Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PS0a2mFMaOF0xN7fVZlqlUMW6uY.cer
File:                     PS0a2mFMaOF0xN7fVZlqlUMW6uY.cer (raw, json)
Hash identifier:          mSxs9s6Cr5KLRI4oNEyBkoFXdZIPzbw/TTgrD7XBk9g=
Subject key identifier:   3D:2D:1A:DA:61:4C:68:E1:74:C4:DE:DF:55:99:6A:95:43:16:EA:E6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019428231CDB20D427BAF37C929245058A88
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9d/fcbfd7-d785-4b06-88c5-486cae041e0e/1/PS0a2mFMaOF0xN7fVZlqlUMW6uY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9d/fcbfd7-d785-4b06-88c5-486cae041e0e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 17:49:37 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208890
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:1c:db:20:d4:27:ba:f3:7c:92:92:45:05:8a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 17:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d2d1ada614c68e174c4dedf55996a954316eae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:38:86:a9:ca:da:b6:03:a0:d8:14:d8:f9:91:
                    7b:19:49:ba:ef:40:17:c6:d5:1c:5a:f9:36:f3:93:
                    d8:7a:0d:52:bd:3d:3e:ef:9f:0a:d2:82:d8:9c:eb:
                    40:4b:f1:e3:a8:4e:21:a6:29:43:19:4b:6e:3a:64:
                    58:1a:43:12:7b:cc:4a:a9:77:e4:cd:1b:71:ef:33:
                    bd:28:91:34:a2:78:d3:60:c2:d9:99:ec:12:f2:a6:
                    16:e6:ae:d8:f4:27:6e:ab:0c:5d:fb:c0:4b:a7:2d:
                    94:e5:84:00:c1:5c:c7:ec:ab:29:65:95:14:b9:a4:
                    78:c3:00:6f:4a:4f:4d:40:c6:7c:bb:d6:f4:b6:ae:
                    01:65:71:ae:27:9d:14:ce:62:e4:f0:e3:f4:db:2d:
                    e4:d4:cb:ad:b1:fc:a2:6e:11:e1:4f:9e:fe:d1:9d:
                    bb:1e:7d:e8:0e:b4:02:64:dd:4e:92:e5:40:46:24:
                    13:d6:a3:6a:75:2e:da:f4:65:4d:8b:80:ec:f5:80:
                    3d:b8:2d:60:c6:81:da:9c:85:77:ee:6c:20:0d:ad:
                    bf:3f:a0:a6:de:48:fe:b4:27:e1:41:95:4c:0e:79:
                    72:72:71:ac:e0:ec:0b:5d:3b:80:31:28:d6:95:b4:
                    8b:05:91:bd:0d:4c:fd:2f:2f:b8:7b:32:6a:7b:af:
                    44:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:2D:1A:DA:61:4C:68:E1:74:C4:DE:DF:55:99:6A:95:43:16:EA:E6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/fcbfd7-d785-4b06-88c5-486cae041e0e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/fcbfd7-d785-4b06-88c5-486cae041e0e/1/PS0a2mFMaOF0xN7fVZlqlUMW6uY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208890

    Signature Algorithm: sha256WithRSAEncryption
         30:9c:f7:ec:07:99:2e:8c:fc:25:75:f9:80:ab:b9:d0:85:06:
         e3:b2:50:35:6f:f9:61:15:16:8f:b7:d8:b0:d8:c5:db:e0:07:
         2e:c3:e0:c5:2c:84:85:4f:df:bc:73:0e:f7:aa:d2:f7:52:f8:
         4a:cd:37:7f:f4:e1:cc:ad:b8:31:fd:df:de:9a:05:27:d4:97:
         14:26:68:a4:1a:e3:1a:b6:7e:cd:29:1a:f3:53:4b:60:18:12:
         b8:ba:79:da:9c:de:49:2f:18:ae:da:2a:da:c4:13:6e:47:6b:
         fa:1c:0e:8c:9c:af:75:2e:a8:6a:78:12:37:38:40:c0:e0:66:
         0d:77:63:6b:8a:a1:98:2a:61:ea:4e:e3:77:f3:42:f7:ae:d2:
         73:09:14:5c:4a:4b:65:e9:ce:92:b4:cd:31:78:8c:49:8e:3d:
         86:0d:02:48:d3:9b:c9:e1:54:5f:2e:aa:1a:25:7c:c4:a1:49:
         b6:f4:d6:b3:78:c3:d7:c5:e2:fc:c3:e6:d1:b1:db:71:64:a9:
         0a:58:40:05:a5:8a:bf:00:af:94:65:7b:bd:1b:b7:3c:59:3b:
         96:eb:46:22:bc:84:9c:69:50:d5:22:23:2a:f4:3b:27:3a:e5:
         be:3a:f5:ed:4f:9b:b2:05:ef:12:b7:52:3c:5d:28:9a:e7:fd:
         07:8f:90:12
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQoIxzbINQnuvN8kpJFBYqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDJkMWFkYTYxNGM2OGUxNzRjNGRlZGY1NTk5NmE5NTQzMTZlYWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDiGqcratgOg2BTY+ZF7GUm670AX
xtUcWvk285PYeg1SvT0+758K0oLYnOtAS/HjqE4hpilDGUtuOmRYGkMSe8xKqXfk
zRtx7zO9KJE0onjTYMLZmewS8qYW5q7Y9Cduqwxd+8BLpy2U5YQAwVzH7KspZZUU
uaR4wwBvSk9NQMZ8u9b0tq4BZXGuJ50UzmLk8OP02y3k1MutsfyibhHhT57+0Z27
Hn3oDrQCZN1OkuVARiQT1qNqdS7a9GVNi4Ds9YA9uC1gxoHanIV37mwgDa2/P6Cm
3kj+tCfhQZVMDnlycnGs4OwLXTuAMSjWlbSLBZG9DUz9Ly+4ezJqe69E2wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFD0tGtphTGjhdMTe31WZapVDFurmMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlkL2ZjYmZk
Ny1kNzg1LTRiMDYtODhjNS00ODZjYWUwNDFlMGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvZmNiZmQ3
LWQ3ODUtNGIwNi04OGM1LTQ4NmNhZTA0MWUwZS8xL1BTMGEybUZNYU9GMHhON2ZW
WmxxbFVNVzZ1WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMv+jANBgkqhkiG9w0BAQsFAAOCAQEAMJz37AeZLoz8
JXX5gKu50IUG47JQNW/5YRUWj7fYsNjF2+AHLsPgxSyEhU/fvHMO96rS91L4Ss03
f/ThzK24Mf3f3poFJ9SXFCZopBrjGrZ+zSka81NLYBgSuLp52pzeSS8Yrtoq2sQT
bkdr+hwOjJyvdS6oangSNzhAwOBmDXdja4qhmCph6k7jd/NC967ScwkUXEpLZenO
krTNMXiMSY49hg0CSNObyeFUXy6qGiV8xKFJtvTWs3jD18Xi/MPm0bHbcWSpClhA
BaWKvwCvlGV7vRu3PFk7lutGIryEnGlQ1SIjKvQ7Jzrlvjr17U+bsgXvErdSPF0o
muf9B4+QEg==
-----END CERTIFICATE-----