, json)
Hash identifier:          gHNMWkOu/rojWr76aycdoxFsop+9c62FqwMnrmXvGNk=
Subject key identifier:   DE:F8:AB:5F:74:DC:90:E9:FF:BA:8D:42:98:8E:D5:A7:74:8C:1D:05
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAF468990FDEF4DBB235A790D1B537
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1a/6a725a-42e4-4270-b5af-453fc1bcbcd5/1/3virX3TckOn_uo1CmI7Vp3SMHQU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1a/6a725a-42e4-4270-b5af-453fc1bcbcd5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210041

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f4:68:99:0f:de:f4:db:b2:35:a7:90:d1:b5:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=def8ab5f74dc90e9ffba8d42988ed5a7748c1d05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:17:54:f2:72:44:e4:a4:56:79:4a:31:2e:86:
                    f8:0a:30:db:8a:b9:63:2e:f2:be:92:56:0a:65:52:
                    a4:5c:6f:da:04:da:f3:4d:62:a1:70:c3:cd:50:32:
                    d1:0a:a0:d2:bd:8a:2f:bb:08:2f:36:0d:48:93:f6:
                    3d:f9:71:7b:6a:21:e4:72:78:29:f2:eb:5d:34:96:
                    cd:f1:eb:ba:41:21:80:5a:c6:db:e1:20:82:2b:04:
                    82:9f:e4:be:9e:e8:c2:bc:44:1e:03:9a:d6:27:2c:
                    8b:e8:2e:45:d5:a0:28:15:c0:e7:45:7d:3d:01:ad:
                    cb:d9:c4:7c:38:1e:66:2d:67:74:26:8d:98:48:0f:
                    90:14:f7:a8:3c:d0:cd:cd:5c:49:c8:d8:34:4c:c6:
                    70:fb:93:ca:7d:fb:2f:c5:28:f1:cc:e6:ca:bc:09:
                    31:3e:f7:8d:33:5f:02:1a:ba:e0:87:42:56:8e:e2:
                    cc:93:df:91:39:be:31:7b:6b:e7:9b:f7:c4:45:ac:
                    26:a2:c5:89:f6:05:f4:a0:73:7e:9e:11:b0:72:33:
                    33:61:1c:1c:f8:95:2b:1d:8e:da:e9:86:7c:14:65:
                    c2:0e:68:70:c0:48:15:dd:46:b5:56:d1:fc:a8:f0:
                    cc:54:01:f3:96:e9:87:86:de:5b:ab:26:c9:ac:aa:
                    e7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F8:AB:5F:74:DC:90:E9:FF:BA:8D:42:98:8E:D5:A7:74:8C:1D:05
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6a725a-42e4-4270-b5af-453fc1bcbcd5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6a725a-42e4-4270-b5af-453fc1bcbcd5/1/3virX3TckOn_uo1CmI7Vp3SMHQU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210041

    Signature Algorithm: sha256WithRSAEncryption
         a6:33:fd:05:db:87:d6:79:03:0b:78:77:bc:bf:f1:85:eb:2b:
         b8:94:ff:3e:63:55:b3:2d:02:d0:a2:9d:c5:0a:2c:c6:3f:5b:
         a5:b5:4b:eb:4e:7f:a9:c7:b4:74:cf:65:14:aa:bd:de:c5:95:
         e6:be:33:34:3d:6b:4c:04:d1:fc:74:ab:b0:05:b4:4e:da:32:
         f9:8f:b4:13:7b:f2:93:04:b7:4d:a8:e1:c2:c2:56:c7:be:07:
         6e:98:ac:a8:25:28:f1:59:51:1d:88:77:32:b1:c0:77:12:e7:
         d6:ad:e6:53:c4:ba:b9:b2:d7:74:7a:f3:a1:d1:83:21:7b:1a:
         d5:2d:d3:c9:73:fc:47:d7:31:1d:1e:a5:e5:5c:1e:64:3a:19:
         07:16:94:38:b1:ee:c4:5b:d5:57:5e:cb:31:31:21:3f:40:f5:
         21:07:ab:43:c3:8e:8d:39:c9:44:49:23:e6:d8:ee:ae:44:aa:
         19:20:76:06:20:c7:4e:ba:eb:69:e0:a4:9e:dd:15:d8:aa:8e:
         99:3f:d8:da:fd:cd:66:8a:1d:16:2d:f7:30:b7:8c:ca:1b:02:
         62:e4:0d:bf:e2:8e:29:af:53:2c:6a:4e:86:59:e2:5a:89:6b:
         3f:d9:93:c7:21:5c:f5:c4:3c:f7:f1:3b:8f:6c:a9:5a:4b:ca:
         68:22:23:f6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzC2vRomQ/e9NuyNaeQ0bU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWY4YWI1Zjc0ZGM5MGU5ZmZiYThkNDI5ODhlZDVhNzc0OGMxZDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBdU8nJE5KRWeUoxLob4CjDbirlj
LvK+klYKZVKkXG/aBNrzTWKhcMPNUDLRCqDSvYovuwgvNg1Ik/Y9+XF7aiHkcngp
8utdNJbN8eu6QSGAWsbb4SCCKwSCn+S+nujCvEQeA5rWJyyL6C5F1aAoFcDnRX09
Aa3L2cR8OB5mLWd0Jo2YSA+QFPeoPNDNzVxJyNg0TMZw+5PKffsvxSjxzObKvAkx
PveNM18CGrrgh0JWjuLMk9+ROb4xe2vnm/fERawmosWJ9gX0oHN+nhGwcjMzYRwc
+JUrHY7a6YZ8FGXCDmhwwEgV3Ua1VtH8qPDMVAHzlumHht5bqybJrKrnAQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFN74q1903JDp/7qNQpiO1ad0jB0FMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFhLzZhNzI1
YS00MmU0LTQyNzAtYjVhZi00NTNmYzFiY2JjZDUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWEvNmE3MjVh
LTQyZTQtNDI3MC1iNWFmLTQ1M2ZjMWJjYmNkNS8xLzN2aXJYM1Rja09uX3VvMUNt
STdWcDNTTUhRVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM0eTANBgkqhkiG9w0BAQsFAAOCAQEApjP9BduH1nkD
C3h3vL/xhesruJT/PmNVsy0C0KKdxQosxj9bpbVL605/qce0dM9lFKq93sWV5r4z
ND1rTATR/HSrsAW0Ttoy+Y+0E3vykwS3TajhwsJWx74HbpisqCUo8VlRHYh3MrHA
dxLn1q3mU8S6ubLXdHrzodGDIXsa1S3TyXP8R9cxHR6l5VweZDoZBxaUOLHuxFvV
V17LMTEhP0D1IQerQ8OOjTnJREkj5tjurkSqGSB2BiDHTrrraeCknt0V2KqOmT/Y
2v3NZoodFi33MLeMyhsCYuQNv+KOKa9TLGpOhlniWolrP9mTxyFc9cQ89/E7j2yp
WkvKaCIj9g==
-----END CERTIFICATE-----