Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7P2OqrWurDzpQf4SWFmzKjUlE0Q.cer
File:                     7P2OqrWurDzpQf4SWFmzKjUlE0Q.cer (raw, json)
Hash identifier:          FRSMFpuBifNQrhjwkUTtyfySp9cYF38HVCy0xugeTTM=
Subject key identifier:   EC:FD:8E:AA:B5:AE:AC:3C:E9:41:FE:12:58:59:B3:2A:35:25:13:44
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8019B52F2756E59D836C70372305554
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0f/bb883a-486d-4975-8dbc-d4b90b6f4659/1/7P2OqrWurDzpQf4SWFmzKjUlE0Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0f/bb883a-486d-4975-8dbc-d4b90b6f4659/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212568

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:9b:52:f2:75:6e:59:d8:36:c7:03:72:30:55:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecfd8eaab5aeac3ce941fe125859b32a35251344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e3:fe:f8:0b:41:b8:7b:b3:ef:f0:fd:96:01:
                    f5:64:82:2d:a2:d8:73:15:a2:1c:76:1a:0a:b0:5c:
                    5f:b6:30:a1:b9:05:fa:ec:63:48:92:18:44:93:51:
                    8d:8c:d1:23:7e:f1:d5:eb:83:91:ec:ae:99:1f:15:
                    af:41:08:52:8a:b1:98:d7:e5:43:b6:e4:a2:79:13:
                    79:99:e7:5c:3c:b8:63:98:ac:f8:80:76:1f:4d:5d:
                    f5:52:22:9a:05:63:8d:e9:74:bb:61:d9:5d:50:d9:
                    bb:d0:b5:89:84:6d:94:56:47:cf:f9:21:ee:0c:9c:
                    22:6d:d1:74:3e:75:c3:43:35:63:26:19:76:50:27:
                    d7:6a:b8:6a:15:50:c7:75:f1:5a:92:2f:f6:fa:bc:
                    69:ce:95:65:c1:71:6d:df:d8:a0:7e:72:51:bc:33:
                    96:2b:57:07:4f:b0:30:96:fa:c8:d0:b2:06:83:e8:
                    78:04:f7:f8:21:b2:4e:c8:8a:56:29:9b:c8:71:e3:
                    d1:d2:81:87:a9:46:41:37:0e:dd:dc:bb:74:7b:a9:
                    d6:05:bc:88:43:80:28:a8:27:e2:19:7e:dd:4f:73:
                    94:eb:2b:d3:91:3f:08:0a:e4:c7:e6:7f:d3:e6:4c:
                    09:ae:0b:b2:bb:c3:12:44:26:b2:cf:b7:c0:64:76:
                    d8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:FD:8E:AA:B5:AE:AC:3C:E9:41:FE:12:58:59:B3:2A:35:25:13:44
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bb883a-486d-4975-8dbc-d4b90b6f4659/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bb883a-486d-4975-8dbc-d4b90b6f4659/1/7P2OqrWurDzpQf4SWFmzKjUlE0Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212568

    Signature Algorithm: sha256WithRSAEncryption
         25:c7:59:88:c5:f7:26:cd:c3:0f:b2:86:1f:bc:a6:b1:5e:85:
         56:3a:12:e2:73:e5:1e:11:97:40:c9:ed:3d:ee:a4:f1:fb:d5:
         51:94:18:cb:60:ad:66:01:78:b5:2d:22:aa:0f:54:38:70:18:
         18:f0:f7:85:15:03:b3:53:2d:ec:c0:a2:ef:89:ac:d5:fd:16:
         de:d8:19:7f:cc:e6:d3:34:75:2f:16:58:db:2e:4b:74:5f:32:
         03:84:9a:c7:a5:8f:be:d2:b2:4e:07:da:f4:4d:01:99:e3:df:
         39:af:03:b8:8e:27:ef:6e:4b:cd:60:2d:23:76:80:93:0c:0c:
         2d:09:59:a5:cd:1b:b0:36:33:24:30:e5:49:0d:9a:a5:7a:ec:
         89:3f:74:11:a2:f7:34:1e:9b:5d:f0:32:bc:ab:6a:c1:b8:44:
         d7:ab:b3:b5:9b:c2:f3:1a:99:b6:f3:9d:04:7b:c1:57:42:f2:
         d7:5c:35:94:5b:b5:09:cb:cd:ef:9e:3e:e9:14:25:16:89:f1:
         e5:c1:4e:01:eb:32:43:57:6c:09:bf:4c:a3:2a:7f:10:e1:24:
         fc:8e:43:44:9f:2b:75:4b:97:3c:b3:30:f9:f5:8a:95:55:55:
         6a:a9:89:d1:bd:ee:61:13:05:60:d4:00:fb:26:d8:f7:cf:12:
         68:7e:6e:b1
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIAZtS8nVuWdg2xwNyMFVUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2ZkOGVhYWI1YWVhYzNjZTk0MWZlMTI1ODU5YjMyYTM1MjUxMzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleP++AtBuHuz7/D9lgH1ZIItothz
FaIcdhoKsFxftjChuQX67GNIkhhEk1GNjNEjfvHV64OR7K6ZHxWvQQhSirGY1+VD
tuSieRN5medcPLhjmKz4gHYfTV31UiKaBWON6XS7YdldUNm70LWJhG2UVkfP+SHu
DJwibdF0PnXDQzVjJhl2UCfXarhqFVDHdfFaki/2+rxpzpVlwXFt39igfnJRvDOW
K1cHT7AwlvrI0LIGg+h4BPf4IbJOyIpWKZvIcePR0oGHqUZBNw7d3Lt0e6nWBbyI
Q4AoqCfiGX7dT3OU6yvTkT8ICuTH5n/T5kwJrguyu8MSRCayz7fAZHbY0wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOz9jqq1rqw86UH+ElhZsyo1JRNEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBmL2JiODgz
YS00ODZkLTQ5NzUtOGRiYy1kNGI5MGI2ZjQ2NTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGYvYmI4ODNh
LTQ4NmQtNDk3NS04ZGJjLWQ0YjkwYjZmNDY1OS8xLzdQMk9xcld1ckR6cFFmNFNX
Rm16S2pVbEUwUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM+WDANBgkqhkiG9w0BAQsFAAOCAQEAJcdZiMX3Js3D
D7KGH7ymsV6FVjoS4nPlHhGXQMntPe6k8fvVUZQYy2CtZgF4tS0iqg9UOHAYGPD3
hRUDs1Mt7MCi74ms1f0W3tgZf8zm0zR1LxZY2y5LdF8yA4Sax6WPvtKyTgfa9E0B
mePfOa8DuI4n725LzWAtI3aAkwwMLQlZpc0bsDYzJDDlSQ2apXrsiT90EaL3NB6b
XfAyvKtqwbhE16uztZvC8xqZtvOdBHvBV0Ly11w1lFu1CcvN754+6RQlFonx5cFO
AesyQ1dsCb9Moyp/EOEk/I5DRJ8rdUuXPLMw+fWKlVVVaqmJ0b3uYRMFYNQA+ybY
988SaH5usQ==
-----END CERTIFICATE-----