Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/F3AFF3Um1mjoRLKnpaWaxkpJVlI.cer
File:                     F3AFF3Um1mjoRLKnpaWaxkpJVlI.cer (raw, json)
Hash identifier:          G8FfR+p+535+OjJTpxoNEMkk8Ysnmwbv1/Gc8+EYASc=
Subject key identifier:   17:70:05:17:75:26:D6:68:E8:44:B2:A7:A5:A5:9A:C6:4A:49:56:52
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018DF3DD1B02314422556C4DD55290E1A43D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/00/3af153-ed0d-49c0-99df-0cdefbfc787a/1/F3AFF3Um1mjoRLKnpaWaxkpJVlI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/00/3af153-ed0d-49c0-99df-0cdefbfc787a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 29 Feb 2024 07:56:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 8458
                          IP: 193.93.156.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:dd:1b:02:31:44:22:55:6c:4d:d5:52:90:e1:a4:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 29 07:56:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=177005177526d668e844b2a7a5a59ac64a495652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d2:68:be:e9:00:cd:b4:f9:74:8d:df:6d:b8:
                    08:ca:86:2d:d7:a2:b5:56:da:af:09:89:93:00:b7:
                    e0:af:70:94:71:16:88:91:79:19:c0:12:e4:5d:76:
                    7c:9f:79:c4:c1:37:7f:b2:05:50:75:3b:35:94:52:
                    a4:83:1e:33:fe:02:c1:47:e4:8a:79:12:5c:c3:33:
                    e7:a2:9a:95:d0:23:66:75:e2:19:e5:f8:0f:c2:9b:
                    11:7a:26:20:84:c2:c3:25:11:5c:b7:de:ca:52:5a:
                    cd:2b:7f:c9:99:6c:d1:ad:8d:50:d7:25:35:16:e4:
                    67:a1:dd:17:3d:4c:c9:fe:15:5b:99:63:b0:9e:26:
                    a7:e2:b0:03:5e:0d:59:fc:b8:d9:2d:b1:ca:e3:d8:
                    05:25:fe:8e:c3:bc:5a:ce:88:42:a7:16:e7:27:3b:
                    66:82:4d:88:92:9d:60:14:d1:9c:9b:99:b0:fb:37:
                    a4:b3:5c:b0:fa:52:b1:72:da:0d:96:dc:0a:c6:3b:
                    13:a6:4d:d1:8f:93:1e:31:71:a1:29:34:a2:3b:86:
                    bb:93:46:b2:f8:4f:03:3a:c9:42:d6:db:7f:60:ad:
                    09:3f:38:22:1e:af:45:65:4c:42:ce:d3:05:a8:4b:
                    36:16:96:72:2b:c8:d6:04:58:71:67:28:03:8e:80:
                    4d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:70:05:17:75:26:D6:68:E8:44:B2:A7:A5:A5:9A:C6:4A:49:56:52
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/3af153-ed0d-49c0-99df-0cdefbfc787a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/3af153-ed0d-49c0-99df-0cdefbfc787a/1/F3AFF3Um1mjoRLKnpaWaxkpJVlI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.156.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8458

    Signature Algorithm: sha256WithRSAEncryption
         6e:3d:97:80:ca:31:cd:17:a0:2e:16:06:1b:89:79:90:49:f4:
         77:cd:a5:77:77:03:19:0e:74:11:bc:f9:66:a0:dc:01:33:03:
         fc:a8:7e:0d:a8:2e:2e:fb:76:88:d0:ac:2d:54:5f:ec:97:23:
         6b:3e:67:40:93:37:b0:90:a0:90:eb:8d:10:bb:2e:20:69:2e:
         2e:94:37:31:ec:07:d7:d2:b1:1d:58:29:ac:9c:9b:46:52:92:
         40:6f:a3:9c:f8:f2:cb:52:ef:3d:67:22:ad:42:8a:57:5a:3b:
         60:53:01:70:13:9b:ab:b3:ee:e6:2c:5d:d5:bd:94:19:33:18:
         27:d2:21:f3:53:4b:4b:ab:61:d3:14:50:07:69:16:8b:03:45:
         b7:0e:7c:cf:43:2a:bf:87:70:90:51:eb:ef:ca:1f:6e:e3:1d:
         98:d0:25:1c:00:d4:fc:13:18:d1:7d:f8:7f:fd:43:54:ed:a6:
         22:55:ce:68:9f:f4:d5:de:db:9c:5c:3f:16:ae:dc:69:30:9f:
         7c:a6:e0:51:74:1c:53:86:d3:69:86:f5:23:e2:65:34:b6:cf:
         3d:42:dc:23:cf:10:19:4e:5b:fb:9b:6e:0e:2a:93:c5:65:06:
         d9:e4:f9:91:22:e5:39:ef:d4:df:a0:43:8f:88:fd:10:1d:1f:
         1a:7f:77:93
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAY3z3RsCMUQiVWxN1VKQ4aQ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjI5MDc1NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzcwMDUxNzc1MjZkNjY4ZTg0NGIyYTdhNWE1OWFjNjRhNDk1NjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtJovukAzbT5dI3fbbgIyoYt16K1
VtqvCYmTALfgr3CUcRaIkXkZwBLkXXZ8n3nEwTd/sgVQdTs1lFKkgx4z/gLBR+SK
eRJcwzPnopqV0CNmdeIZ5fgPwpsReiYghMLDJRFct97KUlrNK3/JmWzRrY1Q1yU1
FuRnod0XPUzJ/hVbmWOwnian4rADXg1Z/LjZLbHK49gFJf6Ow7xazohCpxbnJztm
gk2Ikp1gFNGcm5mw+zeks1yw+lKxctoNltwKxjsTpk3Rj5MeMXGhKTSiO4a7k0ay
+E8DOslC1tt/YK0JPzgiHq9FZUxCztMFqEs2FpZyK8jWBFhxZygDjoBNTQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFBdwBRd1JtZo6ESyp6WlmsZKSVZSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAwLzNhZjE1
My1lZDBkLTQ5YzAtOTlkZi0wY2RlZmJmYzc4N2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAvM2FmMTUz
LWVkMGQtNDljMC05OWRmLTBjZGVmYmZjNzg3YS8xL0YzQUZGM1VtMW1qb1JMS25w
YVdheGtwSlZsSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwV2cMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AiEKMA0GCSqGSIb3DQEBCwUAA4IBAQBuPZeAyjHNF6AuFgYbiXmQSfR3zaV3dwMZ
DnQRvPlmoNwBMwP8qH4NqC4u+3aI0KwtVF/slyNrPmdAkzewkKCQ640Quy4gaS4u
lDcx7AfX0rEdWCmsnJtGUpJAb6Oc+PLLUu89ZyKtQopXWjtgUwFwE5urs+7mLF3V
vZQZMxgn0iHzU0tLq2HTFFAHaRaLA0W3DnzPQyq/h3CQUevvyh9u4x2Y0CUcANT8
ExjRffh//UNU7aYiVc5on/TV3tucXD8WrtxpMJ98puBRdBxThtNphvUj4mU0ts89
QtwjzxAZTlv7m24OKpPFZQbZ5PmRIuU579TfoEOPiP0QHR8af3eT
-----END CERTIFICATE-----