Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Co9LAAkrvjuPE_3dTvx6VtXVmiA.cer
File:                     Co9LAAkrvjuPE_3dTvx6VtXVmiA.cer (raw, json)
Hash identifier:          mxFALO50/3nBovJv7F+ZAYGkDWV9zf2YyGqjf9btdFg=
Subject key identifier:   0A:8F:4B:00:09:2B:BE:3B:8F:13:FD:DD:4E:FC:7A:56:D5:D5:9A:20
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64997ADFFE28BDBB589BDCD86E3EFD1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c8/939d6b-dff8-48bc-ba24-6b418f63097e/1/Co9LAAkrvjuPE_3dTvx6VtXVmiA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c8/939d6b-dff8-48bc-ba24-6b418f63097e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:29:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216438

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:97:ad:ff:e2:8b:db:b5:89:bd:cd:86:e3:ef:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a8f4b00092bbe3b8f13fddd4efc7a56d5d59a20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:96:c5:9b:76:6f:ce:3d:85:5c:7a:e7:f3:60:
                    99:f4:8d:6d:27:34:39:56:e1:d6:84:5c:3f:a4:f4:
                    ba:c5:02:5f:8b:d7:85:36:c9:97:c9:23:cf:c2:dc:
                    37:aa:71:b7:97:89:66:6e:50:f0:98:9d:74:29:0c:
                    17:f8:c6:d7:14:1e:87:fa:ea:c5:73:d4:8e:f2:cb:
                    df:e5:89:77:7a:c2:51:ab:5d:47:c3:29:dd:f3:43:
                    5d:f7:92:d3:3b:ea:45:61:94:e5:e8:48:0b:8f:11:
                    46:f3:c4:43:7e:ae:e5:73:5c:b3:66:5e:57:0f:a8:
                    06:98:41:f6:f8:2c:fc:aa:e6:d1:1c:04:84:11:12:
                    a2:ce:b3:79:59:34:d7:10:51:75:f1:65:91:61:89:
                    4b:cb:f9:d0:65:57:b2:e8:f0:46:41:29:ec:41:87:
                    23:85:89:59:f7:37:7a:c0:8b:09:9d:d2:9d:07:ee:
                    99:05:68:22:0b:f8:ac:23:40:78:31:4b:54:5d:59:
                    27:6f:dc:02:d8:1d:ca:78:d0:ca:fd:f1:57:73:24:
                    0c:02:94:bd:b2:c6:d3:5a:0a:cb:78:34:34:db:79:
                    d8:36:00:7f:86:f9:14:58:88:b1:0c:0d:10:a2:70:
                    1f:32:6a:00:45:02:25:59:3c:de:29:53:14:bb:ad:
                    a1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:8F:4B:00:09:2B:BE:3B:8F:13:FD:DD:4E:FC:7A:56:D5:D5:9A:20
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/939d6b-dff8-48bc-ba24-6b418f63097e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/939d6b-dff8-48bc-ba24-6b418f63097e/1/Co9LAAkrvjuPE_3dTvx6VtXVmiA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216438

    Signature Algorithm: sha256WithRSAEncryption
         9a:9f:98:81:fb:11:34:52:b4:6b:21:46:ae:ea:ec:ee:bf:7f:
         f2:46:81:fc:f8:37:28:54:8c:f9:6b:53:4f:5a:e0:98:f6:2f:
         33:40:54:61:f7:de:49:2d:da:db:dd:a1:d4:b6:61:a1:e0:d8:
         87:25:3c:77:e6:70:64:70:8b:ce:75:32:32:c1:94:d6:26:8b:
         ff:33:90:02:ae:1a:5d:42:22:81:2b:2e:c1:5c:e8:a1:11:00:
         58:c8:cc:88:52:e5:24:3b:bf:5e:b9:a5:13:1c:a9:c3:af:b8:
         e5:9e:fb:72:16:b0:9c:63:3f:5d:d3:fe:24:fa:fa:e4:09:6a:
         0f:6c:d6:2b:44:49:39:2e:83:e0:2c:2f:01:c4:22:04:0f:09:
         a6:b1:24:8b:8e:9b:a6:ea:8e:ce:19:52:63:d3:da:48:72:93:
         05:8c:af:ea:a8:51:72:8f:aa:1a:40:a0:50:a1:1d:f5:01:fa:
         28:1c:b7:0c:29:29:a0:04:25:4f:89:7e:91:c5:3f:83:91:21:
         f3:b0:c2:23:dc:b9:5d:d3:e3:7c:69:d6:a7:3b:ba:e6:98:13:
         43:3c:ee:94:ac:35:1b:47:81:e4:22:75:08:4f:4d:eb:00:f1:
         26:45:a3:9d:81:d2:02:57:8a:b7:e0:0d:31:e7:f8:fa:68:91:
         70:01:02:0e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzGSZet/+KL27WJvc2G4+/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYThmNGIwMDA5MmJiZTNiOGYxM2ZkZGQ0ZWZjN2E1NmQ1ZDU5YTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZbFm3Zvzj2FXHrn82CZ9I1tJzQ5
VuHWhFw/pPS6xQJfi9eFNsmXySPPwtw3qnG3l4lmblDwmJ10KQwX+MbXFB6H+urF
c9SO8svf5Yl3esJRq11Hwynd80Nd95LTO+pFYZTl6EgLjxFG88RDfq7lc1yzZl5X
D6gGmEH2+Cz8qubRHASEERKizrN5WTTXEFF18WWRYYlLy/nQZVey6PBGQSnsQYcj
hYlZ9zd6wIsJndKdB+6ZBWgiC/isI0B4MUtUXVknb9wC2B3KeNDK/fFXcyQMApS9
ssbTWgrLeDQ023nYNgB/hvkUWIixDA0QonAfMmoARQIlWTzeKVMUu62hXQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAqPSwAJK747jxP93U78elbV1ZogMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M4LzkzOWQ2
Yi1kZmY4LTQ4YmMtYmEyNC02YjQxOGY2MzA5N2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgvOTM5ZDZi
LWRmZjgtNDhiYy1iYTI0LTZiNDE4ZjYzMDk3ZS8xL0NvOUxBQWtydmp1UEVfM2RU
dng2VnRYVm1pQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNNdjANBgkqhkiG9w0BAQsFAAOCAQEAmp+YgfsRNFK0
ayFGrurs7r9/8kaB/Pg3KFSM+WtTT1rgmPYvM0BUYffeSS3a292h1LZhoeDYhyU8
d+ZwZHCLznUyMsGU1iaL/zOQAq4aXUIigSsuwVzooREAWMjMiFLlJDu/XrmlExyp
w6+45Z77chawnGM/XdP+JPr65AlqD2zWK0RJOS6D4CwvAcQiBA8JprEki46bpuqO
zhlSY9PaSHKTBYyv6qhRco+qGkCgUKEd9QH6KBy3DCkpoAQlT4l+kcU/g5Eh87DC
I9y5XdPjfGnWpzu65pgTQzzulKw1G0eB5CJ1CE9N6wDxJkWjnYHSAleKt+ANMef4
+miRcAECDg==
-----END CERTIFICATE-----