Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BsbsKNsRSoYnZCbR9I0rajXV_nM.cer
File:                     BsbsKNsRSoYnZCbR9I0rajXV_nM.cer (raw, json)
Hash identifier:          7tY4N8geqmDC6vPmoJ4tVos3ykhcke+EG/7PO2UHkVU=
Subject key identifier:   06:C6:EC:28:DB:11:4A:86:27:64:26:D1:F4:8D:2B:6A:35:D5:FE:73
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5003B392FA723E9C3FA1BA1D4921532
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7d/263f8d-136f-46ec-86c1-376bf9e63059/1/BsbsKNsRSoYnZCbR9I0rajXV_nM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7d/263f8d-136f-46ec-86c1-376bf9e63059/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213097

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Apr 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3b:39:2f:a7:23:e9:c3:fa:1b:a1:d4:92:15:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06c6ec28db114a86276426d1f48d2b6a35d5fe73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:70:d4:d0:ab:3a:7a:a1:c4:ad:f3:e2:44:0c:
                    f5:4f:f7:0f:06:2b:c2:f0:9b:55:72:9a:ad:b1:fe:
                    3a:da:48:19:01:af:f2:3c:ee:cf:77:bc:ab:2b:ac:
                    49:7f:87:f8:41:8e:99:95:b1:eb:75:32:cd:9a:1e:
                    ce:ca:37:97:14:67:f1:22:a0:7a:12:b4:00:68:20:
                    92:0d:4b:4f:15:2c:68:5e:9d:f8:79:a6:75:13:51:
                    2d:ea:7c:e5:74:0d:85:6e:f7:08:9a:ef:f6:c9:35:
                    36:fa:39:f5:8e:e0:66:2a:4d:34:cb:2f:0a:d9:fa:
                    49:1f:3e:39:ee:70:2f:f4:b5:a4:11:62:0a:ff:81:
                    42:94:60:39:f0:c9:e7:55:70:5b:36:96:c3:e0:84:
                    08:d7:0d:29:a6:0d:b1:8b:01:39:62:b0:c6:e7:b6:
                    fa:cd:37:cc:2d:89:72:82:77:ec:69:85:eb:03:98:
                    71:61:c5:6a:28:aa:1e:d7:3d:75:2b:3e:4a:71:3d:
                    1e:a4:bd:c9:4b:55:74:54:80:ed:4e:a4:73:a4:5a:
                    c0:96:4a:ac:54:08:34:45:1b:01:20:1f:46:0d:68:
                    3c:65:7b:16:c1:20:f1:97:9c:e1:a4:bf:94:42:79:
                    ee:39:8a:05:95:ec:16:32:67:e2:da:84:22:8c:56:
                    9d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C6:EC:28:DB:11:4A:86:27:64:26:D1:F4:8D:2B:6A:35:D5:FE:73
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/263f8d-136f-46ec-86c1-376bf9e63059/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/263f8d-136f-46ec-86c1-376bf9e63059/1/BsbsKNsRSoYnZCbR9I0rajXV_nM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213097

    Signature Algorithm: sha256WithRSAEncryption
         2d:c2:f3:c6:65:cd:07:67:4a:37:84:21:7d:5d:4c:1e:3c:12:
         f9:37:52:f1:64:03:01:56:30:67:52:cc:fe:ff:2c:0a:27:c4:
         eb:e5:46:43:66:95:e0:b0:d2:0a:90:54:94:9f:8f:e6:cf:7c:
         44:5b:ed:d1:4b:88:33:d9:93:55:6d:8c:d1:f9:de:0c:85:79:
         e7:65:c2:f1:1e:6f:e2:c9:43:25:d5:33:e3:54:fd:e4:3e:8d:
         cf:b4:0a:57:4d:ae:fd:f4:e2:4f:80:dd:96:ee:b5:9f:e6:13:
         24:2c:90:ce:fa:b8:8b:6f:34:66:de:82:b8:7e:ad:c6:3d:09:
         3a:1b:20:26:b9:56:87:b4:4b:5a:58:26:12:99:9a:a7:cc:39:
         f2:1f:ec:40:9e:ca:a0:d5:6f:15:0f:6a:6b:f5:9e:07:c3:7a:
         0a:1e:f0:63:65:da:8c:6f:d1:3d:36:f5:dd:07:4a:16:97:d3:
         aa:48:a4:3b:57:7d:11:01:81:83:59:78:d1:14:d0:f7:e2:e8:
         36:f2:92:ce:f8:7c:b3:09:1f:30:39:3b:5a:9f:b9:47:1f:15:
         b0:40:22:be:04:7e:b9:0e:70:9c:13:ba:80:b4:60:b4:62:1a:
         98:1c:af:ce:74:21:d9:3b:f2:8d:c9:72:38:71:96:0f:90:d8:
         1a:78:58:3f
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzFADs5L6cj6cP6G6HUkhUyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmM2ZWMyOGRiMTE0YTg2Mjc2NDI2ZDFmNDhkMmI2YTM1ZDVmZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3DU0Ks6eqHErfPiRAz1T/cPBivC
8JtVcpqtsf462kgZAa/yPO7Pd7yrK6xJf4f4QY6ZlbHrdTLNmh7OyjeXFGfxIqB6
ErQAaCCSDUtPFSxoXp34eaZ1E1Et6nzldA2FbvcImu/2yTU2+jn1juBmKk00yy8K
2fpJHz457nAv9LWkEWIK/4FClGA58MnnVXBbNpbD4IQI1w0ppg2xiwE5YrDG57b6
zTfMLYlygnfsaYXrA5hxYcVqKKoe1z11Kz5KcT0epL3JS1V0VIDtTqRzpFrAlkqs
VAg0RRsBIB9GDWg8ZXsWwSDxl5zhpL+UQnnuOYoFlewWMmfi2oQijFadEQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAbG7CjbEUqGJ2Qm0fSNK2o11f5zMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdkLzI2M2Y4
ZC0xMzZmLTQ2ZWMtODZjMS0zNzZiZjllNjMwNTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2QvMjYzZjhk
LTEzNmYtNDZlYy04NmMxLTM3NmJmOWU2MzA1OS8xL0JzYnNLTnNSU29ZblpDYlI5
STByYWpYVl9uTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNAaTANBgkqhkiG9w0BAQsFAAOCAQEALcLzxmXNB2dK
N4QhfV1MHjwS+TdS8WQDAVYwZ1LM/v8sCifE6+VGQ2aV4LDSCpBUlJ+P5s98RFvt
0UuIM9mTVW2M0fneDIV552XC8R5v4slDJdUz41T95D6Nz7QKV02u/fTiT4Ddlu61
n+YTJCyQzvq4i280Zt6CuH6txj0JOhsgJrlWh7RLWlgmEpmap8w58h/sQJ7KoNVv
FQ9qa/WeB8N6Ch7wY2XajG/RPTb13QdKFpfTqkikO1d9EQGBg1l40RTQ9+LoNvKS
zvh8swkfMDk7Wp+5Rx8VsEAivgR+uQ5wnBO6gLRgtGIamByvznQh2TvyjclyOHGW
D5DYGnhYPw==
-----END CERTIFICATE-----