Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BkwamGxZM6O5EIToo_8IBm05jhk.cer
File:                     BkwamGxZM6O5EIToo_8IBm05jhk.cer (raw, json)
Hash identifier:          4e7bLoG8j+Bi6noeGSaAI/LLqhTtGZeF+2N6QKaiExo=
Subject key identifier:   06:4C:1A:98:6C:59:33:A3:B9:10:84:E8:A3:FF:08:06:6D:39:8E:19
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94DEA9AAAABF13AAEE40E04ECEEFFEE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d6/f62552-14f1-499c-af78-7f6a655fd788/1/BkwamGxZM6O5EIToo_8IBm05jhk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d6/f62552-14f1-499c-af78-7f6a655fd788/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:32:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211966

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ea:9a:aa:ab:f1:3a:ae:e4:0e:04:ec:ee:ff:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:32:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=064c1a986c5933a3b91084e8a3ff08066d398e19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4a:ca:63:c7:08:99:2a:fa:41:76:79:b6:55:
                    e5:62:06:ba:8f:30:7b:0c:b5:19:26:59:20:89:39:
                    13:b4:8e:43:4b:f8:a6:f2:b5:d8:02:9e:ad:fe:cf:
                    4e:c7:20:fd:9f:d4:3f:8a:94:46:a3:3b:3a:5f:d2:
                    90:d6:b0:4b:f9:bb:95:07:81:f8:fb:f6:82:49:99:
                    4f:6a:ac:25:00:be:95:cf:66:a4:53:4a:d6:50:dd:
                    71:b8:e6:f1:38:e4:71:c9:72:72:20:2b:8f:ea:04:
                    85:7f:7d:46:5e:47:d0:07:c3:a7:4b:a9:d9:ad:52:
                    74:54:8d:b9:7a:f0:b6:cf:a5:bf:f5:b9:d6:b2:9d:
                    57:3e:33:8b:d5:c3:94:2c:c5:a3:fc:aa:c1:6a:21:
                    b8:d7:cf:12:ad:8c:e4:ac:2a:f2:37:00:22:be:4c:
                    d6:5d:e1:95:78:43:a7:bb:bd:f4:69:c5:0d:8f:3f:
                    89:57:67:3a:a4:c4:9a:74:16:64:e9:f3:4f:bf:cf:
                    6b:9d:b0:6e:e8:d3:ea:c4:41:f3:e2:ef:33:49:6b:
                    6e:7b:eb:17:03:52:7b:4a:b7:21:d6:61:96:ad:7c:
                    c7:51:fc:d3:4f:30:98:6e:2d:48:92:9f:b6:61:af:
                    1f:73:4a:31:d7:3c:f8:b2:0f:d4:06:1a:bf:79:57:
                    07:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:4C:1A:98:6C:59:33:A3:B9:10:84:E8:A3:FF:08:06:6D:39:8E:19
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/f62552-14f1-499c-af78-7f6a655fd788/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/f62552-14f1-499c-af78-7f6a655fd788/1/BkwamGxZM6O5EIToo_8IBm05jhk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211966

    Signature Algorithm: sha256WithRSAEncryption
         0d:6b:29:c5:ca:b6:4e:59:44:01:83:bf:11:13:1b:5b:70:1a:
         2b:ef:98:68:df:0c:c3:7d:1a:69:fb:ac:1c:fa:f4:60:d5:b0:
         44:ab:44:40:1f:a1:d2:3b:e6:55:fc:41:b8:1f:dd:b2:b9:c1:
         6a:f8:0e:85:3e:1f:96:d1:db:2e:50:64:db:c6:4c:d4:6d:b2:
         16:d3:3d:02:50:83:b4:a9:85:a6:b3:cd:a0:ad:45:15:f4:85:
         2f:e5:2a:89:dd:8c:21:ff:7f:4a:64:5d:60:b8:ed:42:4f:1e:
         e5:d7:db:30:73:da:db:da:0e:37:81:02:d2:fd:54:be:3d:ef:
         cf:89:49:f6:15:d7:f7:66:78:7b:66:0f:1c:a2:f8:af:f0:c1:
         f0:22:1f:fd:a4:d7:41:87:e4:33:61:34:cb:42:a1:3d:00:41:
         c9:6c:16:f5:db:25:29:3b:9f:99:0c:6a:79:e0:3d:20:f8:37:
         0f:d6:00:ff:90:36:99:7a:57:c6:9f:e5:bc:c8:0b:a8:13:4c:
         b6:18:42:5e:b4:88:de:f9:0a:66:d5:3a:de:1f:42:bc:c9:09:
         df:1b:62:fd:9e:11:e0:20:f6:ce:be:f9:f5:c4:e7:5a:3a:70:
         63:e7:3f:ac:d0:df:44:c3:68:97:a1:9f:e6:1f:0f:74:02:af:
         e1:4b:57:61
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzJTeqaqqvxOq7kDgTs7v/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjRjMWE5ODZjNTkzM2EzYjkxMDg0ZThhM2ZmMDgwNjZkMzk4ZTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukrKY8cImSr6QXZ5tlXlYga6jzB7
DLUZJlkgiTkTtI5DS/im8rXYAp6t/s9OxyD9n9Q/ipRGozs6X9KQ1rBL+buVB4H4
+/aCSZlPaqwlAL6Vz2akU0rWUN1xuObxOORxyXJyICuP6gSFf31GXkfQB8OnS6nZ
rVJ0VI25evC2z6W/9bnWsp1XPjOL1cOULMWj/KrBaiG4188SrYzkrCryNwAivkzW
XeGVeEOnu730acUNjz+JV2c6pMSadBZk6fNPv89rnbBu6NPqxEHz4u8zSWtue+sX
A1J7Srch1mGWrXzHUfzTTzCYbi1Ikp+2Ya8fc0ox1zz4sg/UBhq/eVcHkwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAZMGphsWTOjuRCE6KP/CAZtOY4ZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q2L2Y2MjU1
Mi0xNGYxLTQ5OWMtYWY3OC03ZjZhNjU1ZmQ3ODgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDYvZjYyNTUy
LTE0ZjEtNDk5Yy1hZjc4LTdmNmE2NTVmZDc4OC8xL0Jrd2FtR3haTTZPNUVJVG9v
XzhJQm0wNWpoay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM7/jANBgkqhkiG9w0BAQsFAAOCAQEADWspxcq2TllE
AYO/ERMbW3AaK++YaN8Mw30aafusHPr0YNWwRKtEQB+h0jvmVfxBuB/dsrnBavgO
hT4fltHbLlBk28ZM1G2yFtM9AlCDtKmFprPNoK1FFfSFL+Uqid2MIf9/SmRdYLjt
Qk8e5dfbMHPa29oON4EC0v1Uvj3vz4lJ9hXX92Z4e2YPHKL4r/DB8CIf/aTXQYfk
M2E0y0KhPQBByWwW9dslKTufmQxqeeA9IPg3D9YA/5A2mXpXxp/lvMgLqBNMthhC
XrSI3vkKZtU63h9CvMkJ3xti/Z4R4CD2zr759cTnWjpwY+c/rNDfRMNol6Gf5h8P
dAKv4UtXYQ==
-----END CERTIFICATE-----