Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6O5Jiuq6FFV2phtjfxNuwcP0MN0.cer
File:                     6O5Jiuq6FFV2phtjfxNuwcP0MN0.cer (raw, json)
Hash identifier:          bLMWLccFvs3MgXS8YtqoUJaeizuALAytVdhhR3AltQM=
Subject key identifier:   E8:EE:49:8A:EA:BA:14:55:76:A6:1B:63:7F:13:6E:C1:C3:F4:30:DD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAB17E9CBFE3CFDA23FBE3401E6654
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2d/0ec905-6740-46f4-b0e8-a068ac8b1028/1/6O5Jiuq6FFV2phtjfxNuwcP0MN0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2d/0ec905-6740-46f4-b0e8-a068ac8b1028/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 204693

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Apr 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b1:7e:9c:bf:e3:cf:da:23:fb:e3:40:1e:66:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8ee498aeaba145576a61b637f136ec1c3f430dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:da:ac:1d:28:b8:af:c2:c8:a7:ab:8d:47:69:
                    1e:1a:39:ba:9d:db:9a:4e:07:66:ea:2d:a1:a5:71:
                    87:2b:06:99:45:b3:22:ad:3f:94:c1:87:b6:81:6e:
                    ca:d6:6c:a1:80:6b:ef:cf:1f:16:60:25:ea:c1:17:
                    b5:8c:c6:4e:67:74:ea:7c:5f:13:bf:e3:82:a9:7b:
                    a3:c0:98:d9:cf:4f:92:c6:87:38:06:39:0b:57:cd:
                    f1:97:42:13:91:4d:6d:45:5d:8e:07:51:9a:e1:70:
                    12:8f:d7:96:2c:9d:4d:eb:af:92:c6:41:09:1d:ef:
                    61:51:74:2a:59:b6:12:e7:b4:bc:c8:4c:40:2c:a7:
                    80:70:cc:e3:fe:46:85:9d:46:dd:17:e0:49:f9:e2:
                    bb:6c:e6:a7:db:5e:d7:8f:e5:fc:2d:a1:d6:04:9a:
                    27:d5:8e:22:91:63:97:fd:b2:26:8e:ac:44:45:3c:
                    fe:56:22:3d:47:45:65:1c:9c:71:20:8f:55:fc:2f:
                    3f:c6:2f:a1:7f:7d:58:b4:b7:41:16:ae:78:71:c4:
                    1e:eb:fe:f0:e5:f9:64:9e:0b:4b:44:45:e0:2b:03:
                    5b:6a:05:71:f4:cc:28:95:1b:b6:d7:73:93:1b:05:
                    d3:c3:06:76:d0:7a:62:b4:6a:fd:da:af:0c:99:84:
                    01:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:EE:49:8A:EA:BA:14:55:76:A6:1B:63:7F:13:6E:C1:C3:F4:30:DD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/0ec905-6740-46f4-b0e8-a068ac8b1028/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/0ec905-6740-46f4-b0e8-a068ac8b1028/1/6O5Jiuq6FFV2phtjfxNuwcP0MN0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204693

    Signature Algorithm: sha256WithRSAEncryption
         32:1f:93:0a:b6:7a:62:b7:58:39:70:9a:e7:76:3f:f3:69:b0:
         ce:f8:5a:c6:33:de:cc:be:d0:be:b6:66:50:67:b9:87:54:69:
         20:11:a7:e0:0b:b3:74:29:50:1c:c4:d1:2c:85:a7:a2:2e:c1:
         36:55:ac:ad:cf:e2:da:4f:15:ff:a7:9e:3b:a2:13:31:4e:b2:
         57:98:e6:ba:b8:ac:d7:a0:65:d5:47:1a:6d:96:1d:e9:75:b8:
         23:c0:b8:30:4f:9b:7c:cd:39:cd:42:23:78:61:9d:32:65:38:
         cc:64:69:8d:ce:8a:ab:ea:83:11:b4:2a:97:3d:e5:56:84:66:
         69:ae:6d:2b:8f:27:29:3f:8c:33:fb:4f:24:38:cc:80:a2:67:
         95:23:51:04:2a:df:b3:96:82:7e:8e:b3:7b:86:3f:25:f1:87:
         37:c7:65:76:61:aa:e7:e3:4a:ba:c2:a5:10:2d:6f:b4:d7:8f:
         3d:de:91:de:a8:7b:cb:7d:60:2e:4f:8d:20:32:66:d8:e8:8a:
         01:32:c3:f0:78:c7:55:c2:53:f2:f5:be:e6:0e:62:e5:e0:e2:
         b3:4a:45:ef:21:33:c4:58:e6:0d:3e:91:00:6d:67:39:3c:b5:
         03:7a:10:9b:2a:63:f2:e9:2d:43:e4:d5:e5:74:14:91:e8:c9:
         a7:ab:d4:02
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzC2rF+nL/jz9oj++NAHmZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGVlNDk4YWVhYmExNDU1NzZhNjFiNjM3ZjEzNmVjMWMzZjQzMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttqsHSi4r8LIp6uNR2keGjm6ndua
Tgdm6i2hpXGHKwaZRbMirT+UwYe2gW7K1myhgGvvzx8WYCXqwRe1jMZOZ3TqfF8T
v+OCqXujwJjZz0+Sxoc4BjkLV83xl0ITkU1tRV2OB1Ga4XASj9eWLJ1N66+SxkEJ
He9hUXQqWbYS57S8yExALKeAcMzj/kaFnUbdF+BJ+eK7bOan217Xj+X8LaHWBJon
1Y4ikWOX/bImjqxERTz+ViI9R0VlHJxxII9V/C8/xi+hf31YtLdBFq54ccQe6/7w
5flkngtLREXgKwNbagVx9MwolRu213OTGwXTwwZ20HpitGr92q8MmYQBzQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOjuSYrquhRVdqYbY38TbsHD9DDdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJkLzBlYzkw
NS02NzQwLTQ2ZjQtYjBlOC1hMDY4YWM4YjEwMjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvMGVjOTA1
LTY3NDAtNDZmNC1iMGU4LWEwNjhhYzhiMTAyOC8xLzZPNUppdXE2RkZWMnBodGpm
eE51d2NQME1OMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMflTANBgkqhkiG9w0BAQsFAAOCAQEAMh+TCrZ6YrdY
OXCa53Y/82mwzvhaxjPezL7QvrZmUGe5h1RpIBGn4AuzdClQHMTRLIWnoi7BNlWs
rc/i2k8V/6eeO6ITMU6yV5jmuris16Bl1UcabZYd6XW4I8C4ME+bfM05zUIjeGGd
MmU4zGRpjc6Kq+qDEbQqlz3lVoRmaa5tK48nKT+MM/tPJDjMgKJnlSNRBCrfs5aC
fo6ze4Y/JfGHN8dldmGq5+NKusKlEC1vtNePPd6R3qh7y31gLk+NIDJm2OiKATLD
8HjHVcJT8vW+5g5i5eDis0pF7yEzxFjmDT6RAG1nOTy1A3oQmypj8uktQ+TV5XQU
kejJp6vUAg==
-----END CERTIFICATE-----