Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KBp_B75cMTjLQ8LBiymqVGhUS6Y.cer
File:                     KBp_B75cMTjLQ8LBiymqVGhUS6Y.cer (raw, json)
Hash identifier:          ZvG0oqorI+SMI18vr7+HKDXbwfr3ljf5HgW4mAFR7RM=
Subject key identifier:   28:1A:7F:07:BE:5C:31:38:CB:43:C2:C1:8B:29:AA:54:68:54:4B:A6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EC7D8DC0097B116C66EC7EE5677FABDA2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/23/aca44e-8449-471f-8ebd-52ccf65bd67b/1/KBp_B75cMTjLQ8LBiymqVGhUS6Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/23/aca44e-8449-471f-8ebd-52ccf65bd67b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 10 Apr 2024 11:51:01 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48852

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:d8:dc:00:97:b1:16:c6:6e:c7:ee:56:77:fa:bd:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 10 11:51:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=281a7f07be5c3138cb43c2c18b29aa5468544ba6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:81:f5:fa:6b:5a:77:a7:6e:49:bb:c7:48:6d:
                    ee:47:8a:d2:34:e0:db:7e:1b:dd:b8:78:04:09:fe:
                    c6:dd:e5:55:9f:ac:c8:8c:9c:d0:e0:99:cd:d5:cd:
                    88:3d:4d:11:4a:b8:9b:37:df:e3:16:58:44:ed:9a:
                    e0:51:f4:68:de:7d:3b:b1:c2:88:74:56:47:cc:45:
                    9b:10:5e:be:13:cd:58:9b:2d:99:b1:4a:22:26:7b:
                    92:db:67:36:ca:d4:17:93:c6:c3:95:d9:2b:ea:a4:
                    a0:3c:1f:37:8e:58:a4:b5:a9:fa:4d:e1:c9:54:e8:
                    30:1c:d6:da:6a:14:65:a8:cb:0f:df:a0:e8:d2:1d:
                    6a:e1:f9:39:cb:8e:d8:3a:1c:24:09:db:99:13:2e:
                    de:eb:41:2f:52:ae:4c:78:32:28:d4:37:0f:9e:52:
                    5c:02:62:bb:aa:96:62:45:de:d7:98:f7:c6:47:9f:
                    81:f4:40:46:70:0c:97:4b:d6:c5:09:c8:fc:9a:dd:
                    ff:fe:96:38:27:58:c3:ef:72:e0:12:b5:9a:43:34:
                    06:e8:39:4a:ec:55:17:a0:b4:1c:80:ce:35:bc:46:
                    c1:c8:95:9f:02:33:53:91:fd:65:90:bd:be:32:9d:
                    4b:24:ad:d6:a4:f2:0b:ac:c9:ff:d0:b8:e6:52:64:
                    28:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:1A:7F:07:BE:5C:31:38:CB:43:C2:C1:8B:29:AA:54:68:54:4B:A6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aca44e-8449-471f-8ebd-52ccf65bd67b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aca44e-8449-471f-8ebd-52ccf65bd67b/1/KBp_B75cMTjLQ8LBiymqVGhUS6Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48852

    Signature Algorithm: sha256WithRSAEncryption
         96:f1:14:13:bc:be:59:0f:a0:58:d1:0b:5f:08:73:78:ba:02:
         07:85:b8:6c:2b:55:a4:68:44:c3:d4:8b:aa:3e:c0:b7:23:fb:
         3a:1b:a5:36:55:4b:16:9d:e7:a8:8c:ec:03:a6:5e:7a:52:57:
         08:6e:14:f1:3d:32:af:1d:a9:00:e7:71:0d:ce:51:c5:c3:d0:
         2f:e4:f7:25:65:9b:ca:7a:61:f3:cf:4d:cb:ca:f6:a0:8c:ca:
         92:af:4a:a4:eb:c7:fa:f2:65:40:cf:1d:98:51:16:82:34:fd:
         55:b1:e2:1f:5e:d0:24:90:ca:6b:a3:f8:7a:60:c5:20:17:3f:
         78:69:c6:cd:8a:b7:b6:88:c0:8f:74:ff:8f:37:c0:38:79:3b:
         12:75:b0:74:0c:0f:52:b1:4c:aa:b9:23:c0:31:1b:9f:e7:73:
         ef:3d:91:39:f4:64:9c:0c:95:4b:1b:7c:69:82:d1:0e:49:37:
         93:41:2f:a9:7f:20:f9:11:23:8e:5d:de:77:95:e8:ad:e7:b6:
         45:29:2b:6e:4b:1e:9c:0a:8f:38:57:3d:b0:39:b3:9c:77:2f:
         75:a8:a1:45:98:87:1f:56:9c:fa:0d:24:1e:17:a5:ac:62:d5:
         50:c8:b3:61:bc:5f:29:98:9f:55:4a:f6:1e:46:e1:b2:cc:ca:
         95:0c:bf:95
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY7H2NwAl7EWxm7H7lZ3+r2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDEwMTE1MTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODFhN2YwN2JlNWMzMTM4Y2I0M2MyYzE4YjI5YWE1NDY4NTQ0YmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6IH1+mtad6duSbvHSG3uR4rSNODb
fhvduHgECf7G3eVVn6zIjJzQ4JnN1c2IPU0RSribN9/jFlhE7ZrgUfRo3n07scKI
dFZHzEWbEF6+E81Ymy2ZsUoiJnuS22c2ytQXk8bDldkr6qSgPB83jliktan6TeHJ
VOgwHNbaahRlqMsP36Do0h1q4fk5y47YOhwkCduZEy7e60EvUq5MeDIo1DcPnlJc
AmK7qpZiRd7XmPfGR5+B9EBGcAyXS9bFCcj8mt3//pY4J1jD73LgErWaQzQG6DlK
7FUXoLQcgM41vEbByJWfAjNTkf1lkL2+Mp1LJK3WpPILrMn/0LjmUmQo8QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCgafwe+XDE4y0PCwYspqlRoVEumMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIzL2FjYTQ0
ZS04NDQ5LTQ3MWYtOGViZC01MmNjZjY1YmQ2N2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvYWNhNDRl
LTg0NDktNDcxZi04ZWJkLTUyY2NmNjViZDY3Yi8xL0tCcF9CNzVjTVRqTFE4TEJp
eW1xVkdoVVM2WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwC+1DANBgkqhkiG9w0BAQsFAAOCAQEAlvEUE7y+WQ+g
WNELXwhzeLoCB4W4bCtVpGhEw9SLqj7AtyP7OhulNlVLFp3nqIzsA6ZeelJXCG4U
8T0yrx2pAOdxDc5RxcPQL+T3JWWbynph889Ny8r2oIzKkq9KpOvH+vJlQM8dmFEW
gjT9VbHiH17QJJDKa6P4emDFIBc/eGnGzYq3tojAj3T/jzfAOHk7EnWwdAwPUrFM
qrkjwDEbn+dz7z2ROfRknAyVSxt8aYLRDkk3k0EvqX8g+REjjl3ed5Xoree2RSkr
bksenAqPOFc9sDmznHcvdaihRZiHH1ac+g0kHhelrGLVUMizYbxfKZifVUr2Hkbh
sszKlQy/lQ==
-----END CERTIFICATE-----