Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/EwZxu09jgBL4KLuizOeFwXJTDAI.cer
File:                     EwZxu09jgBL4KLuizOeFwXJTDAI.cer (raw, json)
Hash identifier:          hGD9NLu/flfHT1PCBn+CiONqM0NZ0leJNqa3qlm2W/E=
Subject key identifier:   13:06:71:BB:4F:63:80:12:F8:28:BB:A2:CC:E7:85:C1:72:53:0C:02
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EC49249BD3A32B8B4BC211BDCF76DE547
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/24cc8de5-4b4b-4276-aa26-8c5580099026/0/130671BB4F638012F828BBA2CCE785C172530C02.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/24cc8de5-4b4b-4276-aa26-8c5580099026/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Tue 09 Apr 2024 20:35:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216265

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:92:49:bd:3a:32:b8:b4:bc:21:1b:dc:f7:6d:e5:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr  9 20:35:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=130671bb4f638012f828bba2cce785c172530c02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:23:be:e0:66:5c:f3:c7:86:2e:a8:4c:df:24:
                    48:ee:08:cd:ea:ac:36:e3:58:9e:1a:33:04:a8:bb:
                    e7:b8:ec:40:94:96:e5:05:34:f6:5e:79:2e:ca:45:
                    2b:e4:64:33:ae:08:b8:0f:f4:02:4b:00:60:73:db:
                    e5:35:72:cf:12:e4:24:03:c7:79:90:a4:82:af:14:
                    e8:18:b3:a7:85:52:62:8f:16:c9:5b:7f:83:b6:8f:
                    11:21:c4:42:92:ff:b3:51:35:8e:80:81:de:6f:ba:
                    9e:20:d6:68:00:93:ec:44:87:a2:53:b4:9a:ce:de:
                    03:38:7b:4b:d1:fc:79:34:22:86:c1:32:86:f1:4b:
                    fc:7b:8c:c6:19:55:22:39:7c:73:de:6b:07:2a:17:
                    ca:8a:74:e6:53:5d:49:ae:8c:8c:b9:2e:b8:a8:28:
                    c7:30:cb:30:05:77:22:d3:46:9c:4e:ef:e5:4d:27:
                    aa:3e:fc:ef:75:ee:06:e2:7f:7e:b4:a0:19:21:4c:
                    81:0c:00:b1:e6:2f:84:a4:0f:37:bc:da:50:d4:4b:
                    b9:e7:fa:ac:fd:51:4b:7c:ba:76:82:6a:6c:e1:14:
                    17:ed:cd:3a:1c:08:dd:13:a0:ce:e0:a2:24:11:de:
                    f2:29:b9:8d:5e:3a:6e:e9:74:ea:c2:06:8a:ec:ef:
                    8b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:06:71:BB:4F:63:80:12:F8:28:BB:A2:CC:E7:85:C1:72:53:0C:02
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/24cc8de5-4b4b-4276-aa26-8c5580099026/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/24cc8de5-4b4b-4276-aa26-8c5580099026/0/130671BB4F638012F828BBA2CCE785C172530C02.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216265

    Signature Algorithm: sha256WithRSAEncryption
         2e:61:e5:ad:2f:6f:e3:19:92:8f:f0:6b:06:45:f8:e4:d8:c1:
         dd:a7:97:9d:e8:ee:98:8d:aa:e6:3a:a0:3c:de:6d:f2:f0:50:
         85:a2:4a:f6:da:cd:f7:c9:f7:21:a2:83:76:53:7c:46:8f:69:
         37:42:7c:7f:f6:c9:08:cb:f5:3d:8e:93:e3:f4:90:78:0a:ef:
         4c:e0:c5:e9:45:85:e8:f2:49:2f:4e:85:1d:73:99:fa:73:82:
         59:10:d1:50:4f:ac:56:14:8e:0a:a1:45:88:0c:4d:60:2a:ea:
         ae:01:95:c2:72:fa:fd:b1:60:87:f0:4f:97:6b:20:44:4f:c9:
         5f:90:82:f8:9d:fd:e1:a1:0b:a8:08:39:77:d9:ec:49:b1:26:
         ff:c3:6a:50:d9:4f:8e:4d:c7:6b:7d:d5:07:a1:69:81:4d:db:
         47:ea:4d:4c:08:0c:8a:52:75:e6:66:d8:12:29:d3:78:76:77:
         a1:61:b8:54:dd:cd:c5:42:83:95:92:94:31:02:21:28:3b:db:
         10:da:b1:40:e5:ea:7a:d2:8e:8a:55:30:32:b7:03:d7:f0:7e:
         eb:59:f4:6d:17:4b:76:5c:51:55:aa:e1:cd:6d:35:c6:cf:a6:
         33:f0:a1:7e:27:8d:53:7e:6a:60:c6:49:89:40:b5:6b:43:db:
         39:29:29:59
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAY7Ekkm9OjK4tLwhG9z3beVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDA5MjAzNTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzA2NzFiYjRmNjM4MDEyZjgyOGJiYTJjY2U3ODVjMTcyNTMwYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iO+4GZc88eGLqhM3yRI7gjN6qw2
41ieGjMEqLvnuOxAlJblBTT2XnkuykUr5GQzrgi4D/QCSwBgc9vlNXLPEuQkA8d5
kKSCrxToGLOnhVJijxbJW3+Dto8RIcRCkv+zUTWOgIHeb7qeINZoAJPsRIeiU7Sa
zt4DOHtL0fx5NCKGwTKG8Uv8e4zGGVUiOXxz3msHKhfKinTmU11JroyMuS64qCjH
MMswBXci00acTu/lTSeqPvzvde4G4n9+tKAZIUyBDACx5i+EpA83vNpQ1Eu55/qs
/VFLfLp2gmps4RQX7c06HAjdE6DO4KIkEd7yKbmNXjpu6XTqwgaK7O+LbQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFBMGcbtPY4AS+Ci7osznhcFyUwwCMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzI0Y2M4
ZGU1LTRiNGItNDI3Ni1hYTI2LThjNTU4MDA5OTAyNi8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjRj
YzhkZTUtNGI0Yi00Mjc2LWFhMjYtOGM1NTgwMDk5MDI2LzAvMTMwNjcxQkI0RjYz
ODAxMkY4MjhCQkEyQ0NFNzg1QzE3MjUzMEMwMi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDTMkw
DQYJKoZIhvcNAQELBQADggEBAC5h5a0vb+MZko/wawZF+OTYwd2nl53o7piNquY6
oDzebfLwUIWiSvbazffJ9yGig3ZTfEaPaTdCfH/2yQjL9T2Ok+P0kHgK70zgxelF
hejySS9OhR1zmfpzglkQ0VBPrFYUjgqhRYgMTWAq6q4BlcJy+v2xYIfwT5drIERP
yV+Qgvid/eGhC6gIOXfZ7EmxJv/DalDZT45Nx2t91QehaYFN20fqTUwIDIpSdeZm
2BIp03h2d6FhuFTdzcVCg5WSlDECISg72xDasUDl6nrSjopVMDK3A9fwfutZ9G0X
S3ZcUVWq4c1tNcbPpjPwoX4njVN+amDGSYlAtWtD2zkpKVk=
-----END CERTIFICATE-----