Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/435CoUa5C6fNMxrWoT7vHaL7pEA.cer
File:                     435CoUa5C6fNMxrWoT7vHaL7pEA.cer (raw, json)
Hash identifier:          k+k2qTJ/Xqg9mwG5zW2LDgDdIYGmEkPPPFFH2qxWaJQ=
Subject key identifier:   E3:7E:42:A1:46:B9:0B:A7:CD:33:1A:D6:A1:3E:EF:1D:A2:FB:A4:40
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC187EEBAA2A73D01A2D7B8FDC8105
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e0/3ece76-0575-46b1-94bf-06329f6e0475/1/435CoUa5C6fNMxrWoT7vHaL7pEA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e0/3ece76-0575-46b1-94bf-06329f6e0475/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 3338

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:18:7e:eb:aa:2a:73:d0:1a:2d:7b:8f:dc:81:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e37e42a146b90ba7cd331ad6a13eef1da2fba440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:7c:3b:92:f3:f3:20:ff:cc:4b:01:86:ab:3e:
                    fc:a6:41:08:9e:1b:d2:3d:ad:44:38:04:cc:b5:f3:
                    eb:93:77:19:61:b7:af:a5:49:b7:09:8e:9f:1a:86:
                    79:6e:22:d1:cc:18:5c:15:28:44:87:e5:ae:a4:e6:
                    5b:bd:30:8b:12:69:b8:fa:fa:ec:93:5e:85:53:0d:
                    84:29:d2:ea:3d:f1:7a:39:4e:fd:69:ac:12:5f:6f:
                    bd:bb:ba:52:49:79:32:c9:f6:90:f8:3b:24:be:07:
                    72:1b:a3:d6:af:66:b2:d5:03:b6:81:e0:e8:5a:fb:
                    af:8e:55:a4:a8:bb:e2:77:1e:03:d0:b4:f9:ac:72:
                    3b:f9:ff:33:bd:b9:82:2b:08:c1:c7:c9:3b:88:77:
                    97:18:d0:41:1e:5b:12:31:2d:68:f7:d3:e8:5c:0d:
                    8e:73:a1:38:7e:ab:54:c3:ae:15:6b:97:fc:59:ec:
                    b6:65:29:90:b1:8e:c5:f4:aa:69:8b:87:51:bf:e5:
                    bf:92:b2:ef:3d:01:c4:1e:f4:94:bb:ce:0e:8f:2e:
                    df:db:6b:a7:18:17:c6:57:30:17:66:22:2c:15:03:
                    a9:c6:a6:32:e7:fc:2a:51:aa:60:7b:f5:87:ca:e4:
                    50:1b:83:62:46:c5:1f:e3:c0:41:b3:37:62:dc:be:
                    76:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:7E:42:A1:46:B9:0B:A7:CD:33:1A:D6:A1:3E:EF:1D:A2:FB:A4:40
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3ece76-0575-46b1-94bf-06329f6e0475/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3ece76-0575-46b1-94bf-06329f6e0475/1/435CoUa5C6fNMxrWoT7vHaL7pEA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  3338

    Signature Algorithm: sha256WithRSAEncryption
         41:c7:de:27:da:27:95:ff:67:2c:97:f9:f5:76:03:9f:23:2a:
         4e:8b:92:86:6a:09:32:99:ef:28:a5:3f:a8:fc:fa:d3:b9:c8:
         40:cf:a1:e4:7c:8a:7b:29:45:4c:2c:bf:4a:e3:39:67:08:61:
         3b:a0:fa:50:0d:85:a3:8f:01:43:c3:f2:bd:dd:64:9d:76:54:
         86:1a:13:4c:63:c4:54:ff:9d:a0:e5:7d:72:ac:87:04:31:72:
         a6:4c:16:c0:74:6d:a6:58:06:12:f8:f4:a5:d8:f8:06:d8:4b:
         5d:4f:b9:21:9b:18:a3:07:e1:9a:1b:8d:46:52:88:b7:30:52:
         87:a6:f6:6b:64:f8:58:40:c8:21:e2:f1:57:ea:7c:28:e1:93:
         e4:4d:d8:0b:48:eb:08:c3:07:1e:58:a3:d9:24:44:a4:12:4e:
         f1:12:2d:60:30:13:c4:1c:43:19:37:1c:5b:1e:61:ed:4f:de:
         0f:ef:72:b6:70:45:b8:3a:a1:69:24:b4:3e:37:eb:87:f4:d5:
         f4:14:48:af:ba:b0:4e:a5:47:8f:ef:97:01:91:eb:c6:1d:be:
         a3:f9:71:e8:74:93:f2:3f:e7:54:64:cc:5b:6b:cb:ed:6f:b4:
         f3:2c:6d:76:9b:24:6a:86:a9:d7:0f:77:d4:a1:ad:24:0e:bb:
         3b:f3:b4:e5
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYzF3Bh+66oqc9AaLXuP3IEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzdlNDJhMTQ2YjkwYmE3Y2QzMzFhZDZhMTNlZWYxZGEyZmJhNDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Xw7kvPzIP/MSwGGqz78pkEInhvS
Pa1EOATMtfPrk3cZYbevpUm3CY6fGoZ5biLRzBhcFShEh+WupOZbvTCLEmm4+vrs
k16FUw2EKdLqPfF6OU79aawSX2+9u7pSSXkyyfaQ+DskvgdyG6PWr2ay1QO2geDo
WvuvjlWkqLvidx4D0LT5rHI7+f8zvbmCKwjBx8k7iHeXGNBBHlsSMS1o99PoXA2O
c6E4fqtUw64Va5f8Wey2ZSmQsY7F9Kppi4dRv+W/krLvPQHEHvSUu84Ojy7f22un
GBfGVzAXZiIsFQOpxqYy5/wqUapge/WHyuRQG4NiRsUf48BBszdi3L52gwIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFON+QqFGuQunzTMa1qE+7x2i+6RAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UwLzNlY2U3
Ni0wNTc1LTQ2YjEtOTRiZi0wNjMyOWY2ZTA0NzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTAvM2VjZTc2
LTA1NzUtNDZiMS05NGJmLTA2MzI5ZjZlMDQ3NS8xLzQzNUNvVWE1QzZmTk14cldv
VDd2SGFMN3BFQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBkGCCsGAQUF
BwEIAQH/BAowCKAGMAQCAg0KMA0GCSqGSIb3DQEBCwUAA4IBAQBBx94n2ieV/2cs
l/n1dgOfIypOi5KGagkyme8opT+o/PrTuchAz6HkfIp7KUVMLL9K4zlnCGE7oPpQ
DYWjjwFDw/K93WSddlSGGhNMY8RU/52g5X1yrIcEMXKmTBbAdG2mWAYS+PSl2PgG
2EtdT7khmxijB+GaG41GUoi3MFKHpvZrZPhYQMgh4vFX6nwo4ZPkTdgLSOsIwwce
WKPZJESkEk7xEi1gMBPEHEMZNxxbHmHtT94P73K2cEW4OqFpJLQ+N+uH9NX0FEiv
urBOpUeP75cBkevGHb6j+XHodJPyP+dUZMxba8vtb7TzLG12myRqhqnXD3fUoa0k
Drs787Tl
-----END CERTIFICATE-----