Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8-9S7YFs9L99Ap_7CrwQGv0sZLU.cer
File:                     8-9S7YFs9L99Ap_7CrwQGv0sZLU.cer (raw, json)
Hash identifier:          +9ow4P7WxbCTmWHKzl0qnq5M8CSTMR1iZRfTugvkbK8=
Subject key identifier:   F3:EF:52:ED:81:6C:F4:BF:7D:02:9F:FB:0A:BC:10:1A:FD:2C:64:B5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01968D50929442311D846678924E32E3182F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0c/76664c-1e05-4044-a0c5-eb2c2e86807f/1/8-9S7YFs9L99Ap_7CrwQGv0sZLU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0c/76664c-1e05-4044-a0c5-eb2c2e86807f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 May 2025 19:26:30 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 209355
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8d:50:92:94:42:31:1d:84:66:78:92:4e:32:e3:18:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May  1 19:26:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3ef52ed816cf4bf7d029ffb0abc101afd2c64b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:1f:d9:fc:b0:45:9c:ab:b2:c9:77:11:62:1d:
                    79:4e:3e:1a:8e:fa:b2:c0:59:97:72:04:ed:7a:25:
                    17:7a:6d:9a:a3:d4:6e:09:c1:67:f7:3e:c8:f2:bd:
                    51:36:83:16:a5:36:bc:b0:ee:af:55:f3:83:eb:9d:
                    47:1f:97:2e:67:13:d9:28:49:9e:d0:d9:a6:a9:54:
                    23:93:b1:22:fe:71:14:a8:c0:75:03:c6:b5:54:b9:
                    1d:b8:90:85:8f:47:7c:b0:a3:53:dd:f1:b9:b9:17:
                    88:37:bc:0a:5d:44:63:6b:ea:1d:77:91:a2:ec:35:
                    ac:39:5a:bd:7e:52:a9:d9:54:96:58:0c:52:96:f4:
                    07:d3:d7:7f:79:09:16:7f:ba:ef:78:fc:4a:be:6e:
                    d8:d5:26:aa:81:15:ea:66:f6:7d:a8:4b:a4:a0:68:
                    02:16:05:1d:d0:2d:72:9b:9a:23:3f:d6:95:50:b6:
                    6f:b1:f7:b3:db:f8:fe:b6:d7:65:c2:19:ea:e9:78:
                    29:04:55:4f:0d:1c:08:b7:1e:2b:e1:24:e5:2b:a5:
                    3f:54:dd:c6:c9:66:71:bf:b7:62:d7:2b:15:f8:78:
                    83:e5:ad:e2:97:99:0e:23:97:89:df:b2:8d:f5:4d:
                    cb:43:3f:e0:0b:45:c6:6f:b9:65:fd:65:0e:f6:33:
                    62:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:EF:52:ED:81:6C:F4:BF:7D:02:9F:FB:0A:BC:10:1A:FD:2C:64:B5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/76664c-1e05-4044-a0c5-eb2c2e86807f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/76664c-1e05-4044-a0c5-eb2c2e86807f/1/8-9S7YFs9L99Ap_7CrwQGv0sZLU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209355

    Signature Algorithm: sha256WithRSAEncryption
         0d:fb:ec:20:e1:47:8d:fe:53:28:35:4d:b0:31:d7:21:23:c8:
         b8:f4:54:1a:bc:c3:a5:b2:bc:75:d2:e7:82:e0:a4:2a:ab:cc:
         a8:f8:0d:27:4a:1d:d4:d2:b4:a0:d0:25:84:4e:c3:dd:f7:fb:
         7d:62:0d:ee:ef:d9:1a:b5:04:49:1f:e5:01:14:44:26:bb:5e:
         b6:24:69:38:1b:08:1e:c8:31:d3:91:16:8a:c6:0d:d3:b8:a9:
         5d:9e:72:3c:4b:93:1e:4d:be:37:d6:16:c7:d0:e5:a7:ce:41:
         74:58:ae:1f:2a:7d:f3:f6:c8:2d:f0:16:35:51:b5:6a:d1:10:
         fd:e4:6d:9a:d9:70:34:e2:6c:a1:de:f9:77:a4:48:dd:bc:c7:
         d0:32:1a:d1:41:a1:9a:99:2f:ec:20:fd:36:df:79:da:45:b3:
         50:2b:ff:0f:a0:a6:41:ea:bf:75:2d:42:31:83:ad:5a:83:ae:
         b9:86:02:e7:25:4c:de:66:f6:c4:64:f9:9e:fe:4f:14:ef:a7:
         f5:64:97:c9:c6:2f:b2:09:65:a5:26:ef:c7:2a:e1:10:4a:7a:
         20:24:a6:fb:1e:af:32:33:9c:02:3e:ab:8b:a2:cf:7a:63:7a:
         9c:70:98:e3:8a:bd:f1:ba:c6:17:0a:b9:08:5d:68:68:00:a7:
         03:55:7a:3c
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZaNUJKUQjEdhGZ4kk4y4xgvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTAxMTkyNjMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2VmNTJlZDgxNmNmNGJmN2QwMjlmZmIwYWJjMTAxYWZkMmM2NGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4x/Z/LBFnKuyyXcRYh15Tj4ajvqy
wFmXcgTteiUXem2ao9RuCcFn9z7I8r1RNoMWpTa8sO6vVfOD651HH5cuZxPZKEme
0NmmqVQjk7Ei/nEUqMB1A8a1VLkduJCFj0d8sKNT3fG5uReIN7wKXURja+odd5Gi
7DWsOVq9flKp2VSWWAxSlvQH09d/eQkWf7rvePxKvm7Y1SaqgRXqZvZ9qEukoGgC
FgUd0C1ym5ojP9aVULZvsfez2/j+ttdlwhnq6XgpBFVPDRwItx4r4STlK6U/VN3G
yWZxv7di1ysV+HiD5a3il5kOI5eJ37KN9U3LQz/gC0XGb7ll/WUO9jNicwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFPPvUu2BbPS/fQKf+wq8EBr9LGS1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBjLzc2NjY0
Yy0xZTA1LTQwNDQtYTBjNS1lYjJjMmU4NjgwN2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMvNzY2NjRj
LTFlMDUtNDA0NC1hMGM1LWViMmMyZTg2ODA3Zi8xLzgtOVM3WUZzOUw5OUFwXzdD
cndRR3Ywc1pMVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMxyzANBgkqhkiG9w0BAQsFAAOCAQEADfvsIOFHjf5T
KDVNsDHXISPIuPRUGrzDpbK8ddLnguCkKqvMqPgNJ0od1NK0oNAlhE7D3ff7fWIN
7u/ZGrUESR/lARREJrtetiRpOBsIHsgx05EWisYN07ipXZ5yPEuTHk2+N9YWx9Dl
p85BdFiuHyp98/bILfAWNVG1atEQ/eRtmtlwNOJsod75d6RI3bzH0DIa0UGhmpkv
7CD9Nt952kWzUCv/D6CmQeq/dS1CMYOtWoOuuYYC5yVM3mb2xGT5nv5PFO+n9WSX
ycYvsgllpSbvxyrhEEp6ICSm+x6vMjOcAj6ri6LPemN6nHCY44q98brGFwq5CF1o
aACnA1V6PA==
-----END CERTIFICATE-----