Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CnbFQ62r2crl3-IchpkiCJQ3rE0.cer
File:                     CnbFQ62r2crl3-IchpkiCJQ3rE0.cer (raw, json)
Hash identifier:          cBWVtWz/Kez5QoGGtymMNEOTRfLkZV1KG1/xBZ4hDYk=
Subject key identifier:   0A:76:C5:43:AD:AB:D9:CA:E5:DF:E2:1C:86:99:22:08:94:37:AC:4D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01936FC594CEC3C9CE85C1646445E7A346EE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/82/085de6-e195-42aa-b596-49e2f5638024/1/CnbFQ62r2crl3-IchpkiCJQ3rE0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/82/085de6-e195-42aa-b596-49e2f5638024/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 27 Nov 2024 22:37:19 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215804

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:6f:c5:94:ce:c3:c9:ce:85:c1:64:64:45:e7:a3:46:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 27 22:37:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a76c543adabd9cae5dfe21c869922089437ac4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:76:8b:b5:0d:65:6e:93:73:2f:38:bc:86:29:
                    5e:03:ad:a8:f1:ae:ab:92:25:4b:e4:93:bf:e5:77:
                    0d:40:ea:17:2c:3b:27:05:47:bd:8b:45:f5:6c:53:
                    e4:4a:50:0a:aa:b0:1b:b7:f3:a9:9a:c0:48:f6:6c:
                    ae:26:fe:61:3c:d1:bb:82:0a:a4:a7:e5:2a:23:15:
                    ab:ea:d5:7b:d5:cc:9d:7d:c5:3f:ea:10:5d:fa:81:
                    10:af:68:e1:ec:2d:37:f9:3d:99:06:0a:5b:77:85:
                    8f:86:7f:b6:b2:2c:50:13:81:17:3f:4f:33:29:36:
                    30:0d:65:00:f8:6a:72:3c:e2:f5:37:15:f5:d6:23:
                    24:b8:07:51:6c:a7:71:58:7f:5b:30:60:b2:97:a6:
                    41:7e:1e:10:ff:30:de:83:4a:bb:4b:0f:d1:c0:66:
                    6a:12:fc:52:8e:a2:22:ca:d6:b7:f2:c2:e5:88:dd:
                    ae:9d:b3:32:7e:59:2c:c1:02:8d:d2:bb:f3:8c:ed:
                    22:92:5c:db:6d:21:d9:44:d0:25:cf:aa:9c:21:c4:
                    ca:e4:0e:2a:79:e8:0e:8d:18:98:63:22:a0:83:32:
                    5a:79:1a:3a:1e:e8:4e:ff:c7:99:72:3a:7a:ef:db:
                    cf:46:30:9e:25:1a:42:11:c4:d3:9e:c4:bd:98:47:
                    74:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:76:C5:43:AD:AB:D9:CA:E5:DF:E2:1C:86:99:22:08:94:37:AC:4D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/085de6-e195-42aa-b596-49e2f5638024/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/085de6-e195-42aa-b596-49e2f5638024/1/CnbFQ62r2crl3-IchpkiCJQ3rE0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215804

    Signature Algorithm: sha256WithRSAEncryption
         b1:9b:e9:2c:a7:51:9d:db:89:29:4f:5c:27:d1:3e:3f:c5:67:
         0d:d3:aa:44:ba:30:d5:54:a9:cc:8d:29:ac:04:45:0c:64:aa:
         e8:9c:86:b7:50:cc:5b:76:8d:f6:0e:a1:cf:92:af:08:ab:24:
         28:e5:53:54:bd:ce:08:6d:11:c7:3d:91:de:2e:be:ee:04:16:
         c6:25:f1:88:df:fa:68:12:ed:4c:e8:2a:67:c2:5b:22:f5:ed:
         a8:1d:43:d4:35:28:39:e5:af:11:c0:55:8c:74:cd:0b:24:4b:
         b5:f8:f2:45:37:97:8f:02:b2:23:06:6a:bb:1a:1b:33:21:ae:
         9d:1b:2b:b0:96:f5:04:8b:31:31:62:70:f8:6e:24:5b:24:b7:
         70:96:57:0f:ba:cf:56:4d:88:ae:40:23:16:47:33:a9:59:75:
         6f:f2:47:92:6f:fd:df:8e:64:17:5e:7a:9f:ed:4c:14:f6:95:
         5a:21:76:d6:44:3e:41:3e:80:bf:17:7b:a3:09:37:6d:18:de:
         12:c4:a4:ac:94:46:c2:fa:85:e2:dd:b4:4e:1b:a5:8f:e6:26:
         a9:db:25:cd:2a:e2:e5:60:9e:9a:bd:52:4a:5f:28:5f:2e:27:
         bd:44:90:e9:05:b4:dc:33:d3:16:85:43:42:84:57:cb:d7:f8:
         5c:ee:88:32
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZNvxZTOw8nOhcFkZEXno0buMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMTI3MjIzNzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTc2YzU0M2FkYWJkOWNhZTVkZmUyMWM4Njk5MjIwODk0MzdhYzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03aLtQ1lbpNzLzi8hileA62o8a6r
kiVL5JO/5XcNQOoXLDsnBUe9i0X1bFPkSlAKqrAbt/OpmsBI9myuJv5hPNG7ggqk
p+UqIxWr6tV71cydfcU/6hBd+oEQr2jh7C03+T2ZBgpbd4WPhn+2sixQE4EXP08z
KTYwDWUA+GpyPOL1NxX11iMkuAdRbKdxWH9bMGCyl6ZBfh4Q/zDeg0q7Sw/RwGZq
EvxSjqIiyta38sLliN2unbMyflkswQKN0rvzjO0iklzbbSHZRNAlz6qcIcTK5A4q
eegOjRiYYyKggzJaeRo6HuhO/8eZcjp679vPRjCeJRpCEcTTnsS9mEd0nQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAp2xUOtq9nK5d/iHIaZIgiUN6xNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgyLzA4NWRl
Ni1lMTk1LTQyYWEtYjU5Ni00OWUyZjU2MzgwMjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIvMDg1ZGU2
LWUxOTUtNDJhYS1iNTk2LTQ5ZTJmNTYzODAyNC8xL0NuYkZRNjJyMmNybDMtSWNo
cGtpQ0pRM3JFMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNK/DANBgkqhkiG9w0BAQsFAAOCAQEAsZvpLKdRnduJ
KU9cJ9E+P8VnDdOqRLow1VSpzI0prARFDGSq6JyGt1DMW3aN9g6hz5KvCKskKOVT
VL3OCG0Rxz2R3i6+7gQWxiXxiN/6aBLtTOgqZ8JbIvXtqB1D1DUoOeWvEcBVjHTN
CyRLtfjyRTeXjwKyIwZquxobMyGunRsrsJb1BIsxMWJw+G4kWyS3cJZXD7rPVk2I
rkAjFkczqVl1b/JHkm/9345kF156n+1MFPaVWiF21kQ+QT6Avxd7owk3bRjeEsSk
rJRGwvqF4t20Thulj+YmqdslzSri5WCemr1SSl8oXy4nvUSQ6QW03DPTFoVDQoRX
y9f4XO6IMg==
-----END CERTIFICATE-----