Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9kPwNSrfyYrIgBuU5aAH5wcLB6w.cer
File:                     9kPwNSrfyYrIgBuU5aAH5wcLB6w.cer (raw, json)
Hash identifier:          breMtL7aLA4dcqGE5qk++hOPp53lT/3ufUaJA4BuKtQ=
Subject key identifier:   F6:43:F0:35:2A:DF:C9:8A:C8:80:1B:94:E5:A0:07:E7:07:0B:07:AC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4245640EA3AA00736012D06D81A2B98
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ab/6ac77a-4a5f-4d39-8cfa-005fc07cedc8/1/9kPwNSrfyYrIgBuU5aAH5wcLB6w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ab/6ac77a-4a5f-4d39-8cfa-005fc07cedc8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 8930

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:56:40:ea:3a:a0:07:36:01:2d:06:d8:1a:2b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f643f0352adfc98ac8801b94e5a007e7070b07ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:86:3e:f8:8e:77:92:4d:8e:1c:bf:72:ca:18:
                    7b:c7:0c:96:d8:81:b2:92:7b:58:bf:89:4b:d1:6c:
                    47:9a:ef:1c:27:c0:de:04:08:4b:d4:5a:fb:17:f0:
                    30:e7:bb:3e:7d:94:44:da:10:07:94:46:f2:d7:3b:
                    25:22:77:54:34:a6:19:aa:43:c9:3c:59:ac:09:49:
                    41:b9:b1:51:d7:8d:45:ed:ea:ff:b8:66:d9:4a:97:
                    aa:96:c7:e0:8f:fe:15:92:0b:17:a3:61:d6:a8:35:
                    48:31:d3:09:ed:30:1b:d3:58:01:19:7f:cc:3c:e2:
                    43:52:89:80:a0:bb:9a:95:f7:19:c5:3c:9d:ea:45:
                    d9:bf:03:bc:78:e4:f8:f0:e5:b6:60:77:0d:8c:35:
                    d7:6b:0c:98:9c:f3:95:7e:e0:b5:12:2c:22:86:dd:
                    d6:7f:ec:21:27:57:82:a2:7c:eb:1b:50:58:bc:d5:
                    c8:27:d5:40:7e:57:82:cd:c9:ac:bc:6e:a5:d4:1a:
                    65:5c:78:ee:73:34:e9:4a:8e:c7:79:99:98:ec:3a:
                    7e:e1:30:79:34:0e:a3:9b:18:a2:49:8d:d9:11:cb:
                    ec:ba:eb:29:b8:8d:21:15:a6:23:0d:d7:19:c3:a3:
                    1b:2f:cd:36:26:e6:87:56:08:91:2b:37:9d:4f:e8:
                    9c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:43:F0:35:2A:DF:C9:8A:C8:80:1B:94:E5:A0:07:E7:07:0B:07:AC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6ac77a-4a5f-4d39-8cfa-005fc07cedc8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6ac77a-4a5f-4d39-8cfa-005fc07cedc8/1/9kPwNSrfyYrIgBuU5aAH5wcLB6w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8930

    Signature Algorithm: sha256WithRSAEncryption
         63:38:f2:f2:4c:ca:e9:0f:6e:8d:5f:58:0f:91:d5:ca:d2:5f:
         de:e0:39:c3:2e:9a:24:9a:df:51:22:64:1c:48:67:c0:2f:40:
         a6:16:bb:84:6f:47:e3:05:31:cd:4a:b8:a3:e0:6d:63:64:c1:
         ba:99:47:21:b6:54:22:46:33:c5:bf:2b:c4:09:59:de:89:37:
         1f:fb:c1:c9:65:24:17:be:ea:50:d7:24:4b:7a:7f:35:bb:a8:
         9a:1f:6d:ae:30:64:80:4d:33:e0:fd:38:8c:fa:bc:16:6e:93:
         22:68:11:98:b6:49:a1:b0:9c:83:e6:64:25:49:4f:3b:b8:cf:
         90:3e:c8:51:0d:d2:e8:9c:d2:02:b3:41:24:b6:6f:d1:83:8b:
         ef:65:c7:8f:92:cd:d3:4c:3f:14:eb:16:b5:b1:37:79:8b:40:
         d2:da:c2:98:46:00:45:e9:09:78:41:e6:fd:0e:61:ed:b6:25:
         57:57:a8:9a:fa:3c:fc:00:2c:f7:bf:ed:90:a8:c7:0a:fd:4e:
         e0:29:76:e0:9a:37:58:fd:fc:d9:ab:a4:f0:95:af:d9:16:74:
         a5:d0:20:94:06:75:0e:b9:35:6e:69:c4:4e:57:bf:56:de:1d:
         8a:c1:d9:bc:61:2e:e0:ec:86:a8:b2:a0:eb:75:d5:ae:1c:43:
         b3:6f:ce:9e
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYzEJFZA6jqgBzYBLQbYGiuYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjQzZjAzNTJhZGZjOThhYzg4MDFiOTRlNWEwMDdlNzA3MGIwN2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4Y++I53kk2OHL9yyhh7xwyW2IGy
kntYv4lL0WxHmu8cJ8DeBAhL1Fr7F/Aw57s+fZRE2hAHlEby1zslIndUNKYZqkPJ
PFmsCUlBubFR141F7er/uGbZSpeqlsfgj/4VkgsXo2HWqDVIMdMJ7TAb01gBGX/M
POJDUomAoLualfcZxTyd6kXZvwO8eOT48OW2YHcNjDXXawyYnPOVfuC1Eiwiht3W
f+whJ1eConzrG1BYvNXIJ9VAfleCzcmsvG6l1BplXHjuczTpSo7HeZmY7Dp+4TB5
NA6jmxiiSY3ZEcvsuuspuI0hFaYjDdcZw6MbL802JuaHVgiRKzedT+icIwIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFPZD8DUq38mKyIAblOWgB+cHCwesMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FiLzZhYzc3
YS00YTVmLTRkMzktOGNmYS0wMDVmYzA3Y2VkYzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWIvNmFjNzdh
LTRhNWYtNGQzOS04Y2ZhLTAwNWZjMDdjZWRjOC8xLzlrUHdOU3JmeVlySWdCdVU1
YUFINXdjTEI2dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBkGCCsGAQUF
BwEIAQH/BAowCKAGMAQCAiLiMA0GCSqGSIb3DQEBCwUAA4IBAQBjOPLyTMrpD26N
X1gPkdXK0l/e4DnDLpokmt9RImQcSGfAL0CmFruEb0fjBTHNSrij4G1jZMG6mUch
tlQiRjPFvyvECVneiTcf+8HJZSQXvupQ1yRLen81u6iaH22uMGSATTPg/TiM+rwW
bpMiaBGYtkmhsJyD5mQlSU87uM+QPshRDdLonNICs0Ektm/Rg4vvZcePks3TTD8U
6xa1sTd5i0DS2sKYRgBF6Ql4Qeb9DmHttiVXV6ia+jz8ACz3v+2QqMcK/U7gKXbg
mjdY/fzZq6Twla/ZFnSl0CCUBnUOuTVuacROV79W3h2Kwdm8YS7g7IaosqDrddWu
HEOzb86e
-----END CERTIFICATE-----