Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7jSQhUVj0yIi6azlrYpknptKFyk.cer
File:                     7jSQhUVj0yIi6azlrYpknptKFyk.cer (raw, json)
Hash identifier:          r0cNTxlkTtjdbMsI1Y++4cRguWKOw2MbM8rgBoSwdeE=
Subject key identifier:   EE:34:90:85:45:63:D3:22:22:E9:AC:E5:AD:8A:64:9E:9B:4A:17:29
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0193B137D3C7D63C7DCC8FFAB82D8CA4BDE2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3c/d02fbc-8bf5-468d-a2a3-45c53b7ef9fa/1/7jSQhUVj0yIi6azlrYpknptKFyk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3c/d02fbc-8bf5-468d-a2a3-45c53b7ef9fa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 10 Dec 2024 15:37:26 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214061

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b1:37:d3:c7:d6:3c:7d:cc:8f:fa:b8:2d:8c:a4:bd:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Dec 10 15:37:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee3490854563d32222e9ace5ad8a649e9b4a1729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0f:bc:16:2c:5e:8e:8a:72:92:6d:c5:85:8d:
                    a1:bb:bf:65:96:b5:1e:0b:7a:97:39:46:00:75:ea:
                    33:60:35:8d:17:51:d5:cf:34:d5:3b:11:2a:52:e0:
                    cb:59:90:2e:b4:b2:29:48:a0:7f:17:4f:6f:70:3d:
                    6e:bb:16:91:a1:7e:56:d0:eb:79:00:9a:99:05:a8:
                    39:74:ce:5b:92:cf:82:bc:dd:ed:51:7c:cd:11:fd:
                    c8:6d:a9:ff:3b:2a:0e:bb:5d:ab:4b:ef:17:47:b7:
                    06:d2:4c:fa:be:d8:f0:d5:67:73:81:7d:f4:dd:78:
                    00:48:0f:39:1c:c4:34:fd:04:bc:f1:22:8c:f8:43:
                    ce:79:3a:8b:9d:b3:99:8b:34:2e:05:72:8f:e7:b7:
                    27:a3:8b:76:bc:df:9a:99:0e:b9:8a:16:9a:01:7d:
                    ae:88:d9:d2:6d:23:56:b2:7c:f6:84:11:98:1d:30:
                    b2:67:22:4f:2b:05:52:b9:0d:08:70:db:26:cf:4d:
                    a2:12:da:63:f7:cc:ad:2e:7d:40:56:2d:17:dc:90:
                    ab:c1:a9:40:37:1a:3d:0c:5e:4f:31:8a:a4:50:4c:
                    9e:9e:fc:d4:66:ba:18:17:25:31:de:28:13:44:e1:
                    00:f6:05:65:18:18:36:f2:ca:72:25:bc:75:fd:6b:
                    c6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:34:90:85:45:63:D3:22:22:E9:AC:E5:AD:8A:64:9E:9B:4A:17:29
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d02fbc-8bf5-468d-a2a3-45c53b7ef9fa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d02fbc-8bf5-468d-a2a3-45c53b7ef9fa/1/7jSQhUVj0yIi6azlrYpknptKFyk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214061

    Signature Algorithm: sha256WithRSAEncryption
         87:f1:74:8b:24:20:dd:96:98:2d:d6:a7:1f:03:03:a8:f5:a8:
         f0:83:c4:21:46:7c:f5:46:c0:3d:64:45:6d:f0:08:b4:3d:cb:
         dc:a5:6c:9a:e7:30:d7:63:25:cd:45:ab:cb:0f:97:c9:fb:b0:
         bc:46:3c:3d:ed:00:3f:74:65:3c:34:9d:5f:ba:c4:12:ba:c6:
         9c:2e:4a:73:9c:7e:4e:a3:d0:ed:f1:cf:fc:28:7d:87:ec:45:
         7c:c9:c2:47:69:1f:35:f5:ea:3d:2e:28:0b:82:bb:e4:19:3d:
         38:7c:71:3d:f9:99:10:18:77:12:3d:01:9d:73:8d:b1:db:7d:
         63:d4:c2:97:d7:f2:87:b9:8f:57:7a:93:2b:4a:10:96:c0:9a:
         cb:88:3c:45:87:e6:f2:ea:f5:69:0b:32:dc:1a:9b:12:03:90:
         ca:6d:88:b7:19:f1:66:41:73:3b:ea:a6:be:08:d0:e5:d3:b5:
         c3:6a:bb:33:45:4a:4a:d4:c1:3a:b3:a0:fa:26:4e:34:2e:32:
         5d:0b:99:8a:94:ac:1e:c8:7f:13:c4:cb:ed:eb:05:6f:33:7d:
         7b:a7:7e:7c:fe:fe:0a:82:f9:86:4e:5f:d5:99:00:fa:15:e2:
         d4:72:1b:bd:86:63:9b:6a:56:6f:5b:81:e1:e0:63:ac:3d:b7:
         55:9c:52:b6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZOxN9PH1jx9zI/6uC2MpL3iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMjEwMTUzNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTM0OTA4NTQ1NjNkMzIyMjJlOWFjZTVhZDhhNjQ5ZTliNGExNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA+8Fixejopykm3FhY2hu79llrUe
C3qXOUYAdeozYDWNF1HVzzTVOxEqUuDLWZAutLIpSKB/F09vcD1uuxaRoX5W0Ot5
AJqZBag5dM5bks+CvN3tUXzNEf3Iban/OyoOu12rS+8XR7cG0kz6vtjw1WdzgX30
3XgASA85HMQ0/QS88SKM+EPOeTqLnbOZizQuBXKP57cno4t2vN+amQ65ihaaAX2u
iNnSbSNWsnz2hBGYHTCyZyJPKwVSuQ0IcNsmz02iEtpj98ytLn1AVi0X3JCrwalA
Nxo9DF5PMYqkUEyenvzUZroYFyUx3igTROEA9gVlGBg28spyJbx1/WvG3QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFO40kIVFY9MiIums5a2KZJ6bShcpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNjL2QwMmZi
Yy04YmY1LTQ2OGQtYTJhMy00NWM1M2I3ZWY5ZmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2MvZDAyZmJj
LThiZjUtNDY4ZC1hMmEzLTQ1YzUzYjdlZjlmYS8xLzdqU1FoVVZqMHlJaTZhemxy
WXBrbnB0S0Z5ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNELTANBgkqhkiG9w0BAQsFAAOCAQEAh/F0iyQg3ZaY
LdanHwMDqPWo8IPEIUZ89UbAPWRFbfAItD3L3KVsmucw12MlzUWryw+XyfuwvEY8
Pe0AP3RlPDSdX7rEErrGnC5Kc5x+TqPQ7fHP/Ch9h+xFfMnCR2kfNfXqPS4oC4K7
5Bk9OHxxPfmZEBh3Ej0BnXONsdt9Y9TCl9fyh7mPV3qTK0oQlsCay4g8RYfm8ur1
aQsy3BqbEgOQym2ItxnxZkFzO+qmvgjQ5dO1w2q7M0VKStTBOrOg+iZONC4yXQuZ
ipSsHsh/E8TL7esFbzN9e6d+fP7+CoL5hk5f1ZkA+hXi1HIbvYZjm2pWb1uB4eBj
rD23VZxStg==
-----END CERTIFICATE-----