Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/K0mJ_jyso_MEQ8VKkC9pEhENkZU.cer
File:                     K0mJ_jyso_MEQ8VKkC9pEhENkZU.cer (raw, json)
Hash identifier:          T1FNcBEIGlQZHrI/GatqCU8W7Cq4dhIRvCUFqkaa8+A=
Subject key identifier:   2B:49:89:FE:3C:AC:A3:F3:04:43:C5:4A:90:2F:69:12:11:0D:91:95
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EB86CCD2E2724EDAFE38C6767CDC9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/12/9a641f-e4a7-4cc4-acec-5c38e7fe8e81/1/K0mJ_jyso_MEQ8VKkC9pEhENkZU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/12/9a641f-e4a7-4cc4-acec-5c38e7fe8e81/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:16 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 205590
                          AS: 212292

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b8:6c:cd:2e:27:24:ed:af:e3:8c:67:67:cd:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b4989fe3caca3f30443c54a902f6912110d9195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f1:1b:08:61:2d:94:ae:f1:d0:a6:fc:e8:43:
                    bd:f7:5b:19:ae:2d:99:63:03:69:c8:8f:1f:92:4f:
                    a8:f7:7d:88:24:3d:3a:27:dc:9f:b9:27:21:ff:bf:
                    31:30:75:49:06:49:87:89:98:8e:93:3f:8a:16:5b:
                    64:56:8e:4d:4b:48:9a:cc:60:ec:10:33:a4:d6:a9:
                    ea:a0:6d:0b:bf:39:b9:43:60:fa:22:c6:6e:27:f8:
                    6f:5e:0d:1c:44:b2:10:23:59:90:08:ec:c1:d8:3d:
                    c8:73:f7:3a:fa:d4:c6:46:36:61:b5:ce:b3:6d:c1:
                    92:5e:4e:f4:c3:71:73:08:6b:49:71:fc:6a:b5:e4:
                    e9:b8:db:6e:00:8b:39:d1:b2:6b:b2:37:19:96:f7:
                    ab:da:11:fa:9d:05:67:d6:23:a7:31:f4:e3:27:19:
                    92:ec:37:a2:90:58:5b:de:dd:4b:fa:46:11:60:9b:
                    7c:27:77:71:eb:17:56:90:1b:be:a6:0e:bb:cb:1b:
                    16:7b:8e:b1:a7:5b:75:1a:e1:60:d0:a1:0a:da:0e:
                    7d:75:37:41:5f:91:e6:3b:34:0b:5b:b7:9e:ab:af:
                    43:b7:5a:2f:df:01:4e:0c:25:b9:a6:c7:2f:2d:48:
                    4b:d9:0c:5a:d5:73:ae:32:13:d1:6c:a0:ae:fb:88:
                    50:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:49:89:FE:3C:AC:A3:F3:04:43:C5:4A:90:2F:69:12:11:0D:91:95
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/9a641f-e4a7-4cc4-acec-5c38e7fe8e81/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/9a641f-e4a7-4cc4-acec-5c38e7fe8e81/1/K0mJ_jyso_MEQ8VKkC9pEhENkZU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205590
                  212292

    Signature Algorithm: sha256WithRSAEncryption
         0a:3a:4b:76:64:09:ea:a4:bb:1b:b9:d3:08:75:0e:02:35:ab:
         37:70:e4:57:1c:e3:8d:8e:37:e4:95:b8:e4:bd:33:0d:1f:1a:
         63:a9:88:53:68:90:59:00:fa:07:7c:04:2f:e4:80:83:56:05:
         7d:09:bf:f0:58:c1:5a:97:c0:10:34:60:a7:4a:cd:c3:0e:b2:
         d9:c3:16:e8:8f:c3:39:03:5d:c9:22:1e:db:e5:f5:1b:e4:9d:
         16:52:37:3e:3a:b3:b1:24:c8:4a:f4:88:ec:c4:1d:c2:35:94:
         40:a5:f2:d4:3d:f2:74:6b:66:71:ea:68:30:e3:73:1e:c9:e2:
         8f:0f:d9:98:d7:8a:27:23:0d:60:61:ec:d6:26:6a:eb:ec:1e:
         4f:33:bb:d9:a8:37:0f:57:9e:e0:2b:09:62:86:28:03:af:3d:
         40:11:39:78:ab:61:09:7b:e1:73:bd:75:f5:1d:f4:91:fd:6c:
         82:f4:9f:90:45:35:69:e2:05:b3:db:2d:a9:8f:29:02:13:6c:
         3a:0f:21:7f:4c:98:90:b0:a0:07:bf:2e:69:cb:6b:96:99:c9:
         2b:dd:cd:f9:db:e6:3a:2d:45:6b:8e:18:a3:4e:f7:db:19:79:
         a7:54:a7:a1:48:8d:e0:bc:fd:e0:7c:47:04:12:bd:c0:4b:18:
         87:16:da:ca
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzFbrhszS4nJO2v44xnZ83JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjQ5ODlmZTNjYWNhM2YzMDQ0M2M1NGE5MDJmNjkxMjExMGQ5MTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vEbCGEtlK7x0Kb86EO991sZri2Z
YwNpyI8fkk+o932IJD06J9yfuSch/78xMHVJBkmHiZiOkz+KFltkVo5NS0iazGDs
EDOk1qnqoG0Lvzm5Q2D6IsZuJ/hvXg0cRLIQI1mQCOzB2D3Ic/c6+tTGRjZhtc6z
bcGSXk70w3FzCGtJcfxqteTpuNtuAIs50bJrsjcZlver2hH6nQVn1iOnMfTjJxmS
7DeikFhb3t1L+kYRYJt8J3dx6xdWkBu+pg67yxsWe46xp1t1GuFg0KEK2g59dTdB
X5HmOzQLW7eeq69Dt1ov3wFODCW5pscvLUhL2Qxa1XOuMhPRbKCu+4hQJwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCtJif48rKPzBEPFSpAvaRIRDZGVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEyLzlhNjQx
Zi1lNGE3LTRjYzQtYWNlYy01YzM4ZTdmZThlODEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIvOWE2NDFm
LWU0YTctNGNjNC1hY2VjLTVjMzhlN2ZlOGU4MS8xL0swbUpfanlzb19NRVE4Vktr
QzlwRWhFTmtaVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEIAQH/BBAwDqAMMAoCAwMjFgIDAz1EMA0GCSqGSIb3DQEBCwUAA4IBAQAKOkt2
ZAnqpLsbudMIdQ4CNas3cORXHOONjjfklbjkvTMNHxpjqYhTaJBZAPoHfAQv5ICD
VgV9Cb/wWMFal8AQNGCnSs3DDrLZwxboj8M5A13JIh7b5fUb5J0WUjc+OrOxJMhK
9IjsxB3CNZRApfLUPfJ0a2Zx6mgw43MeyeKPD9mY14onIw1gYezWJmrr7B5PM7vZ
qDcPV57gKwlihigDrz1AETl4q2EJe+FzvXX1HfSR/WyC9J+QRTVp4gWz2y2pjykC
E2w6DyF/TJiQsKAHvy5py2uWmckr3c352+Y6LUVrjhijTvfbGXmnVKehSI3gvP3g
fEcEEr3ASxiHFtrK
-----END CERTIFICATE-----