Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Mlp8NIFPL-pHteJHYzSsL2DBToM.cer
File:                     Mlp8NIFPL-pHteJHYzSsL2DBToM.cer (raw, json)
Hash identifier:          KjugxeLuy94UDVB6wV0zt+YSdeTan2YrohI/HImjwH8=
Subject key identifier:   32:5A:7C:34:81:4F:2F:EA:47:B5:E2:47:63:34:AC:2F:60:C1:4E:83
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F2FA22BDBDE7D34E43240F96191A7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a2/16ea5b-08ae-48c8-b537-1f7e5c4f7458/1/Mlp8NIFPL-pHteJHYzSsL2DBToM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a2/16ea5b-08ae-48c8-b537-1f7e5c4f7458/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:29:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 205635

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2f:a2:2b:db:de:7d:34:e4:32:40:f9:61:91:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=325a7c34814f2fea47b5e2476334ac2f60c14e83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:38:27:b4:8b:fa:ca:20:62:66:54:72:6e:a2:
                    bf:b7:3e:d9:1c:f9:1b:35:9a:53:11:af:3b:5e:12:
                    73:6e:1e:c4:24:76:5b:63:90:fd:af:b5:57:a4:7a:
                    7c:c7:aa:8d:fc:33:1e:cc:26:1e:ee:93:ff:90:a0:
                    2f:f5:a1:73:5e:9f:c4:26:6d:d0:ab:d9:aa:df:02:
                    a0:3d:cf:16:cc:02:32:ef:e1:6c:38:10:ac:29:fa:
                    a3:a3:db:57:ce:87:14:f7:2b:9e:84:ff:d1:57:b0:
                    b1:ae:56:25:5d:5d:ed:5b:35:c7:44:95:fc:57:7e:
                    dc:0f:1a:5c:59:32:fc:91:17:43:ef:ef:65:89:b3:
                    0e:8f:c9:c6:19:93:ae:69:f2:6c:96:41:b3:95:ad:
                    23:c5:70:68:73:ea:3b:08:e8:f8:f5:00:b0:31:98:
                    48:81:11:40:2c:47:38:b0:a7:c3:58:7d:62:17:13:
                    36:fd:8f:71:09:c5:21:fd:0c:43:9f:06:99:46:1d:
                    57:ea:b8:02:50:1a:ee:28:83:d2:db:61:c2:55:bf:
                    3c:ce:bf:b5:7c:a4:c9:ca:af:f5:ed:53:e5:f1:9a:
                    2b:e6:de:93:1f:5f:ad:cb:ac:90:f4:88:37:53:47:
                    aa:78:04:d7:d9:b0:34:15:59:9c:74:21:4b:99:fa:
                    25:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:5A:7C:34:81:4F:2F:EA:47:B5:E2:47:63:34:AC:2F:60:C1:4E:83
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/16ea5b-08ae-48c8-b537-1f7e5c4f7458/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/16ea5b-08ae-48c8-b537-1f7e5c4f7458/1/Mlp8NIFPL-pHteJHYzSsL2DBToM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205635

    Signature Algorithm: sha256WithRSAEncryption
         0b:61:b7:42:71:0b:f8:21:19:69:22:8b:d1:f2:dd:00:1b:8f:
         01:af:31:5f:ef:df:f4:0f:bc:7d:f1:00:17:45:11:07:1f:b0:
         84:8b:2c:8c:f4:e8:fb:85:7a:d9:80:f6:1c:be:b5:8c:29:f2:
         50:9f:14:8e:f8:ad:26:57:f4:cb:b4:39:8c:61:f6:db:5f:35:
         6a:68:27:66:1c:0e:a0:f3:c0:9b:63:27:3e:ed:98:dd:7f:1e:
         68:6c:97:21:b1:02:6a:77:26:da:d4:ae:d1:52:7a:5c:8f:e6:
         53:a2:84:25:70:b0:d5:24:cf:e5:4e:f8:1b:38:66:c1:38:d8:
         b3:54:de:4d:b7:c3:b1:a6:dc:31:9d:d5:23:0a:1c:73:53:71:
         e7:14:d2:00:e4:3d:36:c3:42:7f:cf:82:b9:e7:ca:50:84:68:
         5c:d9:7e:b0:a0:2d:f8:ca:97:0e:4c:6e:f3:19:a9:b9:62:e4:
         1d:37:59:7e:fd:ec:af:33:16:7d:74:19:1c:2c:46:7f:ba:6b:
         97:a5:a1:d2:e9:bd:16:3a:90:43:9a:ac:b6:1c:1b:f7:cf:1c:
         a3:d6:6d:5d:97:1e:eb:89:66:fe:bb:2f:fa:ab:4b:dc:63:23:
         f3:7c:b2:e8:14:18:9f:43:99:66:2c:06:c7:3c:49:6f:e9:8a:
         0a:77:2b:83
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIby+iK9vefTTkMkD5YZGnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjVhN2MzNDgxNGYyZmVhNDdiNWUyNDc2MzM0YWMyZjYwYzE0ZTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzgntIv6yiBiZlRybqK/tz7ZHPkb
NZpTEa87XhJzbh7EJHZbY5D9r7VXpHp8x6qN/DMezCYe7pP/kKAv9aFzXp/EJm3Q
q9mq3wKgPc8WzAIy7+FsOBCsKfqjo9tXzocU9yuehP/RV7CxrlYlXV3tWzXHRJX8
V37cDxpcWTL8kRdD7+9libMOj8nGGZOuafJslkGzla0jxXBoc+o7COj49QCwMZhI
gRFALEc4sKfDWH1iFxM2/Y9xCcUh/QxDnwaZRh1X6rgCUBruKIPS22HCVb88zr+1
fKTJyq/17VPl8Zor5t6TH1+ty6yQ9Ig3U0eqeATX2bA0FVmcdCFLmfolWwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDJafDSBTy/qR7XiR2M0rC9gwU6DMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EyLzE2ZWE1
Yi0wOGFlLTQ4YzgtYjUzNy0xZjdlNWM0Zjc0NTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIvMTZlYTVi
LTA4YWUtNDhjOC1iNTM3LTFmN2U1YzRmNzQ1OC8xL01scDhOSUZQTC1wSHRlSkhZ
elNzTDJEQlRvTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMjQzANBgkqhkiG9w0BAQsFAAOCAQEAC2G3QnEL+CEZ
aSKL0fLdABuPAa8xX+/f9A+8ffEAF0URBx+whIssjPTo+4V62YD2HL61jCnyUJ8U
jvitJlf0y7Q5jGH22181amgnZhwOoPPAm2MnPu2Y3X8eaGyXIbECancm2tSu0VJ6
XI/mU6KEJXCw1STP5U74GzhmwTjYs1TeTbfDsabcMZ3VIwocc1Nx5xTSAOQ9NsNC
f8+CuefKUIRoXNl+sKAt+MqXDkxu8xmpuWLkHTdZfv3srzMWfXQZHCxGf7prl6Wh
0um9FjqQQ5qsthwb988co9ZtXZce64lm/rsv+qtL3GMj83yy6BQYn0OZZiwGxzxJ
b+mKCncrgw==
-----END CERTIFICATE-----