Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DoWbfPDZfGOgD95kMinpkE6W-FE.cer
File:                     DoWbfPDZfGOgD95kMinpkE6W-FE.cer (raw, json)
Hash identifier:          QBmZoUqFk30KS+bf4zcPTovz1XSZAUeCJgALcQSW/LU=
Subject key identifier:   0E:85:9B:7C:F0:D9:7C:63:A0:0F:DE:64:32:29:E9:90:4E:96:F8:51
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC492B4D155B1619A4537B9BD2D7AC56A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/71/21a7ca-520e-4971-865b-371a7dba91c2/1/DoWbfPDZfGOgD95kMinpkE6W-FE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/71/21a7ca-520e-4971-865b-371a7dba91c2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:29:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212715

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 21:23:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:b4:d1:55:b1:61:9a:45:37:b9:bd:2d:7a:c5:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e859b7cf0d97c63a00fde643229e9904e96f851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8c:9a:18:57:0f:99:59:6e:96:6a:77:f6:1c:
                    5f:90:25:18:17:75:ab:4f:13:19:e9:d7:8c:76:ba:
                    06:c5:d3:c8:29:5e:52:7d:fc:c4:25:de:a1:15:4b:
                    8d:4b:a4:68:db:e7:4c:52:1c:04:63:2b:1a:65:95:
                    18:1c:72:2e:8e:fc:6b:1b:f1:c9:f6:14:93:00:44:
                    8d:4c:40:4f:9a:c7:29:e3:10:98:05:2f:67:d0:69:
                    56:33:05:33:25:46:37:63:47:f4:1d:75:0b:fe:55:
                    3c:3f:a8:59:58:76:78:07:a5:f2:18:8f:21:56:4b:
                    d5:0c:55:7a:03:c7:98:36:52:7a:84:47:0c:f8:c3:
                    3d:d6:b4:c9:94:02:a3:72:b8:1f:ed:29:e8:e8:74:
                    e8:12:41:9d:3a:51:fd:76:04:2e:78:3c:c3:e6:45:
                    d1:a6:59:63:38:90:7a:60:d6:e7:d3:6f:88:4b:a0:
                    3e:00:0a:2a:85:11:c2:56:79:7e:f1:44:34:33:a1:
                    47:1d:ad:73:be:3d:fe:ba:91:67:d5:38:14:54:5e:
                    21:9c:2e:01:73:be:a1:cd:f4:2f:c0:55:36:07:51:
                    12:60:88:b1:80:cc:c7:f9:b2:c6:20:09:2c:78:fd:
                    9f:83:de:eb:2f:aa:ab:58:61:b3:40:a8:92:7d:87:
                    97:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:85:9B:7C:F0:D9:7C:63:A0:0F:DE:64:32:29:E9:90:4E:96:F8:51
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/21a7ca-520e-4971-865b-371a7dba91c2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/21a7ca-520e-4971-865b-371a7dba91c2/1/DoWbfPDZfGOgD95kMinpkE6W-FE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212715

    Signature Algorithm: sha256WithRSAEncryption
         06:72:6c:02:d8:1f:72:87:47:54:f9:54:5e:4c:9e:ae:94:0d:
         d9:1b:e1:1d:f3:21:a1:c8:a0:b1:19:02:a3:83:53:27:1f:a9:
         86:a7:8b:39:07:63:f0:3b:62:25:ab:3e:20:10:e0:f4:f1:06:
         f7:97:c5:05:96:d9:33:a8:70:ea:34:a6:7a:44:18:37:27:47:
         02:d4:a7:f3:17:3f:67:c9:6c:af:42:13:64:34:e6:41:4e:42:
         31:e5:e7:00:11:37:f2:7d:4c:e1:20:12:45:f0:66:1c:f5:23:
         7c:dd:9e:8f:ef:4b:7e:4c:96:67:42:34:48:e4:de:79:0b:37:
         50:d1:16:27:e4:39:d7:c9:3b:86:ac:55:85:63:c3:6c:a1:3e:
         7b:0d:af:67:90:9c:f3:d9:41:31:98:99:33:59:10:21:51:b9:
         ae:4e:d9:3f:7e:28:25:83:36:84:0d:d0:65:a4:ea:f0:38:fc:
         d0:fb:01:59:a6:29:b9:28:54:85:52:05:79:98:d3:c5:d7:18:
         00:06:e2:21:a1:b1:21:df:29:8b:72:9e:25:88:7b:de:94:3a:
         a7:dd:1d:8e:8b:35:e5:08:60:3e:7f:d0:58:3a:22:21:e5:8c:
         47:18:94:40:61:5c:35:eb:70:2f:97:41:22:f7:df:a4:77:de:
         68:b3:00:8d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzEkrTRVbFhmkU3ub0tesVqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTg1OWI3Y2YwZDk3YzYzYTAwZmRlNjQzMjI5ZTk5MDRlOTZmODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYyaGFcPmVlulmp39hxfkCUYF3Wr
TxMZ6deMdroGxdPIKV5SffzEJd6hFUuNS6Ro2+dMUhwEYysaZZUYHHIujvxrG/HJ
9hSTAESNTEBPmscp4xCYBS9n0GlWMwUzJUY3Y0f0HXUL/lU8P6hZWHZ4B6XyGI8h
VkvVDFV6A8eYNlJ6hEcM+MM91rTJlAKjcrgf7Sno6HToEkGdOlH9dgQueDzD5kXR
plljOJB6YNbn02+IS6A+AAoqhRHCVnl+8UQ0M6FHHa1zvj3+upFn1TgUVF4hnC4B
c76hzfQvwFU2B1ESYIixgMzH+bLGIAkseP2fg97rL6qrWGGzQKiSfYeXqQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFA6Fm3zw2XxjoA/eZDIp6ZBOlvhRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcxLzIxYTdj
YS01MjBlLTQ5NzEtODY1Yi0zNzFhN2RiYTkxYzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzEvMjFhN2Nh
LTUyMGUtNDk3MS04NjViLTM3MWE3ZGJhOTFjMi8xL0RvV2JmUERaZkdPZ0Q5NWtN
aW5wa0U2Vy1GRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM+6zANBgkqhkiG9w0BAQsFAAOCAQEABnJsAtgfcodH
VPlUXkyerpQN2RvhHfMhocigsRkCo4NTJx+phqeLOQdj8DtiJas+IBDg9PEG95fF
BZbZM6hw6jSmekQYNydHAtSn8xc/Z8lsr0ITZDTmQU5CMeXnABE38n1M4SASRfBm
HPUjfN2ej+9LfkyWZ0I0SOTeeQs3UNEWJ+Q518k7hqxVhWPDbKE+ew2vZ5Cc89lB
MZiZM1kQIVG5rk7ZP34oJYM2hA3QZaTq8Dj80PsBWaYpuShUhVIFeZjTxdcYAAbi
IaGxId8pi3KeJYh73pQ6p90djos15QhgPn/QWDoiIeWMRxiUQGFcNetwL5dBIvff
pHfeaLMAjQ==
-----END CERTIFICATE-----