Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Kv11TzB3zWDwCb4CbJCE5XKXBmA.cer
File:                     Kv11TzB3zWDwCb4CbJCE5XKXBmA.cer (raw, json)
Hash identifier:          Y45VoLBApggKFNGkDpRiJl42K+ES57KHSHOFWy/Qn00=
Subject key identifier:   2A:FD:75:4F:30:77:CD:60:F0:09:BE:02:6C:90:84:E5:72:97:06:60
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0190ABAF700833D1E219CAE914B452AEC2E6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3e/1986cc-e350-415a-ad73-b4013db8b7c1/1/Kv11TzB3zWDwCb4CbJCE5XKXBmA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3e/1986cc-e350-415a-ad73-b4013db8b7c1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 13 Jul 2024 10:41:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214753

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ab:af:70:08:33:d1:e2:19:ca:e9:14:b4:52:ae:c2:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 13 10:41:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2afd754f3077cd60f009be026c9084e572970660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0d:0c:5b:57:17:f9:55:c3:dc:1b:f7:c7:ac:
                    02:55:96:2f:4a:43:69:15:90:15:09:56:c0:19:c6:
                    0c:e0:0b:4e:15:ca:b5:8a:e0:76:b9:10:95:c4:8a:
                    08:62:6f:5b:5c:76:ba:20:8e:f8:07:a3:fd:9a:19:
                    21:f4:de:54:fd:7e:6c:b7:fb:dc:14:99:a8:ba:28:
                    d1:10:3c:31:03:e9:14:8c:a7:e7:00:70:fa:83:e9:
                    a0:e5:a1:cd:b3:e3:26:e5:fd:e2:f5:9c:25:fc:ca:
                    9d:25:b6:d1:9a:94:ab:2a:dc:9b:2d:c0:83:f5:ee:
                    1b:f4:fe:48:b8:99:6c:38:78:90:3d:a4:ae:dc:cb:
                    ff:08:f7:9c:9a:a4:29:e0:f0:f8:8e:b7:50:b6:79:
                    a2:c6:e6:51:3d:0a:73:65:5c:54:9f:e5:a8:6e:bd:
                    6f:2c:8f:25:c2:29:59:6b:43:52:63:0e:90:4a:7b:
                    fd:d5:48:c4:94:c6:35:ac:2d:72:7c:92:18:f6:51:
                    68:e4:22:b9:be:bd:c0:90:53:7a:b3:a1:7f:d9:15:
                    fd:55:31:2e:80:41:98:1b:8a:f4:9a:22:4f:3f:77:
                    fa:1f:53:f8:2a:b8:f1:35:06:db:b0:17:a5:b1:3d:
                    61:24:28:05:5a:2f:03:65:e0:f5:aa:cf:44:65:42:
                    34:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:FD:75:4F:30:77:CD:60:F0:09:BE:02:6C:90:84:E5:72:97:06:60
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/1986cc-e350-415a-ad73-b4013db8b7c1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/1986cc-e350-415a-ad73-b4013db8b7c1/1/Kv11TzB3zWDwCb4CbJCE5XKXBmA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214753

    Signature Algorithm: sha256WithRSAEncryption
         97:bc:fd:a4:9d:f3:3e:67:9f:fe:07:c7:80:88:d9:82:3b:a6:
         4b:33:80:df:20:7e:48:34:f5:9c:8d:4c:c7:f1:a8:ec:b0:96:
         36:41:06:dc:09:3f:75:0c:dd:b9:d8:9a:7b:1a:5d:e9:20:3a:
         08:11:9d:64:2c:95:9e:69:a7:d5:83:b2:a7:9f:b6:93:cc:a5:
         83:0a:05:98:7c:e4:61:11:b3:73:40:a2:fc:eb:f7:f1:d3:bc:
         2d:b9:bf:aa:e0:1b:30:7b:62:b2:ab:08:2a:08:e9:23:fa:d3:
         ea:4a:54:b7:c0:71:07:a7:d2:10:76:4a:9a:44:24:b1:5b:0f:
         a8:03:8c:90:77:9b:e7:ba:bd:41:c8:ad:5c:50:e2:dc:19:43:
         b9:5a:c8:5b:2e:01:c5:17:65:5c:ad:e2:4d:e9:96:53:4a:d0:
         a9:41:b2:2e:e2:93:a8:c1:6d:4a:cb:f0:71:e0:70:39:0f:9e:
         88:7f:2f:cf:ed:ca:00:c6:32:3f:a8:b3:74:0e:7d:e2:ca:47:
         2c:8c:4e:32:4b:07:52:34:8b:70:9d:79:76:37:e1:2e:5b:41:
         f8:16:32:ff:91:f6:18:9e:bd:2c:6a:0e:ba:5d:a3:9e:7d:bd:
         14:f7:d4:30:38:89:3f:8e:e8:d8:f4:e0:ab:cb:86:d3:0a:1b:
         76:de:95:d7
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZCrr3AIM9HiGcrpFLRSrsLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzEzMTA0MTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWZkNzU0ZjMwNzdjZDYwZjAwOWJlMDI2YzkwODRlNTcyOTcwNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0g0MW1cX+VXD3Bv3x6wCVZYvSkNp
FZAVCVbAGcYM4AtOFcq1iuB2uRCVxIoIYm9bXHa6II74B6P9mhkh9N5U/X5st/vc
FJmouijREDwxA+kUjKfnAHD6g+mg5aHNs+Mm5f3i9Zwl/MqdJbbRmpSrKtybLcCD
9e4b9P5IuJlsOHiQPaSu3Mv/CPecmqQp4PD4jrdQtnmixuZRPQpzZVxUn+Wobr1v
LI8lwilZa0NSYw6QSnv91UjElMY1rC1yfJIY9lFo5CK5vr3AkFN6s6F/2RX9VTEu
gEGYG4r0miJPP3f6H1P4KrjxNQbbsBelsT1hJCgFWi8DZeD1qs9EZUI0EwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCr9dU8wd81g8Am+AmyQhOVylwZgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNlLzE5ODZj
Yy1lMzUwLTQxNWEtYWQ3My1iNDAxM2RiOGI3YzEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMTk4NmNj
LWUzNTAtNDE1YS1hZDczLWI0MDEzZGI4YjdjMS8xL0t2MTFUekIzeldEd0NiNENi
SkNFNVhLWEJtQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNG4TANBgkqhkiG9w0BAQsFAAOCAQEAl7z9pJ3zPmef
/gfHgIjZgjumSzOA3yB+SDT1nI1Mx/Go7LCWNkEG3Ak/dQzdudiaexpd6SA6CBGd
ZCyVnmmn1YOyp5+2k8ylgwoFmHzkYRGzc0Ci/Ov38dO8Lbm/quAbMHtisqsIKgjp
I/rT6kpUt8BxB6fSEHZKmkQksVsPqAOMkHeb57q9QcitXFDi3BlDuVrIWy4BxRdl
XK3iTemWU0rQqUGyLuKTqMFtSsvwceBwOQ+eiH8vz+3KAMYyP6izdA594spHLIxO
MksHUjSLcJ15djfhLltB+BYy/5H2GJ69LGoOul2jnn29FPfUMDiJP47o2PTgq8uG
0wobdt6V1w==
-----END CERTIFICATE-----