Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QDxEw1yTwSM_BWMIwgNOcTDrmjc.cer
File:                     QDxEw1yTwSM_BWMIwgNOcTDrmjc.cer (raw, json)
Hash identifier:          KlCTZ2PDCunqOHO22cbrgLkNhkLMO7xbtQbAyzhiyHE=
Subject key identifier:   40:3C:44:C3:5C:93:C1:23:3F:05:63:08:C2:03:4E:71:30:EB:9A:37
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01910ECC7E1046F6517B1D00473B3A4DEAEE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9f/198eca-b029-428c-b1c9-a04823cefc64/1/QDxEw1yTwSM_BWMIwgNOcTDrmjc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9f/198eca-b029-428c-b1c9-a04823cefc64/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Aug 2024 16:36:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202952

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0e:cc:7e:10:46:f6:51:7b:1d:00:47:3b:3a:4d:ea:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug  1 16:36:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=403c44c35c93c1233f056308c2034e7130eb9a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:90:6e:b4:bc:26:7f:3a:97:ed:f6:11:cb:81:
                    db:71:b6:35:d1:c1:e0:55:b5:12:e3:a3:85:e8:45:
                    34:75:80:10:1e:0d:2d:5f:c8:85:0b:c1:93:22:50:
                    4d:dd:7a:15:c5:d5:60:32:80:2a:ef:d8:ac:17:bb:
                    4e:81:a8:bc:a6:fe:3e:f6:98:24:36:21:71:e5:ad:
                    85:e9:fe:d1:09:13:08:3d:f3:e6:60:b3:03:06:ff:
                    86:9b:a0:74:41:be:f2:eb:12:ec:e4:e2:73:ba:10:
                    71:1e:56:cf:e0:97:ad:9d:f2:c6:2a:20:74:14:07:
                    06:0c:6f:cf:20:99:76:aa:5c:55:01:20:90:4d:63:
                    3c:66:ac:39:17:f1:ad:8e:3d:61:b1:39:79:59:38:
                    bb:db:e2:6c:b9:16:80:e5:47:c7:ba:a7:65:ec:8f:
                    16:d5:f7:92:9c:61:d5:a4:38:36:9a:ab:68:32:85:
                    6d:27:1c:ae:2c:68:32:56:88:3f:ee:4e:07:59:c1:
                    67:a3:e5:93:80:75:8e:33:6f:08:3e:ea:b8:19:0c:
                    0f:ea:cd:57:8e:db:f8:81:b3:2b:80:5e:14:dd:b6:
                    b6:4e:66:18:f1:b5:db:9b:de:f8:3a:a4:9b:6f:c4:
                    d5:a0:32:71:8b:93:da:2c:a7:00:13:56:53:38:13:
                    82:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:3C:44:C3:5C:93:C1:23:3F:05:63:08:C2:03:4E:71:30:EB:9A:37
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/198eca-b029-428c-b1c9-a04823cefc64/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/198eca-b029-428c-b1c9-a04823cefc64/1/QDxEw1yTwSM_BWMIwgNOcTDrmjc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202952

    Signature Algorithm: sha256WithRSAEncryption
         5d:be:bc:6c:32:24:3a:2b:f4:12:5b:c9:b3:c4:1b:02:33:ef:
         e7:bb:cf:09:99:8a:90:24:df:39:87:1d:43:58:89:02:3e:35:
         d1:93:5c:c9:b7:6f:ef:32:18:f5:91:90:6c:d1:e5:3b:5f:59:
         ed:62:70:67:01:6e:7f:dc:e3:8f:c8:9e:a9:87:db:87:7c:49:
         d4:2f:71:5c:77:fc:7d:d4:75:8f:4a:69:a5:83:77:0f:e1:44:
         fd:8e:3f:51:32:f9:53:53:60:c8:95:6c:35:34:c0:04:42:bc:
         c6:ed:8a:07:49:f1:d7:73:8b:ac:c7:f7:07:db:23:fb:01:b4:
         20:00:81:97:49:bd:42:81:2b:d8:0d:49:6f:ba:75:22:c8:a3:
         1c:1c:1f:f0:a1:f6:01:6e:46:87:a8:9d:49:81:c2:1b:6a:67:
         ef:7b:ff:8d:68:37:2b:ac:2c:e2:6c:51:7b:a7:3e:6b:1a:7e:
         bf:ab:d1:af:36:ce:07:7d:aa:27:b8:99:54:a9:2f:a2:34:9a:
         ad:96:36:7a:5f:67:a3:a9:ee:30:83:28:7a:74:be:46:17:5c:
         d6:5a:35:3c:43:e1:34:0f:c9:e6:71:f6:77:b9:55:6d:79:0c:
         bc:6a:5d:ec:b6:d3:26:d8:27:b6:ac:da:49:1d:d8:75:78:2b:
         12:71:a8:0e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZEOzH4QRvZRex0ARzs6TeruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODAxMTYzNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDNjNDRjMzVjOTNjMTIzM2YwNTYzMDhjMjAzNGU3MTMwZWI5YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpButLwmfzqX7fYRy4HbcbY10cHg
VbUS46OF6EU0dYAQHg0tX8iFC8GTIlBN3XoVxdVgMoAq79isF7tOgai8pv4+9pgk
NiFx5a2F6f7RCRMIPfPmYLMDBv+Gm6B0Qb7y6xLs5OJzuhBxHlbP4JetnfLGKiB0
FAcGDG/PIJl2qlxVASCQTWM8Zqw5F/Gtjj1hsTl5WTi72+JsuRaA5UfHuqdl7I8W
1feSnGHVpDg2mqtoMoVtJxyuLGgyVog/7k4HWcFno+WTgHWOM28IPuq4GQwP6s1X
jtv4gbMrgF4U3ba2TmYY8bXbm974OqSbb8TVoDJxi5PaLKcAE1ZTOBOCBQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFEA8RMNck8EjPwVjCMIDTnEw65o3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlmLzE5OGVj
YS1iMDI5LTQyOGMtYjFjOS1hMDQ4MjNjZWZjNjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWYvMTk4ZWNh
LWIwMjktNDI4Yy1iMWM5LWEwNDgyM2NlZmM2NC8xL1FEeEV3MXlUd1NNX0JXTUl3
Z05PY1REcm1qYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMYyDANBgkqhkiG9w0BAQsFAAOCAQEAXb68bDIkOiv0
ElvJs8QbAjPv57vPCZmKkCTfOYcdQ1iJAj410ZNcybdv7zIY9ZGQbNHlO19Z7WJw
ZwFuf9zjj8ieqYfbh3xJ1C9xXHf8fdR1j0pppYN3D+FE/Y4/UTL5U1NgyJVsNTTA
BEK8xu2KB0nx13OLrMf3B9sj+wG0IACBl0m9QoEr2A1Jb7p1IsijHBwf8KH2AW5G
h6idSYHCG2pn73v/jWg3K6ws4mxRe6c+axp+v6vRrzbOB32qJ7iZVKkvojSarZY2
el9no6nuMIMoenS+Rhdc1lo1PEPhNA/J5nH2d7lVbXkMvGpd7LbTJtgntqzaSR3Y
dXgrEnGoDg==
-----END CERTIFICATE-----