Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4EsooZ2_U0rWHLBJmG5UJMMoTeI.cer
File:                     4EsooZ2_U0rWHLBJmG5UJMMoTeI.cer (raw, json)
Hash identifier:          BHVlAAdm533N+K5g/9e6ly3G5j5k7WtaZ9KWbayTuKA=
Subject key identifier:   E0:4B:28:A1:9D:BF:53:4A:D6:1C:B0:49:98:6E:54:24:C3:28:4D:E2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019044B7330236164EB2D9CA76BD0A588BC9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/4EsooZ2_U0rWHLBJmG5UJMMoTeI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 23 Jun 2024 10:49:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212495
                          IP: 2001:678:e98::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:44:b7:33:02:36:16:4e:b2:d9:ca:76:bd:0a:58:8b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 23 10:49:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e04b28a19dbf534ad61cb049986e5424c3284de2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cb:a2:2e:ac:bf:89:0e:7e:f9:6d:12:61:1d:
                    df:e4:50:4f:c0:fe:cb:14:d3:c5:eb:81:21:c3:64:
                    80:d8:c6:69:fd:bb:73:28:98:63:66:e3:4d:e6:4a:
                    49:5b:0d:6a:b4:fb:90:e6:bb:02:b0:88:84:16:7e:
                    89:ce:16:c5:ab:91:6a:6f:5c:11:28:68:a8:5e:7e:
                    f2:de:09:a4:ef:98:24:aa:20:d4:a6:d3:6c:8d:d5:
                    84:58:31:fa:fe:2a:46:0e:ae:86:b5:c0:0c:d8:7b:
                    f6:e4:37:f8:87:d4:44:75:9f:4b:26:6a:f2:2a:73:
                    1f:31:7f:68:43:51:c2:02:61:b6:52:c9:20:da:4d:
                    ed:51:5b:49:be:7e:9a:87:39:90:c4:f2:6f:8a:f6:
                    44:be:d9:11:57:bd:d4:e7:0e:a8:fa:04:2a:2c:f6:
                    47:38:23:c0:07:8a:08:03:2b:cc:23:52:b1:6c:b5:
                    56:e1:ec:11:dc:f1:69:1f:79:54:3a:57:12:bb:0f:
                    62:5b:94:d5:65:7f:8c:88:e5:a9:26:22:06:2f:1a:
                    97:b3:8f:37:b3:e6:ac:72:09:44:b2:bc:22:86:e9:
                    78:9f:a4:03:56:ce:76:40:c3:b7:f9:c6:3f:2b:b3:
                    3b:08:5c:34:8d:3e:15:21:5d:de:17:b3:80:9f:02:
                    68:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:4B:28:A1:9D:BF:53:4A:D6:1C:B0:49:98:6E:54:24:C3:28:4D:E2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/4EsooZ2_U0rWHLBJmG5UJMMoTeI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e98::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212495

    Signature Algorithm: sha256WithRSAEncryption
         31:1d:73:29:70:64:9a:bd:dc:11:81:3b:5b:5d:02:2e:8c:4c:
         d3:40:e9:e4:e7:c7:10:02:72:27:3c:db:4b:0c:b9:da:ef:06:
         b6:43:b6:17:e5:67:f8:df:f7:d4:ae:f3:15:aa:38:9a:29:63:
         14:8f:1f:2b:66:86:f0:28:f9:4b:47:aa:85:2d:c0:c1:f3:0d:
         37:17:89:78:35:da:f5:da:5e:eb:32:a7:21:5c:42:ba:e9:4c:
         d7:62:f8:cd:f3:f8:1a:f3:00:1a:7a:6b:e0:b4:f4:b9:6c:cb:
         59:9b:11:c5:4b:37:10:c6:0a:77:78:1e:79:0c:2b:78:79:2c:
         e1:25:23:c1:e9:df:23:4f:1b:04:cd:2e:8f:c9:8f:7c:2b:61:
         dc:a0:fe:95:3c:e3:d7:22:80:0e:3f:37:de:b2:be:07:b9:47:
         05:48:53:1c:c6:65:a3:c1:a5:ec:22:35:30:6b:b0:82:d0:45:
         ab:fd:89:47:5a:eb:bf:0f:4b:aa:31:d5:6d:d2:5f:2e:85:35:
         8c:2c:06:74:eb:50:02:12:b3:5c:0d:63:1d:72:ea:c2:4e:c6:
         9f:bc:f5:68:4c:e6:7e:8d:2a:2d:2a:e6:2d:04:31:eb:d7:a4:
         7a:2c:38:c7:b4:f7:ea:2d:41:07:e9:2d:2b:65:27:4c:be:b9:
         0f:e9:6b:59
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZBEtzMCNhZOstnKdr0KWIvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjIzMTA0OTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDRiMjhhMTlkYmY1MzRhZDYxY2IwNDk5ODZlNTQyNGMzMjg0ZGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncuiLqy/iQ5++W0SYR3f5FBPwP7L
FNPF64Ehw2SA2MZp/btzKJhjZuNN5kpJWw1qtPuQ5rsCsIiEFn6JzhbFq5Fqb1wR
KGioXn7y3gmk75gkqiDUptNsjdWEWDH6/ipGDq6GtcAM2Hv25Df4h9REdZ9LJmry
KnMfMX9oQ1HCAmG2Uskg2k3tUVtJvn6ahzmQxPJvivZEvtkRV73U5w6o+gQqLPZH
OCPAB4oIAyvMI1KxbLVW4ewR3PFpH3lUOlcSuw9iW5TVZX+MiOWpJiIGLxqXs483
s+ascglEsrwihul4n6QDVs52QMO3+cY/K7M7CFw0jT4VIV3eF7OAnwJocwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFOBLKKGdv1NK1hywSZhuVCTDKE3iMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y4L2NkYThm
Ny04Yjg3LTRjNmUtYmQ1Ni1hY2YwNDQ4MTA2NGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjgvY2RhOGY3
LThiODctNGM2ZS1iZDU2LWFjZjA0NDgxMDY0ZC8xLzRFc29vWjJfVTByV0hMQkpt
RzVVSk1Nb1RlSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA6YMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM+DzANBgkqhkiG9w0BAQsFAAOCAQEAMR1zKXBkmr3cEYE7W10CLoxM00Dp
5OfHEAJyJzzbSwy52u8GtkO2F+Vn+N/31K7zFao4miljFI8fK2aG8Cj5S0eqhS3A
wfMNNxeJeDXa9dpe6zKnIVxCuulM12L4zfP4GvMAGnpr4LT0uWzLWZsRxUs3EMYK
d3geeQwreHks4SUjwenfI08bBM0uj8mPfCth3KD+lTzj1yKADj833rK+B7lHBUhT
HMZlo8Gl7CI1MGuwgtBFq/2JR1rrvw9LqjHVbdJfLoU1jCwGdOtQAhKzXA1jHXLq
wk7Gn7z1aEzmfo0qLSrmLQQx69ekeiw4x7T36i1BB+ktK2UnTL65D+lrWQ==
-----END CERTIFICATE-----