Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/G3NaOdmSptxEu-c6TZm-PIQvqWg.cer
File:                     G3NaOdmSptxEu-c6TZm-PIQvqWg.cer (raw, json)
Hash identifier:          /vKPWZl5Se9+NHMhhmlYV0tYedFlmEB2DlLRQ6YxpZs=
Subject key identifier:   1B:73:5A:39:D9:92:A6:DC:44:BB:E7:3A:4D:99:BE:3C:84:2F:A9:68
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01916A65895B8CDCBE767AC3A565C549FF5B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b7/06da0b-45fa-4bc9-9717-4001369ba11f/1/G3NaOdmSptxEu-c6TZm-PIQvqWg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b7/06da0b-45fa-4bc9-9717-4001369ba11f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 19 Aug 2024 11:28:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214341

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6a:65:89:5b:8c:dc:be:76:7a:c3:a5:65:c5:49:ff:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 19 11:28:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b735a39d992a6dc44bbe73a4d99be3c842fa968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9e:90:c6:9a:08:45:ee:ad:5d:20:da:98:e4:
                    b7:86:25:76:a6:a1:2c:af:a2:76:7c:be:41:fb:02:
                    7a:b7:c9:43:6e:3c:b4:c0:cb:9d:ba:77:e1:7b:d0:
                    6d:c8:ef:21:c6:62:e5:52:44:a9:c9:1d:d8:78:f1:
                    d1:b7:3e:cb:d1:3e:68:25:c8:b1:56:7b:ee:cd:f6:
                    d5:b6:b2:11:8f:7d:da:7f:38:05:79:a5:e8:24:96:
                    cc:0e:a7:62:16:20:94:a1:a7:e9:b9:85:37:f2:a9:
                    23:04:47:56:e9:99:44:8e:55:53:6c:09:82:57:02:
                    ce:9e:33:2f:d5:c5:82:fd:67:44:31:0c:ca:cd:e9:
                    dc:4c:e3:6d:16:43:88:7d:5f:a7:f3:e6:af:6c:d0:
                    54:05:cf:a2:60:fb:99:84:9b:c9:f7:ba:59:d0:2f:
                    bf:64:60:9a:82:eb:7b:1b:ce:07:3f:38:36:f1:9e:
                    a1:f9:66:f0:09:46:09:ce:59:7d:f1:54:ef:05:62:
                    69:f1:b8:c6:49:f0:b6:a6:16:3d:18:64:78:5d:ae:
                    37:0f:4b:b9:bd:15:29:97:c2:05:51:ef:8e:fa:b3:
                    61:36:3e:d0:95:40:0e:cd:2a:d9:f0:56:5f:df:46:
                    ae:81:f1:c9:b6:99:c8:01:c7:d9:af:2c:4c:4f:e1:
                    0a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:73:5A:39:D9:92:A6:DC:44:BB:E7:3A:4D:99:BE:3C:84:2F:A9:68
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/06da0b-45fa-4bc9-9717-4001369ba11f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/06da0b-45fa-4bc9-9717-4001369ba11f/1/G3NaOdmSptxEu-c6TZm-PIQvqWg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214341

    Signature Algorithm: sha256WithRSAEncryption
         94:8c:de:b8:90:3d:0e:e6:d9:06:ad:c6:cd:92:2d:04:0e:c1:
         9a:37:69:f8:d0:35:02:f6:b3:62:50:d8:54:57:37:7f:f8:fc:
         97:48:21:34:ce:d0:a3:76:0b:94:5c:8a:45:e0:06:ca:57:4f:
         da:ad:e9:a1:0d:4e:8f:8d:56:89:ea:30:79:67:fc:2f:15:42:
         e2:fc:0c:9b:35:c5:b2:cb:a7:2e:24:8d:05:fc:bb:09:59:80:
         ac:b6:3c:03:0f:3f:cf:d1:0c:d8:e2:8b:f5:cb:06:3f:3c:ba:
         7e:2a:b6:38:f9:11:fc:3c:41:85:29:2e:60:97:64:66:66:df:
         9f:6e:77:4a:93:42:c0:30:c8:0b:aa:34:8c:26:68:7d:d9:c4:
         83:de:7f:87:47:35:00:ea:e0:90:28:7e:c7:41:d0:45:7f:c6:
         54:c9:2c:25:f7:95:65:6a:8b:a5:fd:75:f1:8d:4d:2f:ec:c5:
         7c:7f:b9:d5:01:1e:76:c7:81:5a:3b:b4:2a:07:c2:f2:75:2e:
         51:1c:fc:54:a3:d1:36:4a:88:2c:a0:b7:04:79:f6:77:2f:80:
         fd:18:80:c9:16:af:ee:23:a7:37:82:1e:5b:c2:60:bb:59:c9:
         14:3e:3d:96:d0:cb:cb:e5:44:41:ea:4c:59:1d:49:42:4c:08:
         3d:87:9d:12
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZFqZYlbjNy+dnrDpWXFSf9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODE5MTEyODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjczNWEzOWQ5OTJhNmRjNDRiYmU3M2E0ZDk5YmUzYzg0MmZhOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJ6QxpoIRe6tXSDamOS3hiV2pqEs
r6J2fL5B+wJ6t8lDbjy0wMudunfhe9BtyO8hxmLlUkSpyR3YePHRtz7L0T5oJcix
VnvuzfbVtrIRj33afzgFeaXoJJbMDqdiFiCUoafpuYU38qkjBEdW6ZlEjlVTbAmC
VwLOnjMv1cWC/WdEMQzKzencTONtFkOIfV+n8+avbNBUBc+iYPuZhJvJ97pZ0C+/
ZGCagut7G84HPzg28Z6h+WbwCUYJzll98VTvBWJp8bjGSfC2phY9GGR4Xa43D0u5
vRUpl8IFUe+O+rNhNj7QlUAOzSrZ8FZf30augfHJtpnIAcfZryxMT+EKBwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFBtzWjnZkqbcRLvnOk2ZvjyEL6loMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I3LzA2ZGEw
Yi00NWZhLTRiYzktOTcxNy00MDAxMzY5YmExMWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjcvMDZkYTBi
LTQ1ZmEtNGJjOS05NzE3LTQwMDEzNjliYTExZi8xL0czTmFPZG1TcHR4RXUtYzZU
Wm0tUElRdnFXZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNFRTANBgkqhkiG9w0BAQsFAAOCAQEAlIzeuJA9DubZ
Bq3GzZItBA7Bmjdp+NA1AvazYlDYVFc3f/j8l0ghNM7Qo3YLlFyKReAGyldP2q3p
oQ1Oj41WieoweWf8LxVC4vwMmzXFssunLiSNBfy7CVmArLY8Aw8/z9EM2OKL9csG
Pzy6fiq2OPkR/DxBhSkuYJdkZmbfn253SpNCwDDIC6o0jCZofdnEg95/h0c1AOrg
kCh+x0HQRX/GVMksJfeVZWqLpf118Y1NL+zFfH+51QEedseBWju0KgfC8nUuURz8
VKPRNkqILKC3BHn2dy+A/RiAyRav7iOnN4IeW8Jgu1nJFD49ltDLy+VEQepMWR1J
QkwIPYedEg==
-----END CERTIFICATE-----