Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JkOSPnc-snBJKuzI2hXC5cpXwso.cer
File:                     JkOSPnc-snBJKuzI2hXC5cpXwso.cer (raw, json)
Hash identifier:          ghO60ecT9eHKWDDW4teACV6mLHr/EGUaUTfDMShNRx8=
Subject key identifier:   26:43:92:3E:77:3E:B2:70:49:2A:EC:C8:DA:15:C2:E5:CA:57:C2:CA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B719EA946F5B8BA57523D5CD26FE85
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/JkOSPnc-snBJKuzI2hXC5cpXwso.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 208505
                          IP: 2001:678:ac4::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:19:ea:94:6f:5b:8b:a5:75:23:d5:cd:26:fe:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2643923e773eb270492aecc8da15c2e5ca57c2ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f1:d1:26:4b:d6:f5:b4:60:36:df:0c:dd:fd:
                    0f:c0:c1:4a:98:c2:2e:98:80:3b:df:9d:bb:04:c7:
                    67:dc:4a:13:ec:5a:23:2e:38:83:d5:1c:f3:d5:3b:
                    98:cf:f0:dd:31:60:f5:fe:27:ed:5d:6f:6d:15:bb:
                    10:11:37:17:7c:0f:d2:95:3f:34:e6:f9:7b:c3:96:
                    ac:3c:c5:72:08:22:2f:52:a4:1d:fa:f6:c5:37:d7:
                    ba:5c:44:49:81:8f:90:c3:67:f1:92:53:4c:f4:89:
                    ba:16:5c:b0:26:d4:93:e1:77:f2:19:10:31:2a:6c:
                    5e:44:c2:a0:a0:2b:42:98:97:36:12:44:8b:3c:76:
                    cd:5a:2f:f3:4c:35:cc:c7:e9:51:6c:72:af:94:1f:
                    2a:29:c2:23:53:12:8d:8f:2e:21:d2:2b:92:42:f1:
                    1d:d3:c7:61:2d:be:a5:bd:c6:48:51:6e:d2:91:ef:
                    c4:e9:31:ff:b8:a5:cb:a5:7f:5b:41:30:fd:2c:98:
                    08:ba:10:d8:34:fe:b7:2f:d7:b2:a8:d5:fe:46:44:
                    3d:e2:3d:80:a1:23:69:b5:01:c9:32:52:6e:bb:17:
                    28:d1:34:bc:04:1f:68:69:ec:5b:f5:d6:06:aa:62:
                    23:50:7c:c7:b6:42:f9:5c:4c:d2:bf:f6:8f:e8:f8:
                    da:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:43:92:3E:77:3E:B2:70:49:2A:EC:C8:DA:15:C2:E5:CA:57:C2:CA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/JkOSPnc-snBJKuzI2hXC5cpXwso.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ac4::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208505

    Signature Algorithm: sha256WithRSAEncryption
         0d:83:c3:a4:a7:df:13:21:07:b6:43:a2:1b:e4:8f:b8:b6:13:
         88:95:b8:07:4b:32:ab:80:3a:30:cf:53:27:10:4c:29:23:91:
         ee:3d:b1:fd:c5:51:40:77:b9:78:c1:74:ed:03:2d:0e:f2:d7:
         5f:2c:73:8e:f9:31:cd:cc:bb:e8:f2:8e:c5:ed:71:e9:08:f5:
         1a:4c:ae:cf:a4:02:1b:a8:87:28:b3:bc:03:9e:56:62:80:a0:
         17:1c:b7:5b:a5:d3:75:27:c5:fb:f3:3f:a0:b8:26:f4:a8:ee:
         d1:9f:a8:40:a7:64:cb:cb:b5:07:b5:1e:e5:90:81:c4:d5:01:
         a4:40:9a:74:3d:4b:1a:fe:69:f9:e9:0e:19:76:8b:e5:e9:1a:
         c2:c3:f0:f5:18:ab:a8:a5:59:5a:86:75:74:c2:c8:55:6f:cf:
         c6:84:ec:56:14:35:99:8b:c0:73:35:ee:d8:4f:b5:b8:81:5b:
         8a:16:8d:ab:81:c1:f9:a9:a5:48:0b:43:1a:5c:95:d0:2d:d7:
         2f:ae:db:5e:d3:7a:b5:89:f4:ae:3e:85:84:6d:0c:1b:0f:38:
         36:63:24:02:50:1f:53:9c:4b:03:c0:ef:7b:28:93:a7:87:02:
         aa:44:fe:f3:e6:5c:89:4e:c2:f3:d0:ea:6c:ed:3d:09:85:7a:
         d1:20:48:87
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzDtxnqlG9bi6V1I9XNJv6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjQzOTIzZTc3M2ViMjcwNDkyYWVjYzhkYTE1YzJlNWNhNTdjMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvHRJkvW9bRgNt8M3f0PwMFKmMIu
mIA73527BMdn3EoT7FojLjiD1Rzz1TuYz/DdMWD1/iftXW9tFbsQETcXfA/SlT80
5vl7w5asPMVyCCIvUqQd+vbFN9e6XERJgY+Qw2fxklNM9Im6FlywJtST4XfyGRAx
KmxeRMKgoCtCmJc2EkSLPHbNWi/zTDXMx+lRbHKvlB8qKcIjUxKNjy4h0iuSQvEd
08dhLb6lvcZIUW7Ske/E6TH/uKXLpX9bQTD9LJgIuhDYNP63L9eyqNX+RkQ94j2A
oSNptQHJMlJuuxco0TS8BB9oaexb9dYGqmIjUHzHtkL5XEzSv/aP6PjahQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFCZDkj53PrJwSSrsyNoVwuXKV8LKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU3LzA2MzFh
Ny00MTZjLTQxYmUtOGU0NS03OGMzN2MwYjBkOTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTcvMDYzMWE3
LTQxNmMtNDFiZS04ZTQ1LTc4YzM3YzBiMGQ5Ny8xL0prT1NQbmMtc25CSkt1ekky
aFhDNWNwWHdzby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeArEMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMueTANBgkqhkiG9w0BAQsFAAOCAQEADYPDpKffEyEHtkOiG+SPuLYTiJW4
B0syq4A6MM9TJxBMKSOR7j2x/cVRQHe5eMF07QMtDvLXXyxzjvkxzcy76PKOxe1x
6Qj1Gkyuz6QCG6iHKLO8A55WYoCgFxy3W6XTdSfF+/M/oLgm9Kju0Z+oQKdky8u1
B7Ue5ZCBxNUBpECadD1LGv5p+ekOGXaL5ekawsPw9RirqKVZWoZ1dMLIVW/PxoTs
VhQ1mYvAczXu2E+1uIFbihaNq4HB+amlSAtDGlyV0C3XL67bXtN6tYn0rj6FhG0M
Gw84NmMkAlAfU5xLA8DveyiTp4cCqkT+8+ZciU7C89DqbO09CYV60SBIhw==
-----END CERTIFICATE-----