Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4cFmtQajq3Eo4X8q_hHiLsoJ80E.cer
File:                     4cFmtQajq3Eo4X8q_hHiLsoJ80E.cer (raw, json)
Hash identifier:          efP+5f6NjmrQVnyqqLP0Bj93sPLxlbSXBWQiGSt7RKc=
Subject key identifier:   E1:C1:66:B5:06:A3:AB:71:28:E1:7F:2A:FE:11:E2:2E:CA:09:F3:41
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018F23FA5CEEA5F47FD67E2AE805968D7A35
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/98/37133f-c704-40d1-a606-fdb60b122fad/1/4cFmtQajq3Eo4X8q_hHiLsoJ80E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/98/37133f-c704-40d1-a606-fdb60b122fad/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 28 Apr 2024 09:12:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215150

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:23:fa:5c:ee:a5:f4:7f:d6:7e:2a:e8:05:96:8d:7a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 28 09:12:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1c166b506a3ab7128e17f2afe11e22eca09f341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3e:ac:0f:72:10:5e:61:9f:b9:dc:ee:ab:85:
                    a3:46:03:97:85:b3:a9:a3:c7:dd:d4:5b:d4:dc:16:
                    21:e5:04:c5:84:b6:46:61:cd:84:d4:16:8d:76:00:
                    8d:00:fa:50:0b:71:7e:44:6b:6b:92:b9:30:7d:e7:
                    84:da:5f:b7:12:e6:cc:89:cd:ef:55:4c:81:3c:9c:
                    79:83:ef:f7:8e:26:b9:d0:5e:ea:be:dd:60:f8:2d:
                    82:12:bd:e9:14:d2:b5:3c:b9:3f:ad:24:99:15:87:
                    89:ed:95:5c:f9:da:be:d7:5b:12:2a:d6:89:80:5c:
                    88:c7:c5:1e:03:8c:ef:9f:86:03:23:62:3b:9e:85:
                    11:06:29:1a:c2:82:ea:b0:3d:23:6f:6a:45:06:fb:
                    ac:9e:b1:74:58:bf:04:17:92:d1:a0:a7:16:f0:f5:
                    1b:1c:58:d5:e4:bc:92:34:73:13:d5:82:bf:8c:b0:
                    2f:50:a7:e8:64:b3:0e:01:68:c8:e5:b1:49:10:4b:
                    0b:e0:66:2d:85:e7:d2:e6:58:a6:1f:4c:9a:87:95:
                    9b:97:c5:3e:5e:6c:04:49:03:25:9f:30:55:7b:88:
                    d5:49:88:0e:e8:13:9a:c7:7b:fc:96:0b:67:89:d8:
                    e5:4e:8f:1b:27:85:de:be:c6:e1:39:69:41:5c:db:
                    dd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:C1:66:B5:06:A3:AB:71:28:E1:7F:2A:FE:11:E2:2E:CA:09:F3:41
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/37133f-c704-40d1-a606-fdb60b122fad/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/37133f-c704-40d1-a606-fdb60b122fad/1/4cFmtQajq3Eo4X8q_hHiLsoJ80E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215150

    Signature Algorithm: sha256WithRSAEncryption
         21:16:dc:9d:d8:7f:b6:51:55:f9:b0:cd:8a:39:cf:cb:cd:8f:
         64:c9:bd:64:cf:88:d5:39:e5:40:fa:d2:7f:60:8b:32:bb:36:
         01:c9:e5:82:91:e2:76:a6:70:c6:04:55:1c:b4:fa:c8:08:c6:
         a7:d0:80:d8:05:10:92:15:a4:3b:35:43:e1:92:7a:0a:2c:ed:
         06:67:c5:0b:2e:cd:b4:61:b4:db:6a:0d:e4:8a:6b:ab:1a:8d:
         ed:8c:35:25:31:1d:fa:6c:b0:fd:40:6d:07:92:88:58:06:07:
         91:57:f2:b6:f7:80:94:e9:de:b3:3a:d7:a3:31:d1:8e:fb:79:
         79:ae:48:83:18:fe:96:cb:17:b4:a9:98:bd:07:9e:5e:5f:c0:
         16:fe:18:a0:7a:90:c4:87:7a:b8:11:4f:0d:96:28:45:75:ab:
         2b:41:20:55:28:d3:e7:3d:f1:da:4c:bc:28:fa:ca:82:d5:7e:
         21:89:a6:90:71:2d:80:dc:8f:82:6a:be:d9:da:4a:75:62:dc:
         95:4d:ae:91:d6:44:5e:01:33:50:05:b8:01:12:f3:39:c8:27:
         15:05:74:81:61:2c:71:ca:cf:9f:ab:02:65:4d:78:21:16:4a:
         8c:2c:30:16:ef:80:f0:a6:63:13:ba:89:71:18:19:a7:13:7d:
         93:a0:aa:3e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY8j+lzupfR/1n4q6AWWjXo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDI4MDkxMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWMxNjZiNTA2YTNhYjcxMjhlMTdmMmFmZTExZTIyZWNhMDlmMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT6sD3IQXmGfudzuq4WjRgOXhbOp
o8fd1FvU3BYh5QTFhLZGYc2E1BaNdgCNAPpQC3F+RGtrkrkwfeeE2l+3EubMic3v
VUyBPJx5g+/3jia50F7qvt1g+C2CEr3pFNK1PLk/rSSZFYeJ7ZVc+dq+11sSKtaJ
gFyIx8UeA4zvn4YDI2I7noURBikawoLqsD0jb2pFBvusnrF0WL8EF5LRoKcW8PUb
HFjV5LySNHMT1YK/jLAvUKfoZLMOAWjI5bFJEEsL4GYthefS5limH0yah5Wbl8U+
XmwESQMlnzBVe4jVSYgO6BOax3v8lgtnidjlTo8bJ4XevsbhOWlBXNvd+QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOHBZrUGo6txKOF/Kv4R4i7KCfNBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4LzM3MTMz
Zi1jNzA0LTQwZDEtYTYwNi1mZGI2MGIxMjJmYWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvMzcxMzNm
LWM3MDQtNDBkMS1hNjA2LWZkYjYwYjEyMmZhZC8xLzRjRm10UWFqcTNFbzRYOHFf
aEhpTHNvSjgwRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNIbjANBgkqhkiG9w0BAQsFAAOCAQEAIRbcndh/tlFV
+bDNijnPy82PZMm9ZM+I1TnlQPrSf2CLMrs2AcnlgpHidqZwxgRVHLT6yAjGp9CA
2AUQkhWkOzVD4ZJ6CiztBmfFCy7NtGG022oN5IprqxqN7Yw1JTEd+myw/UBtB5KI
WAYHkVfytveAlOneszrXozHRjvt5ea5Igxj+lssXtKmYvQeeXl/AFv4YoHqQxId6
uBFPDZYoRXWrK0EgVSjT5z3x2ky8KPrKgtV+IYmmkHEtgNyPgmq+2dpKdWLclU2u
kdZEXgEzUAW4ARLzOcgnFQV0gWEsccrPn6sCZU14IRZKjCwwFu+A8KZjE7qJcRgZ
pxN9k6CqPg==
-----END CERTIFICATE-----