Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/J8QG3ym-nyrVCz7FvVPfuSLRr6A.cer
File:                     J8QG3ym-nyrVCz7FvVPfuSLRr6A.cer (raw, json)
Hash identifier:          8VSTYnuhg+CU8/fLd65onKeuE08L+GbSxp6Fv+bghus=
Subject key identifier:   27:C4:06:DF:29:BE:9F:2A:D5:0B:3E:C5:BD:53:DF:B9:22:D1:AF:A0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC802A78AD821CAB95B08707F49ECCFB2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1e/41b8f8-3900-4514-8dbf-27d362e96d40/1/J8QG3ym-nyrVCz7FvVPfuSLRr6A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1e/41b8f8-3900-4514-8dbf-27d362e96d40/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:31:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48883

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:a7:8a:d8:21:ca:b9:5b:08:70:7f:49:ec:cf:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27c406df29be9f2ad50b3ec5bd53dfb922d1afa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:11:14:cd:8f:c1:54:69:6e:1b:1d:22:fe:33:
                    46:5d:92:e0:0b:b5:09:86:4f:61:f2:b9:fd:d7:70:
                    6f:45:0d:b3:4b:bf:29:7b:4f:ce:be:14:50:9c:87:
                    ab:ed:22:69:0a:0b:bb:b2:66:69:a9:f7:aa:f3:99:
                    29:80:50:ce:f2:a8:f6:7a:b9:6c:d5:17:ea:2b:e1:
                    71:6d:82:94:cf:57:79:e3:19:9a:3a:6d:ff:cb:11:
                    3f:a6:5e:ee:f3:df:65:c8:ef:2f:6f:2f:84:ad:e2:
                    ee:e0:ec:f6:09:ad:6b:37:5d:2c:3c:d5:bf:f7:d7:
                    b2:30:bc:3a:99:5b:43:29:e5:22:69:aa:97:57:ef:
                    f6:90:6f:f8:7b:9d:08:33:28:22:f9:5a:ec:d6:16:
                    49:da:c1:6f:94:ff:4a:fd:1d:12:40:8a:b1:d5:65:
                    5d:81:07:2d:84:7b:f7:e7:4e:f4:e6:26:68:2e:c3:
                    cc:8c:2c:f6:c2:ff:ba:05:b0:7a:26:76:be:3b:89:
                    c1:34:3b:dc:1b:25:de:2b:61:7d:9c:ad:8a:62:2c:
                    87:9b:b3:18:ea:8a:a2:1b:d9:84:f2:a8:10:f3:af:
                    59:06:6b:ad:5b:03:b2:a4:c1:57:50:c7:fc:a3:41:
                    a0:29:a3:f2:81:4f:c0:2d:ad:27:ea:6f:59:80:d9:
                    8c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:C4:06:DF:29:BE:9F:2A:D5:0B:3E:C5:BD:53:DF:B9:22:D1:AF:A0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/41b8f8-3900-4514-8dbf-27d362e96d40/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/41b8f8-3900-4514-8dbf-27d362e96d40/1/J8QG3ym-nyrVCz7FvVPfuSLRr6A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48883

    Signature Algorithm: sha256WithRSAEncryption
         98:6c:c3:0f:d3:d3:74:b0:13:13:bf:55:a1:71:a5:3d:47:1e:
         74:95:96:50:16:5a:a7:bb:13:ff:a8:9a:b9:51:13:9c:ee:37:
         1a:0e:4e:37:10:30:b9:25:02:cc:97:5b:ca:99:5b:47:9b:83:
         a5:d5:14:2d:37:43:94:b9:c3:ab:4e:07:5d:1f:b8:3d:e6:72:
         2c:6c:98:67:0a:db:18:76:16:a1:5c:d3:bf:67:b5:52:35:ed:
         24:81:f9:35:c9:a0:2b:72:74:06:ff:23:71:8d:48:55:e9:ea:
         be:64:64:56:14:bc:8a:f5:f5:5e:df:c8:0c:08:45:cc:fb:f1:
         ac:92:7e:05:fc:3a:ed:93:f8:36:49:c7:f5:42:aa:a4:56:ee:
         a9:23:04:f5:3f:2c:15:ff:ab:7d:7b:31:9b:f5:d3:b7:2c:6e:
         31:a5:ac:c5:73:62:42:fe:a0:9d:a0:cd:4d:26:a7:d2:24:89:
         43:2f:2b:3c:d0:3d:20:8d:80:4d:44:3a:13:8e:da:d8:e2:c9:
         81:1a:8b:0a:ae:3d:28:31:4b:2c:8f:e0:c1:2a:2f:7f:8e:ce:
         3e:91:9e:ab:7e:c2:2f:09:c6:44:24:49:94:9b:1a:ef:73:5d:
         99:df:f2:d0:f1:b2:dd:e0:b1:75:02:4d:69:b0:8a:80:ea:66:
         35:aa:72:58
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIAqeK2CHKuVsIcH9J7M+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2M0MDZkZjI5YmU5ZjJhZDUwYjNlYzViZDUzZGZiOTIyZDFhZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBEUzY/BVGluGx0i/jNGXZLgC7UJ
hk9h8rn913BvRQ2zS78pe0/OvhRQnIer7SJpCgu7smZpqfeq85kpgFDO8qj2erls
1RfqK+FxbYKUz1d54xmaOm3/yxE/pl7u899lyO8vby+EreLu4Oz2Ca1rN10sPNW/
99eyMLw6mVtDKeUiaaqXV+/2kG/4e50IMygi+Vrs1hZJ2sFvlP9K/R0SQIqx1WVd
gQcthHv350705iZoLsPMjCz2wv+6BbB6Jna+O4nBNDvcGyXeK2F9nK2KYiyHm7MY
6oqiG9mE8qgQ869ZBmutWwOypMFXUMf8o0GgKaPygU/ALa0n6m9ZgNmMBwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCfEBt8pvp8q1Qs+xb1T37ki0a+gMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFlLzQxYjhm
OC0zOTAwLTQ1MTQtOGRiZi0yN2QzNjJlOTZkNDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUvNDFiOGY4
LTM5MDAtNDUxNC04ZGJmLTI3ZDM2MmU5NmQ0MC8xL0o4UUczeW0tbnlyVkN6N0Z2
VlBmdVNMUnI2QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwC+8zANBgkqhkiG9w0BAQsFAAOCAQEAmGzDD9PTdLAT
E79VoXGlPUcedJWWUBZap7sT/6iauVETnO43Gg5ONxAwuSUCzJdbyplbR5uDpdUU
LTdDlLnDq04HXR+4PeZyLGyYZwrbGHYWoVzTv2e1UjXtJIH5NcmgK3J0Bv8jcY1I
VenqvmRkVhS8ivX1Xt/IDAhFzPvxrJJ+Bfw67ZP4NknH9UKqpFbuqSME9T8sFf+r
fXsxm/XTtyxuMaWsxXNiQv6gnaDNTSan0iSJQy8rPNA9II2ATUQ6E47a2OLJgRqL
Cq49KDFLLI/gwSovf47OPpGeq37CLwnGRCRJlJsa73Ndmd/y0PGy3eCxdQJNabCK
gOpmNapyWA==
-----END CERTIFICATE-----