Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QIsP5ljrlvtQsTX3G7kvJ7ksE5Q.cer
File:                     QIsP5ljrlvtQsTX3G7kvJ7ksE5Q.cer (raw, json)
Hash identifier:          ygMZz2BFLKhRS5ugZ/qlDS0v1UTsfzbPXC2Ho6VKsoM=
Subject key identifier:   40:8B:0F:E6:58:EB:96:FB:50:B1:35:F7:1B:B9:2F:27:B9:2C:13:94
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143BFD8C5730922764D0DF1EE8127DC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/e5654c-9fe7-4793-8a8f-40edadeee860/1/QIsP5ljrlvtQsTX3G7kvJ7ksE5Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/e5654c-9fe7-4793-8a8f-40edadeee860/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:47:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 206468
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:bf:d8:c5:73:09:22:76:4d:0d:f1:ee:81:27:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=408b0fe658eb96fb50b135f71bb92f27b92c1394
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b7:3b:97:c9:41:b6:a7:ee:44:73:ae:05:dc:
                    e5:70:b5:2a:71:7d:98:97:8e:9b:99:1f:a4:90:bf:
                    01:8e:b3:e5:26:50:43:48:5d:f1:43:f0:2b:f8:87:
                    78:0e:fd:49:72:f6:3f:4f:33:3d:55:e0:e2:c9:f3:
                    d6:48:9d:f9:8a:1a:66:25:aa:ac:cf:9d:a5:f7:76:
                    cd:1e:7c:b4:73:43:18:5b:6c:25:b9:1f:40:3c:e7:
                    d9:28:f0:85:89:07:62:5f:17:6c:d7:0c:73:90:26:
                    85:42:bc:94:62:3d:5c:a9:ed:ae:d5:e5:54:a1:2f:
                    98:2a:03:23:47:6c:72:00:ef:62:8f:6f:bc:37:9c:
                    87:80:7c:f2:d8:f5:cb:f7:d8:94:fd:55:9f:cb:77:
                    b2:68:a5:86:96:a1:81:12:49:86:84:9c:37:f6:8c:
                    52:b3:9c:06:88:47:11:97:71:89:6f:60:b0:19:af:
                    cd:0c:ac:86:8d:5f:02:51:55:3c:60:c7:c0:e5:d8:
                    9c:31:a3:ff:66:cc:08:7c:9f:18:6c:2e:7a:da:bc:
                    89:3d:5a:d8:75:ef:fe:17:57:f5:91:ca:12:96:06:
                    c8:29:13:cf:31:d9:ff:ff:fc:58:c9:a4:15:78:f2:
                    04:6c:0f:2f:55:88:b5:e2:54:2a:89:4d:83:1d:55:
                    ec:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:8B:0F:E6:58:EB:96:FB:50:B1:35:F7:1B:B9:2F:27:B9:2C:13:94
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e5654c-9fe7-4793-8a8f-40edadeee860/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e5654c-9fe7-4793-8a8f-40edadeee860/1/QIsP5ljrlvtQsTX3G7kvJ7ksE5Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206468

    Signature Algorithm: sha256WithRSAEncryption
         90:99:97:c6:32:c1:63:5e:e1:7a:9f:97:7f:6c:5c:b1:b7:7a:
         5e:e5:71:23:6c:e7:18:c1:56:ba:60:62:e2:5e:f9:5c:b2:54:
         f0:9d:f8:fd:20:05:88:f7:18:7f:6c:4a:44:c1:cc:6d:fd:84:
         18:df:51:5c:1e:c2:88:ec:b6:1c:1f:db:48:fe:22:ee:c6:37:
         fc:84:64:7d:92:d0:64:f4:c2:cb:86:ce:b9:40:fc:4c:25:52:
         2d:55:be:fc:2e:e1:12:ba:ac:ff:4d:15:4e:30:ea:01:45:86:
         c4:e0:67:9a:12:c8:4a:79:69:f3:56:17:1e:ac:a7:ed:38:a1:
         93:10:da:8e:95:8d:f5:b3:84:78:ca:8d:b2:d7:38:dd:84:01:
         6f:0c:a3:16:47:f5:fc:62:a2:60:67:91:4c:b8:cb:5f:63:18:
         e3:35:bc:b3:cf:a3:91:31:6d:7e:28:3c:f4:eb:03:c5:0b:ea:
         2f:da:1d:b1:fd:e6:77:84:7e:92:e2:92:6e:61:9e:34:69:f5:
         49:a0:59:89:7e:51:2b:26:96:11:82:9d:7c:f0:2d:d0:ff:ef:
         e7:10:89:5d:14:c4:46:19:23:6f:14:43:ed:d7:a0:8a:44:5e:
         a2:b0:c4:ed:92:4c:a8:0f:46:c9:c2:1d:a6:b2:1e:32:f8:4e:
         33:99:c5:59
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQhQ7/YxXMJInZNDfHugSfcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhiMGZlNjU4ZWI5NmZiNTBiMTM1ZjcxYmI5MmYyN2I5MmMxMzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLc7l8lBtqfuRHOuBdzlcLUqcX2Y
l46bmR+kkL8BjrPlJlBDSF3xQ/Ar+Id4Dv1JcvY/TzM9VeDiyfPWSJ35ihpmJaqs
z52l93bNHny0c0MYW2wluR9APOfZKPCFiQdiXxds1wxzkCaFQryUYj1cqe2u1eVU
oS+YKgMjR2xyAO9ij2+8N5yHgHzy2PXL99iU/VWfy3eyaKWGlqGBEkmGhJw39oxS
s5wGiEcRl3GJb2CwGa/NDKyGjV8CUVU8YMfA5dicMaP/ZswIfJ8YbC562ryJPVrY
de/+F1f1kcoSlgbIKRPPMdn///xYyaQVePIEbA8vVYi14lQqiU2DHVXs+wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFECLD+ZY65b7ULE19xu5Lye5LBOUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1L2U1NjU0
Yy05ZmU3LTQ3OTMtOGE4Zi00MGVkYWRlZWU4NjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvZTU2NTRj
LTlmZTctNDc5My04YThmLTQwZWRhZGVlZTg2MC8xL1FJc1A1bGpybHZ0UXNUWDNH
N2t2Sjdrc0U1US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMmhDANBgkqhkiG9w0BAQsFAAOCAQEAkJmXxjLBY17h
ep+Xf2xcsbd6XuVxI2znGMFWumBi4l75XLJU8J34/SAFiPcYf2xKRMHMbf2EGN9R
XB7CiOy2HB/bSP4i7sY3/IRkfZLQZPTCy4bOuUD8TCVSLVW+/C7hErqs/00VTjDq
AUWGxOBnmhLISnlp81YXHqyn7TihkxDajpWN9bOEeMqNstc43YQBbwyjFkf1/GKi
YGeRTLjLX2MY4zW8s8+jkTFtfig89OsDxQvqL9odsf3md4R+kuKSbmGeNGn1SaBZ
iX5RKyaWEYKdfPAt0P/v5xCJXRTERhkjbxRD7degikReorDE7ZJMqA9GycIdprIe
MvhOM5nFWQ==
-----END CERTIFICATE-----