Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8Ss4HgDWFiGsxFzxij5wWX1bkYY.cer
File:                     8Ss4HgDWFiGsxFzxij5wWX1bkYY.cer (raw, json)
Hash identifier:          zV9TjjfsRDbGhoq3oXS5YQ8//MWEmsMtnNi2QzvcXvY=
Subject key identifier:   F1:2B:38:1E:00:D6:16:21:AC:C4:5C:F1:8A:3E:70:59:7D:5B:91:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EBB8F85CA313B817156F94FD8AF99
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d9/8b2c9f-15ce-434e-be93-5d436cef608f/1/8Ss4HgDWFiGsxFzxij5wWX1bkYY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d9/8b2c9f-15ce-434e-be93-5d436cef608f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:17 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 208074

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 02:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:bb:8f:85:ca:31:3b:81:71:56:f9:4f:d8:af:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f12b381e00d61621acc45cf18a3e70597d5b9186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:96:00:77:9c:b7:19:af:89:7f:ea:33:b3:16:
                    47:04:73:bb:6d:b8:6a:d2:4c:0c:34:32:ff:aa:52:
                    ca:67:2a:82:93:21:82:14:4c:b4:23:d6:8c:f6:72:
                    6f:51:c2:fd:0b:78:ce:59:54:c5:c2:dc:93:b8:9b:
                    c1:7f:7f:0f:60:c9:46:24:ce:04:1c:8f:48:54:d0:
                    f5:f3:b4:13:d2:05:94:87:e8:a3:97:20:e6:5d:80:
                    92:1e:45:f2:78:ce:3e:35:5c:da:13:b3:db:bb:29:
                    51:1d:7e:57:b1:51:83:99:21:39:16:c1:d8:a5:b7:
                    f1:9d:08:aa:da:af:cd:29:22:e6:e8:98:9d:e4:08:
                    1f:d3:6d:e0:32:da:17:f4:ac:3f:bd:86:6f:4b:99:
                    ce:99:a0:ee:f6:cd:8d:ae:20:ef:30:da:6a:ae:ce:
                    9e:4f:55:a4:2e:7a:40:95:f4:7c:e2:8b:78:5f:7c:
                    7f:9f:25:44:34:74:d0:4e:dd:d7:ec:1b:8e:85:81:
                    e7:7e:54:d0:3c:e0:c0:ec:63:cd:37:f2:46:02:4c:
                    88:d3:ec:ca:fc:c4:ff:b0:d3:14:22:0f:cd:8b:13:
                    6d:5a:0a:99:71:d2:21:46:a6:e1:0b:55:75:2b:d7:
                    a1:7c:b8:41:da:e7:46:c5:b6:ad:7b:4b:1e:49:bc:
                    1b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:2B:38:1E:00:D6:16:21:AC:C4:5C:F1:8A:3E:70:59:7D:5B:91:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/8b2c9f-15ce-434e-be93-5d436cef608f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/8b2c9f-15ce-434e-be93-5d436cef608f/1/8Ss4HgDWFiGsxFzxij5wWX1bkYY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208074

    Signature Algorithm: sha256WithRSAEncryption
         78:e6:98:40:f5:09:64:d7:8c:6b:f3:19:12:5d:3f:98:cf:7a:
         2f:bf:74:4b:07:2b:a3:63:43:e6:23:42:c4:73:65:ce:ab:0f:
         33:5c:6a:1f:0d:ba:42:99:fb:4a:aa:68:5d:d1:46:a0:8d:fb:
         b4:18:67:2b:e7:f2:8c:ce:7f:5d:7c:f3:2a:f4:2d:0b:2b:ae:
         10:e2:6d:50:11:0c:50:df:14:11:67:c7:8e:a1:06:cd:e6:fd:
         3c:b4:77:0a:cc:ed:61:4b:57:18:3a:56:3f:84:b0:a6:1a:75:
         6e:c6:87:59:8c:e7:c3:75:90:ee:ef:2f:0c:a1:c6:bb:2f:15:
         0f:11:8d:73:13:ea:3b:e7:59:d7:82:4f:a9:0f:06:05:59:77:
         4c:62:2f:22:4c:73:f3:76:bf:5a:a5:3d:34:78:61:69:ff:a6:
         90:6a:48:aa:79:fe:7c:24:e2:31:18:95:d2:e3:5b:03:2e:1f:
         fd:39:27:04:0d:e8:03:ec:71:4a:78:93:c2:be:86:f7:61:f2:
         91:2e:92:dd:81:cc:7f:e5:81:9d:13:4a:eb:5f:c3:be:91:eb:
         f2:73:b3:dd:2f:69:47:67:52:f7:89:1a:05:3d:3c:6f:d6:3e:
         16:4d:f6:d5:33:9f:82:51:1c:c5:d9:b6:5b:b6:b3:67:36:ad:
         ce:06:4f:16
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzFbruPhcoxO4FxVvlP2K+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTJiMzgxZTAwZDYxNjIxYWNjNDVjZjE4YTNlNzA1OTdkNWI5MTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5YAd5y3Ga+Jf+ozsxZHBHO7bbhq
0kwMNDL/qlLKZyqCkyGCFEy0I9aM9nJvUcL9C3jOWVTFwtyTuJvBf38PYMlGJM4E
HI9IVND187QT0gWUh+ijlyDmXYCSHkXyeM4+NVzaE7PbuylRHX5XsVGDmSE5FsHY
pbfxnQiq2q/NKSLm6Jid5Agf023gMtoX9Kw/vYZvS5nOmaDu9s2NriDvMNpqrs6e
T1WkLnpAlfR84ot4X3x/nyVENHTQTt3X7BuOhYHnflTQPODA7GPNN/JGAkyI0+zK
/MT/sNMUIg/NixNtWgqZcdIhRqbhC1V1K9ehfLhB2udGxbate0seSbwb+wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFPErOB4A1hYhrMRc8Yo+cFl9W5GGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q5LzhiMmM5
Zi0xNWNlLTQzNGUtYmU5My01ZDQzNmNlZjYwOGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDkvOGIyYzlm
LTE1Y2UtNDM0ZS1iZTkzLTVkNDM2Y2VmNjA4Zi8xLzhTczRIZ0RXRmlHc3hGenhp
ajV3V1gxYmtZWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMsyjANBgkqhkiG9w0BAQsFAAOCAQEAeOaYQPUJZNeM
a/MZEl0/mM96L790Swcro2ND5iNCxHNlzqsPM1xqHw26Qpn7SqpoXdFGoI37tBhn
K+fyjM5/XXzzKvQtCyuuEOJtUBEMUN8UEWfHjqEGzeb9PLR3CsztYUtXGDpWP4Sw
php1bsaHWYznw3WQ7u8vDKHGuy8VDxGNcxPqO+dZ14JPqQ8GBVl3TGIvIkxz83a/
WqU9NHhhaf+mkGpIqnn+fCTiMRiV0uNbAy4f/TknBA3oA+xxSniTwr6G92HykS6S
3YHMf+WBnRNK61/DvpHr8nOz3S9pR2dS94kaBT08b9Y+Fk321TOfglEcxdm2W7az
ZzatzgZPFg==
-----END CERTIFICATE-----