Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Pzb_0WIVIeks8ueBQZDTolPgBjc.cer
File:                     Pzb_0WIVIeks8ueBQZDTolPgBjc.cer (raw, json)
Hash identifier:          nGlsIufSBb0U77ItgrCTbc/nwzCYgEP/Qs3ZpgrbZJs=
Subject key identifier:   3F:36:FF:D1:62:15:21:E9:2C:F2:E7:81:41:90:D3:A2:53:E0:06:37
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018E595727F70BADDFAAA984B324500F01FE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/Pzb_0WIVIeks8ueBQZDTolPgBjc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 20 Mar 2024 00:51:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215286
                          IP: 2001:678:110::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:59:57:27:f7:0b:ad:df:aa:a9:84:b3:24:50:0f:01:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 20 00:51:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f36ffd1621521e92cf2e7814190d3a253e00637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f6:8c:37:20:1a:32:1c:f1:e7:f3:6a:4c:87:
                    76:f9:f9:ad:f8:01:ac:8b:4d:3a:a7:f4:8e:ac:e3:
                    07:b3:af:5d:9a:23:a1:c3:75:b1:41:27:37:46:5c:
                    d2:9f:10:ed:5b:bc:eb:4d:a6:89:7a:a3:8c:f0:e4:
                    e1:a7:a2:f1:73:8a:d8:1e:d1:99:90:04:44:14:8b:
                    14:bd:04:fb:04:94:62:7f:0a:59:39:54:03:d8:b8:
                    15:09:36:73:29:73:bb:52:e1:d3:e7:0d:1a:49:24:
                    8b:6f:c4:bb:95:fe:13:04:ba:44:04:2d:61:0a:a2:
                    82:46:f4:fb:68:bc:70:82:46:dd:43:14:e0:86:fd:
                    43:1f:7a:9d:5f:42:ed:30:c1:c7:a8:ff:d2:99:03:
                    29:ea:f0:eb:3d:58:08:25:6d:e3:d0:9e:52:4b:81:
                    6f:3e:b8:9f:2b:2b:2d:fc:aa:ff:5b:e2:9d:aa:04:
                    a9:bd:ee:cf:c1:f7:eb:b5:21:81:fe:cc:9f:5b:5e:
                    26:34:04:c5:22:cb:a5:64:69:81:ec:73:82:47:49:
                    03:b5:eb:83:42:04:a1:11:bd:4d:6b:dd:71:11:95:
                    ea:88:d0:8e:dc:7c:22:9a:37:68:15:69:37:c3:dd:
                    0e:c9:9e:6f:17:50:4d:0f:f9:07:2b:79:f1:31:3e:
                    2a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:36:FF:D1:62:15:21:E9:2C:F2:E7:81:41:90:D3:A2:53:E0:06:37
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/Pzb_0WIVIeks8ueBQZDTolPgBjc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:110::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215286

    Signature Algorithm: sha256WithRSAEncryption
         a6:fd:65:b8:89:12:1e:07:12:d1:9e:15:de:66:a4:b3:7e:93:
         19:22:b3:74:78:96:88:3c:0d:da:d3:f9:84:a0:d2:b4:03:da:
         2d:b6:43:28:d6:21:6b:e9:0e:ee:ff:ff:cb:7d:c9:ba:66:95:
         d0:9e:59:e8:c6:7c:00:f7:d9:07:a3:dd:7d:de:b3:94:5a:68:
         9c:16:65:27:e7:3a:78:dd:39:c0:d3:37:68:80:4a:a9:cd:b3:
         ad:f2:18:8d:08:a3:ad:6c:fe:d5:74:11:fe:40:b2:19:20:75:
         b7:b8:2e:94:c4:0b:8d:da:fe:0f:8d:09:b0:94:c4:3b:35:06:
         29:e8:9b:29:43:d4:ce:70:b9:95:7b:5b:c9:0f:57:2f:25:34:
         ed:72:b5:2d:98:d0:f1:eb:e5:3d:7c:0e:b0:1f:1a:8a:c0:8c:
         1a:47:36:76:37:ef:4b:4a:5e:cd:81:63:04:2e:98:29:23:89:
         57:e2:eb:7b:b5:c7:b0:59:64:37:ad:db:a5:01:3e:32:ca:e7:
         b2:fc:d0:8d:b7:94:84:4e:d8:2e:95:09:29:ee:a7:ba:fd:e9:
         6e:12:d9:ff:01:26:f5:04:c6:b8:74:55:d3:aa:63:bc:83:77:
         cc:1e:b5:62:5d:fd:d7:13:e9:f2:90:23:58:7d:71:0d:e3:c3:
         43:8c:09:99
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAY5ZVyf3C63fqqmEsyRQDwH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMzIwMDA1MTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjM2ZmZkMTYyMTUyMWU5MmNmMmU3ODE0MTkwZDNhMjUzZTAwNjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/aMNyAaMhzx5/NqTId2+fmt+AGs
i006p/SOrOMHs69dmiOhw3WxQSc3RlzSnxDtW7zrTaaJeqOM8OThp6Lxc4rYHtGZ
kAREFIsUvQT7BJRifwpZOVQD2LgVCTZzKXO7UuHT5w0aSSSLb8S7lf4TBLpEBC1h
CqKCRvT7aLxwgkbdQxTghv1DH3qdX0LtMMHHqP/SmQMp6vDrPVgIJW3j0J5SS4Fv
PrifKyst/Kr/W+KdqgSpve7PwffrtSGB/syfW14mNATFIsulZGmB7HOCR0kDteuD
QgShEb1Na91xEZXqiNCO3HwimjdoFWk3w90OyZ5vF1BND/kHK3nxMT4qnQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFD82/9FiFSHpLPLngUGQ06JT4AY3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZjLzA1MWI4
Mi0wNmM5LTQ4YjctYjU0OC05OGQ1ZTVkOTA0NzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmMvMDUxYjgy
LTA2YzktNDhiNy1iNTQ4LTk4ZDVlNWQ5MDQ3My8xL1B6Yl8wV0lWSWVrczh1ZUJR
WkRUb2xQZ0JqYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAEQMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNI9jANBgkqhkiG9w0BAQsFAAOCAQEApv1luIkSHgcS0Z4V3maks36TGSKz
dHiWiDwN2tP5hKDStAPaLbZDKNYha+kO7v//y33JumaV0J5Z6MZ8APfZB6Pdfd6z
lFponBZlJ+c6eN05wNM3aIBKqc2zrfIYjQijrWz+1XQR/kCyGSB1t7gulMQLjdr+
D40JsJTEOzUGKeibKUPUznC5lXtbyQ9XLyU07XK1LZjQ8evlPXwOsB8aisCMGkc2
djfvS0pezYFjBC6YKSOJV+Lre7XHsFlkN63bpQE+MsrnsvzQjbeUhE7YLpUJKe6n
uv3pbhLZ/wEm9QTGuHRV06pjvIN3zB61Yl391xPp8pAjWH1xDePDQ4wJmQ==
-----END CERTIFICATE-----