Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FWFTBSCZaflRZ7M57dJ0P3VsY0M.cer
File:                     FWFTBSCZaflRZ7M57dJ0P3VsY0M.cer (raw, json)
Hash identifier:          C/7hodfX3ccWS97ksopE8q1n2ihx2jnZNTr7BowEbFA=
Subject key identifier:   15:61:53:05:20:99:69:F9:51:67:B3:39:ED:D2:74:3F:75:6C:63:43
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B7D15D8BCEE9B3C04A27F7C9A76978
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f2/375f3b-945c-4cb6-aa93-08d92e3a6fff/1/FWFTBSCZaflRZ7M57dJ0P3VsY0M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f2/375f3b-945c-4cb6-aa93-08d92e3a6fff/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211891

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:d1:5d:8b:ce:e9:b3:c0:4a:27:f7:c9:a7:69:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15615305209969f95167b339edd2743f756c6343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2f:3d:ca:79:ba:54:cc:07:45:b2:bf:e8:e6:
                    90:be:c5:55:1a:7b:6d:2b:16:c8:d5:eb:80:4c:af:
                    2b:71:57:23:22:21:93:3d:cb:1e:7d:54:2b:a3:01:
                    f0:43:eb:41:9c:4b:58:0f:0b:4c:11:da:a3:88:53:
                    24:ec:3c:7c:5d:ba:77:3a:9c:eb:7b:ce:5a:69:5f:
                    63:9c:8e:07:0f:21:2c:d8:87:2e:87:13:da:e7:8b:
                    1e:c4:e2:2e:8a:74:62:39:75:d7:d8:1d:11:a7:fc:
                    e7:c4:59:91:ae:0b:e5:28:61:32:da:08:58:8a:6c:
                    be:9e:0e:bd:4f:0c:68:d8:83:1c:ee:4a:c0:8a:7b:
                    7e:82:3c:96:ef:1f:d1:d7:be:ce:3e:59:dd:ac:4a:
                    11:da:ff:84:46:23:a7:5d:df:0e:3b:84:39:54:a9:
                    d5:2d:38:c6:03:61:dc:6b:16:c4:aa:12:8c:9a:13:
                    d5:6c:89:fd:35:09:ee:5f:4b:c3:b3:8a:f7:98:83:
                    1f:c3:b3:ea:f9:cf:e7:d2:48:6a:7f:9a:1f:e1:2f:
                    e9:4f:91:eb:fe:82:73:6f:00:13:f8:72:fe:39:25:
                    ff:ba:27:89:b2:60:c5:07:f0:27:07:6b:2b:22:11:
                    db:df:c3:bf:15:e5:c6:1c:72:6f:86:e1:33:8c:b2:
                    70:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:61:53:05:20:99:69:F9:51:67:B3:39:ED:D2:74:3F:75:6C:63:43
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/375f3b-945c-4cb6-aa93-08d92e3a6fff/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/375f3b-945c-4cb6-aa93-08d92e3a6fff/1/FWFTBSCZaflRZ7M57dJ0P3VsY0M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211891

    Signature Algorithm: sha256WithRSAEncryption
         90:d2:58:af:5f:c0:9e:fb:65:2d:b8:06:66:18:24:9d:fe:21:
         b2:f7:6e:36:65:eb:a4:8d:3b:72:b3:72:8d:67:3f:1c:90:01:
         72:1c:8e:07:3c:00:b5:e7:e9:aa:e4:bc:e6:ef:bc:61:d2:53:
         3f:c9:c1:ba:8c:86:e2:0e:fa:2f:8e:9b:62:d7:b4:d3:41:72:
         02:cc:8d:90:30:f7:59:73:c0:e6:30:00:88:5e:74:d4:c8:85:
         3b:0b:6f:4f:4b:95:ff:47:5d:c7:97:09:e7:7d:1f:3a:eb:54:
         99:87:8a:1b:df:2d:ec:25:30:62:df:84:04:15:fa:8a:23:81:
         2c:33:5e:0d:ee:b5:dd:4e:cd:08:ee:ab:85:aa:9d:67:04:7b:
         35:3e:6e:85:35:4f:d2:92:23:af:47:c0:49:c9:28:d7:cc:eb:
         d2:b2:65:86:e8:8f:96:61:11:3f:09:6c:24:69:56:d0:b8:25:
         0a:ea:4b:44:80:a6:aa:7c:cb:b0:61:85:54:11:aa:3d:0d:3a:
         6e:2d:f7:03:de:33:10:f1:d3:ee:96:5f:b4:7d:90:e9:51:71:
         54:f9:52:60:e4:21:c3:6c:d6:c2:0b:c8:8b:27:1e:41:ac:c4:
         08:47:e4:1c:63:10:08:58:96:dc:04:d6:ba:eb:70:e1:b0:ec:
         64:ae:8a:72
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzGt9Fdi87ps8BKJ/fJp2l4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTYxNTMwNTIwOTk2OWY5NTE2N2IzMzllZGQyNzQzZjc1NmM2MzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlS89ynm6VMwHRbK/6OaQvsVVGntt
KxbI1euATK8rcVcjIiGTPcsefVQrowHwQ+tBnEtYDwtMEdqjiFMk7Dx8Xbp3Opzr
e85aaV9jnI4HDyEs2IcuhxPa54sexOIuinRiOXXX2B0Rp/znxFmRrgvlKGEy2ghY
imy+ng69Twxo2IMc7krAint+gjyW7x/R177OPlndrEoR2v+ERiOnXd8OO4Q5VKnV
LTjGA2HcaxbEqhKMmhPVbIn9NQnuX0vDs4r3mIMfw7Pq+c/n0khqf5of4S/pT5Hr
/oJzbwAT+HL+OSX/uieJsmDFB/AnB2srIhHb38O/FeXGHHJvhuEzjLJwhQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFBVhUwUgmWn5UWezOe3SdD91bGNDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YyLzM3NWYz
Yi05NDVjLTRjYjYtYWE5My0wOGQ5MmUzYTZmZmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvMzc1ZjNi
LTk0NWMtNGNiNi1hYTkzLTA4ZDkyZTNhNmZmZi8xL0ZXRlRCU0NaYWZsUlo3TTU3
ZEowUDNWc1kwTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM7szANBgkqhkiG9w0BAQsFAAOCAQEAkNJYr1/Anvtl
LbgGZhgknf4hsvduNmXrpI07crNyjWc/HJABchyOBzwAtefpquS85u+8YdJTP8nB
uoyG4g76L46bYte000FyAsyNkDD3WXPA5jAAiF501MiFOwtvT0uV/0ddx5cJ530f
OutUmYeKG98t7CUwYt+EBBX6iiOBLDNeDe613U7NCO6rhaqdZwR7NT5uhTVP0pIj
r0fAScko18zr0rJlhuiPlmERPwlsJGlW0LglCupLRICmqnzLsGGFVBGqPQ06bi33
A94zEPHT7pZftH2Q6VFxVPlSYOQhw2zWwgvIiyceQazECEfkHGMQCFiW3ATWuutw
4bDsZK6Kcg==
-----END CERTIFICATE-----