Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NO2iVBz8z2guKd2uYx7cjR57b2A.cer
File:                     NO2iVBz8z2guKd2uYx7cjR57b2A.cer (raw, json)
Hash identifier:          ddhrWPZMVl35q/WSnau38J4uS+LSKfGUUHuR9xMgAQg=
Subject key identifier:   34:ED:A2:54:1C:FC:CF:68:2E:29:DD:AE:63:1E:DC:8D:1E:7B:6F:60
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC03CDE80D9E57EC0D8F61541BBDE1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b7/c7244e-b103-43b1-912f-aa632ddb7615/1/NO2iVBz8z2guKd2uYx7cjR57b2A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b7/c7244e-b103-43b1-912f-aa632ddb7615/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216101

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:03:cd:e8:0d:9e:57:ec:0d:8f:61:54:1b:bd:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34eda2541cfccf682e29ddae631edc8d1e7b6f60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3f:84:ae:f9:30:85:c5:dc:81:0c:d6:c2:3a:
                    f0:5c:4e:27:98:d8:a0:8e:7f:d4:31:37:53:6e:3a:
                    b3:94:0a:3e:0c:15:4a:b8:e2:63:91:59:7e:de:03:
                    3b:30:e9:3a:e2:90:3d:cc:e6:15:4d:b8:91:01:9a:
                    d6:00:06:c7:4f:8a:7f:e9:01:df:ab:82:2a:ae:b2:
                    0e:91:20:c4:c9:54:90:27:c4:04:32:ac:4e:e7:8a:
                    fa:fa:7e:44:62:42:e6:5f:43:23:d1:5d:1a:e2:95:
                    eb:56:c1:e1:74:b5:d6:dc:16:af:a0:56:68:9a:fa:
                    4f:73:4f:12:b0:a1:be:67:86:a3:65:e2:e5:d4:eb:
                    8c:ff:4a:35:c0:a4:41:7b:97:07:84:62:3e:e6:1f:
                    d1:33:55:9b:ee:9e:ce:70:ac:fc:e7:9e:9c:5f:0d:
                    da:54:c5:e6:37:d5:ba:f6:c1:2c:35:0b:f8:6c:bd:
                    9d:91:4e:5a:f5:03:f4:de:46:db:61:e4:ee:df:32:
                    5c:cc:66:20:3b:63:d1:5e:dd:70:52:43:9f:13:97:
                    72:e0:f2:3c:5d:f7:4e:bd:9f:d6:5d:1b:e7:96:1c:
                    a3:4d:fe:a0:ec:94:71:f5:ac:a5:20:18:a5:ba:5e:
                    b1:b3:df:e2:2f:f7:05:ae:7f:1a:bd:e3:e8:74:a5:
                    57:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:ED:A2:54:1C:FC:CF:68:2E:29:DD:AE:63:1E:DC:8D:1E:7B:6F:60
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/c7244e-b103-43b1-912f-aa632ddb7615/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/c7244e-b103-43b1-912f-aa632ddb7615/1/NO2iVBz8z2guKd2uYx7cjR57b2A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216101

    Signature Algorithm: sha256WithRSAEncryption
         6a:1d:dc:da:18:bc:f2:a8:ad:0b:b6:35:cf:4d:dd:64:24:b1:
         e5:2c:87:f8:86:17:1b:9e:4c:73:08:02:1a:29:48:57:2a:b8:
         01:83:6b:6e:9c:b0:4e:0b:11:15:95:79:95:b9:69:fb:fd:52:
         29:08:00:67:9d:c1:89:25:3b:6a:bc:93:3f:f2:78:87:35:11:
         55:57:79:e5:a9:b2:f2:c9:43:d5:05:b0:1e:57:86:40:be:92:
         fe:d6:50:67:1a:72:2e:df:26:1e:87:05:a2:3e:06:8e:6c:7a:
         9f:c9:ba:8f:db:92:b7:98:5b:29:b9:b8:69:d8:6a:a8:0d:f5:
         a4:46:40:2a:96:ac:64:fd:bc:f9:2d:d6:e9:27:ba:c4:d3:72:
         fb:52:6e:37:e6:3b:86:3c:65:12:1e:3d:78:66:59:b3:cb:37:
         cd:19:34:e2:8d:01:86:e6:15:61:1a:7e:fd:20:25:0a:66:b6:
         d4:4f:bd:cd:b9:69:f6:ed:75:7b:66:12:29:2b:ef:10:04:e5:
         79:f3:be:bf:9c:c3:fb:ca:b2:e7:4a:e7:e0:a5:8a:5a:e3:93:
         b3:38:4e:02:c6:69:90:54:4f:f9:0e:05:30:dc:3d:36:ca:c3:
         44:df:fd:22:9a:fb:7b:f2:ab:3b:7f:ab:8f:a1:57:d4:16:84:
         95:e4:e8:cd
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzF3APN6A2eV+wNj2FUG73hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGVkYTI1NDFjZmNjZjY4MmUyOWRkYWU2MzFlZGM4ZDFlN2I2ZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5D+ErvkwhcXcgQzWwjrwXE4nmNig
jn/UMTdTbjqzlAo+DBVKuOJjkVl+3gM7MOk64pA9zOYVTbiRAZrWAAbHT4p/6QHf
q4IqrrIOkSDEyVSQJ8QEMqxO54r6+n5EYkLmX0Mj0V0a4pXrVsHhdLXW3BavoFZo
mvpPc08SsKG+Z4ajZeLl1OuM/0o1wKRBe5cHhGI+5h/RM1Wb7p7OcKz8556cXw3a
VMXmN9W69sEsNQv4bL2dkU5a9QP03kbbYeTu3zJczGYgO2PRXt1wUkOfE5dy4PI8
XfdOvZ/WXRvnlhyjTf6g7JRx9aylIBilul6xs9/iL/cFrn8avePodKVXDwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDTtolQc/M9oLindrmMe3I0ee29gMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I3L2M3MjQ0
ZS1iMTAzLTQzYjEtOTEyZi1hYTYzMmRkYjc2MTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjcvYzcyNDRl
LWIxMDMtNDNiMS05MTJmLWFhNjMyZGRiNzYxNS8xL05PMmlWQno4ejJndUtkMnVZ
eDdjalI1N2IyQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNMJTANBgkqhkiG9w0BAQsFAAOCAQEAah3c2hi88qit
C7Y1z03dZCSx5SyH+IYXG55McwgCGilIVyq4AYNrbpywTgsRFZV5lblp+/1SKQgA
Z53BiSU7aryTP/J4hzURVVd55amy8slD1QWwHleGQL6S/tZQZxpyLt8mHocFoj4G
jmx6n8m6j9uSt5hbKbm4adhqqA31pEZAKpasZP28+S3W6Se6xNNy+1JuN+Y7hjxl
Eh49eGZZs8s3zRk04o0BhuYVYRp+/SAlCma21E+9zblp9u11e2YSKSvvEATlefO+
v5zD+8qy50rn4KWKWuOTszhOAsZpkFRP+Q4FMNw9NsrDRN/9Ipr7e/KrO3+rj6FX
1BaEleTozQ==
-----END CERTIFICATE-----