Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PDJlBkzF3ftGqdfOv-XP8XFNOmw.cer
File:                     PDJlBkzF3ftGqdfOv-XP8XFNOmw.cer (raw, json)
Hash identifier:          N75O0zZqta9sIqxGDIqJuRMA5elk3CxuWFNg2cRLaOE=
Subject key identifier:   3C:32:65:06:4C:C5:DD:FB:46:A9:D7:CE:BF:E5:CF:F1:71:4D:3A:6C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7932F413B57B7BB6ABDA603D516BF4B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/37/24129b-eec6-4eb5-ba83-9bf9249bb30e/1/PDJlBkzF3ftGqdfOv-XP8XFNOmw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/37/24129b-eec6-4eb5-ba83-9bf9249bb30e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48605

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:2f:41:3b:57:b7:bb:6a:bd:a6:03:d5:16:bf:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c3265064cc5ddfb46a9d7cebfe5cff1714d3a6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:75:aa:9b:fd:a7:6b:97:4b:72:7f:04:a0:aa:
                    5f:6b:47:7e:de:9b:b0:5e:86:66:cc:eb:6f:49:76:
                    92:ad:cb:0f:95:5c:06:6e:17:05:a8:01:5d:fd:12:
                    f2:1a:49:28:03:96:97:b4:02:d8:55:ba:6f:90:42:
                    7f:f6:73:47:47:34:7c:a5:4e:61:40:9f:20:47:92:
                    b0:e8:1f:3e:36:09:6a:45:08:3d:45:b7:67:7b:40:
                    d1:89:3e:84:ce:be:57:ea:a2:88:cd:24:03:40:72:
                    a0:4f:8b:e9:ae:ee:32:4a:08:23:0d:72:ae:67:bb:
                    c7:bd:8a:7c:0a:6f:b7:a0:6d:19:30:0f:4a:37:e4:
                    f5:40:64:85:c6:59:e1:f6:10:52:25:01:5b:af:10:
                    63:f9:6a:bb:d2:a5:ef:1f:ac:36:77:cf:a3:0f:79:
                    b0:04:16:ee:37:66:4b:ac:de:54:41:c4:72:d8:17:
                    c6:a5:d9:73:2c:f9:bb:d1:d3:7e:b3:b8:41:84:4a:
                    a6:4e:42:1c:f0:c0:52:b7:c1:34:78:3b:05:a9:d5:
                    06:aa:3b:55:dd:4c:92:f2:ad:3c:47:3d:1d:bd:83:
                    59:94:87:04:68:8a:42:a0:2c:b8:c9:be:34:24:9e:
                    06:11:d1:04:a9:84:4c:b5:6a:3c:61:95:94:2b:98:
                    34:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:32:65:06:4C:C5:DD:FB:46:A9:D7:CE:BF:E5:CF:F1:71:4D:3A:6C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/24129b-eec6-4eb5-ba83-9bf9249bb30e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/24129b-eec6-4eb5-ba83-9bf9249bb30e/1/PDJlBkzF3ftGqdfOv-XP8XFNOmw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48605

    Signature Algorithm: sha256WithRSAEncryption
         76:7c:f0:09:54:89:ca:e4:40:09:37:2f:22:d4:12:0e:a7:3a:
         d8:7e:ad:5e:80:d8:0c:f3:d2:00:9f:a6:d9:fe:85:54:4e:77:
         53:2c:1e:56:dd:e9:94:c4:44:b5:b4:18:28:ef:9d:36:d4:41:
         44:ac:ba:61:03:08:e9:1e:27:9e:45:7b:1f:74:97:56:7c:23:
         bb:c0:b2:b0:57:9e:88:e9:9e:4f:2f:96:a6:c5:f0:c0:e5:7b:
         f1:89:55:ac:ee:0f:46:de:4e:e4:41:53:63:63:73:9b:29:1b:
         c6:59:73:eb:95:c4:4b:7d:2f:17:05:97:10:dd:8c:4c:bc:0c:
         88:c5:49:cf:e1:9a:5f:6d:aa:18:c6:38:a2:b8:c7:64:ed:b9:
         23:c7:13:97:28:00:cc:8e:d2:1e:33:32:d4:8b:c0:8f:ca:75:
         d8:7a:d1:8a:f8:93:b9:f2:10:c4:3c:0c:9d:73:f0:0b:a5:a8:
         1a:84:88:00:0c:26:59:39:67:f9:d0:4f:18:8c:e3:5f:82:77:
         c7:57:20:b2:dd:bb:1f:eb:94:26:f4:27:25:57:81:d9:a3:76:
         26:d1:6b:f4:16:c0:56:93:b4:5b:56:da:f1:8a:6a:f7:f1:41:
         1e:7c:75:0a:57:84:f2:ed:7a:4c:4e:aa:9f:fa:9e:fe:79:a2:
         ef:c0:f7:f4
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHky9BO1e3u2q9pgPVFr9LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzMyNjUwNjRjYzVkZGZiNDZhOWQ3Y2ViZmU1Y2ZmMTcxNGQzYTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHWqm/2na5dLcn8EoKpfa0d+3puw
XoZmzOtvSXaSrcsPlVwGbhcFqAFd/RLyGkkoA5aXtALYVbpvkEJ/9nNHRzR8pU5h
QJ8gR5Kw6B8+NglqRQg9Rbdne0DRiT6Ezr5X6qKIzSQDQHKgT4vpru4ySggjDXKu
Z7vHvYp8Cm+3oG0ZMA9KN+T1QGSFxlnh9hBSJQFbrxBj+Wq70qXvH6w2d8+jD3mw
BBbuN2ZLrN5UQcRy2BfGpdlzLPm70dN+s7hBhEqmTkIc8MBSt8E0eDsFqdUGqjtV
3UyS8q08Rz0dvYNZlIcEaIpCoCy4yb40JJ4GEdEEqYRMtWo8YZWUK5g0kQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDwyZQZMxd37RqnXzr/lz/FxTTpsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM3LzI0MTI5
Yi1lZWM2LTRlYjUtYmE4My05YmY5MjQ5YmIzMGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvMjQxMjli
LWVlYzYtNGViNS1iYTgzLTliZjkyNDliYjMwZS8xL1BESmxCa3pGM2Z0R3FkZk92
LVhQOFhGTk9tdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwC93TANBgkqhkiG9w0BAQsFAAOCAQEAdnzwCVSJyuRA
CTcvItQSDqc62H6tXoDYDPPSAJ+m2f6FVE53UyweVt3plMREtbQYKO+dNtRBRKy6
YQMI6R4nnkV7H3SXVnwju8CysFeeiOmeTy+WpsXwwOV78YlVrO4PRt5O5EFTY2Nz
mykbxllz65XES30vFwWXEN2MTLwMiMVJz+GaX22qGMY4orjHZO25I8cTlygAzI7S
HjMy1IvAj8p12HrRiviTufIQxDwMnXPwC6WoGoSIAAwmWTln+dBPGIzjX4J3x1cg
st27H+uUJvQnJVeB2aN2JtFr9BbAVpO0W1ba8Ypq9/FBHnx1CleE8u16TE6qn/qe
/nmi78D39A==
-----END CERTIFICATE-----