Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Fkwq19YOy_iTAOPn1OyF8UkxRm4.cer
File:                     Fkwq19YOy_iTAOPn1OyF8UkxRm4.cer (raw, json)
Hash identifier:          xkF1Og2yCXR8GGpo4CJhUJ9lUlMGtMi97SYIWxA9VUs=
Subject key identifier:   16:4C:2A:D7:D6:0E:CB:F8:93:00:E3:E7:D4:EC:85:F1:49:31:46:6E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DF243A568305CA45F730D326C4B548
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bb/dad127-0378-44eb-b66d-77405ce5a728/1/Fkwq19YOy_iTAOPn1OyF8UkxRm4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bb/dad127-0378-44eb-b66d-77405ce5a728/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:31:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216115

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:24:3a:56:83:05:ca:45:f7:30:d3:26:c4:b5:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=164c2ad7d60ecbf89300e3e7d4ec85f14931466e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:55:09:8d:8e:07:68:bc:73:51:e9:85:f6:4d:
                    29:be:c8:ed:ef:89:6b:35:a0:6d:f0:ad:d4:6b:9b:
                    99:d1:6d:e2:fd:74:d3:dc:7a:2f:e2:d3:90:09:e0:
                    2e:95:c5:3a:ac:49:29:35:5b:01:d0:42:19:d7:1c:
                    06:cf:1a:5b:47:bf:2c:91:1d:31:c6:56:80:3d:1b:
                    ce:71:50:bc:a3:ea:35:2a:7b:e2:c6:e2:f7:68:07:
                    eb:db:ed:f4:9c:96:ed:2b:d4:f5:23:88:8b:5d:fb:
                    d2:19:5f:92:9c:76:98:10:e6:31:79:d7:90:a1:12:
                    5f:d9:5b:1b:c1:da:20:7d:20:5b:40:7e:78:9e:5e:
                    62:1a:c7:55:6b:c8:d3:8d:b6:59:d6:1d:e7:55:06:
                    26:0b:23:06:92:fd:bf:56:ac:34:4c:92:5d:d4:95:
                    97:82:fb:8b:1d:0a:cc:a2:59:63:e6:52:1f:2f:cc:
                    f8:9e:b7:5a:e4:23:ee:c5:2e:d7:90:c7:e4:72:c0:
                    7c:01:73:03:e7:e1:0d:82:cc:82:7b:83:fe:ce:a8:
                    be:9b:5f:b0:8a:42:19:44:09:f6:64:34:90:72:05:
                    f7:5f:7b:b3:62:4e:60:ce:7e:fd:30:43:e1:15:d2:
                    2d:a4:8f:5c:97:93:8c:b3:7d:e7:cd:56:82:65:a0:
                    d0:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:4C:2A:D7:D6:0E:CB:F8:93:00:E3:E7:D4:EC:85:F1:49:31:46:6E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dad127-0378-44eb-b66d-77405ce5a728/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dad127-0378-44eb-b66d-77405ce5a728/1/Fkwq19YOy_iTAOPn1OyF8UkxRm4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216115

    Signature Algorithm: sha256WithRSAEncryption
         05:da:07:b3:6a:f9:59:b8:11:74:38:21:f3:66:92:41:15:9e:
         f0:3b:be:a9:48:a5:3c:ef:0b:17:b6:91:06:f0:b1:97:f5:c5:
         37:8a:81:97:2c:16:ea:11:21:ad:42:16:91:c4:fc:df:ae:93:
         9b:99:92:6c:8c:c0:9c:af:ea:2f:57:15:b8:17:2b:0e:87:34:
         a8:10:3e:4c:7e:54:f6:92:fc:a5:03:c5:23:9a:81:19:89:e0:
         15:19:08:6a:7e:2b:ef:71:e7:57:73:8c:35:ea:9c:79:1a:9f:
         64:90:93:df:9c:7b:4b:b6:9c:3c:68:fb:78:f0:ff:8e:81:17:
         c9:7e:ef:7b:77:3a:c1:d9:5b:1a:33:c9:87:84:fa:98:bb:32:
         02:33:b5:f1:9b:ea:17:df:ab:8c:8d:5a:0d:b9:c8:4a:0d:a9:
         4b:e2:fb:15:69:ae:73:40:8d:c4:b8:79:5d:dc:da:c4:c5:87:
         fa:96:24:2c:86:8f:4e:ec:bc:b4:25:d1:db:ae:c3:51:bf:4e:
         42:e3:04:5d:45:a8:07:e4:a8:78:99:06:c3:ff:92:3c:e3:f3:
         27:ab:d6:81:25:a8:46:4c:a8:cf:63:4c:3e:70:27:c9:dd:07:
         d0:11:3b:e1:08:b1:31:be:83:ae:0f:3e:76:f3:a6:c2:be:77:
         9b:2e:56:92
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzI3yQ6VoMFykX3MNMmxLVIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjRjMmFkN2Q2MGVjYmY4OTMwMGUzZTdkNGVjODVmMTQ5MzE0NjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFUJjY4HaLxzUemF9k0pvsjt74lr
NaBt8K3Ua5uZ0W3i/XTT3Hov4tOQCeAulcU6rEkpNVsB0EIZ1xwGzxpbR78skR0x
xlaAPRvOcVC8o+o1KnvixuL3aAfr2+30nJbtK9T1I4iLXfvSGV+SnHaYEOYxedeQ
oRJf2VsbwdogfSBbQH54nl5iGsdVa8jTjbZZ1h3nVQYmCyMGkv2/Vqw0TJJd1JWX
gvuLHQrMollj5lIfL8z4nrda5CPuxS7XkMfkcsB8AXMD5+ENgsyCe4P+zqi+m1+w
ikIZRAn2ZDSQcgX3X3uzYk5gzn79MEPhFdItpI9cl5OMs33nzVaCZaDQ9QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFBZMKtfWDsv4kwDj59TshfFJMUZuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JiL2RhZDEy
Ny0wMzc4LTQ0ZWItYjY2ZC03NzQwNWNlNWE3MjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIvZGFkMTI3
LTAzNzgtNDRlYi1iNjZkLTc3NDA1Y2U1YTcyOC8xL0Zrd3ExOVlPeV9pVEFPUG4x
T3lGOFVreFJtNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNMMzANBgkqhkiG9w0BAQsFAAOCAQEABdoHs2r5WbgR
dDgh82aSQRWe8Du+qUilPO8LF7aRBvCxl/XFN4qBlywW6hEhrUIWkcT8366Tm5mS
bIzAnK/qL1cVuBcrDoc0qBA+TH5U9pL8pQPFI5qBGYngFRkIan4r73HnV3OMNeqc
eRqfZJCT35x7S7acPGj7ePD/joEXyX7ve3c6wdlbGjPJh4T6mLsyAjO18ZvqF9+r
jI1aDbnISg2pS+L7FWmuc0CNxLh5XdzaxMWH+pYkLIaPTuy8tCXR267DUb9OQuME
XUWoB+SoeJkGw/+SPOPzJ6vWgSWoRkyoz2NMPnAnyd0H0BE74QixMb6Drg8+dvOm
wr53my5Wkg==
-----END CERTIFICATE-----