Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QIsP5ljrlvtQsTX3G7kvJ7ksE5Q.cer
File:                     QIsP5ljrlvtQsTX3G7kvJ7ksE5Q.cer (raw, json)
Hash identifier:          Le0DjpRX6GCew7Q9S3s8U++GocvBPDKz9DaRKH0579M=
Subject key identifier:   40:8B:0F:E6:58:EB:96:FB:50:B1:35:F7:1B:B9:2F:27:B9:2C:13:94
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94E45B1F27B018DEFC1B236AC4F19C2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/e5654c-9fe7-4793-8a8f-40edadeee860/1/QIsP5ljrlvtQsTX3G7kvJ7ksE5Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/e5654c-9fe7-4793-8a8f-40edadeee860/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:33:19 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 206468

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:45:b1:f2:7b:01:8d:ef:c1:b2:36:ac:4f:19:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=408b0fe658eb96fb50b135f71bb92f27b92c1394
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b7:3b:97:c9:41:b6:a7:ee:44:73:ae:05:dc:
                    e5:70:b5:2a:71:7d:98:97:8e:9b:99:1f:a4:90:bf:
                    01:8e:b3:e5:26:50:43:48:5d:f1:43:f0:2b:f8:87:
                    78:0e:fd:49:72:f6:3f:4f:33:3d:55:e0:e2:c9:f3:
                    d6:48:9d:f9:8a:1a:66:25:aa:ac:cf:9d:a5:f7:76:
                    cd:1e:7c:b4:73:43:18:5b:6c:25:b9:1f:40:3c:e7:
                    d9:28:f0:85:89:07:62:5f:17:6c:d7:0c:73:90:26:
                    85:42:bc:94:62:3d:5c:a9:ed:ae:d5:e5:54:a1:2f:
                    98:2a:03:23:47:6c:72:00:ef:62:8f:6f:bc:37:9c:
                    87:80:7c:f2:d8:f5:cb:f7:d8:94:fd:55:9f:cb:77:
                    b2:68:a5:86:96:a1:81:12:49:86:84:9c:37:f6:8c:
                    52:b3:9c:06:88:47:11:97:71:89:6f:60:b0:19:af:
                    cd:0c:ac:86:8d:5f:02:51:55:3c:60:c7:c0:e5:d8:
                    9c:31:a3:ff:66:cc:08:7c:9f:18:6c:2e:7a:da:bc:
                    89:3d:5a:d8:75:ef:fe:17:57:f5:91:ca:12:96:06:
                    c8:29:13:cf:31:d9:ff:ff:fc:58:c9:a4:15:78:f2:
                    04:6c:0f:2f:55:88:b5:e2:54:2a:89:4d:83:1d:55:
                    ec:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:8B:0F:E6:58:EB:96:FB:50:B1:35:F7:1B:B9:2F:27:B9:2C:13:94
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e5654c-9fe7-4793-8a8f-40edadeee860/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e5654c-9fe7-4793-8a8f-40edadeee860/1/QIsP5ljrlvtQsTX3G7kvJ7ksE5Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206468

    Signature Algorithm: sha256WithRSAEncryption
         0f:79:d2:ac:aa:77:10:ca:c6:7c:91:07:a5:67:1d:a1:61:c2:
         06:be:b8:b4:92:36:a3:bb:a5:d1:a0:00:ff:71:0a:75:32:1c:
         1e:d1:20:a9:0c:f3:ad:68:70:46:71:6a:71:d6:26:36:cd:12:
         f7:4c:0d:4f:ce:c3:8d:55:ce:46:3b:46:7e:0c:50:80:af:5b:
         92:97:58:84:3c:81:29:22:27:ec:43:e3:1e:44:42:35:2f:47:
         1f:bd:63:4f:97:bd:f8:34:a3:6c:2b:8d:40:c2:cd:72:e4:a5:
         fc:50:01:36:3b:4a:5a:aa:15:59:bf:df:8e:dc:d6:26:7d:ac:
         dc:0d:af:2a:17:75:69:0e:b7:3d:70:b2:6c:20:31:7a:c2:b7:
         2a:80:d6:a5:3e:17:e3:2c:32:03:d1:f3:d5:ff:0e:91:1a:6a:
         db:04:fa:0c:53:72:bc:f8:ce:5c:b3:b9:ca:5e:ee:c7:78:c3:
         2e:57:1b:94:7c:cd:2b:5a:41:ed:53:8e:92:31:c8:35:27:98:
         1f:04:f6:0a:8e:05:4e:5c:9c:85:f3:91:68:e1:2d:d4:ef:f1:
         41:3d:e8:b7:af:2c:05:c6:c4:6e:a6:34:40:f6:e4:74:06:e7:
         34:a8:a8:a1:7d:8b:22:a3:0c:9f:32:09:0b:17:9b:2b:eb:f5:
         42:63:d6:92
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzJTkWx8nsBje/BsjasTxnCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhiMGZlNjU4ZWI5NmZiNTBiMTM1ZjcxYmI5MmYyN2I5MmMxMzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLc7l8lBtqfuRHOuBdzlcLUqcX2Y
l46bmR+kkL8BjrPlJlBDSF3xQ/Ar+Id4Dv1JcvY/TzM9VeDiyfPWSJ35ihpmJaqs
z52l93bNHny0c0MYW2wluR9APOfZKPCFiQdiXxds1wxzkCaFQryUYj1cqe2u1eVU
oS+YKgMjR2xyAO9ij2+8N5yHgHzy2PXL99iU/VWfy3eyaKWGlqGBEkmGhJw39oxS
s5wGiEcRl3GJb2CwGa/NDKyGjV8CUVU8YMfA5dicMaP/ZswIfJ8YbC562ryJPVrY
de/+F1f1kcoSlgbIKRPPMdn///xYyaQVePIEbA8vVYi14lQqiU2DHVXs+wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFECLD+ZY65b7ULE19xu5Lye5LBOUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1L2U1NjU0
Yy05ZmU3LTQ3OTMtOGE4Zi00MGVkYWRlZWU4NjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvZTU2NTRj
LTlmZTctNDc5My04YThmLTQwZWRhZGVlZTg2MC8xL1FJc1A1bGpybHZ0UXNUWDNH
N2t2Sjdrc0U1US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMmhDANBgkqhkiG9w0BAQsFAAOCAQEAD3nSrKp3EMrG
fJEHpWcdoWHCBr64tJI2o7ul0aAA/3EKdTIcHtEgqQzzrWhwRnFqcdYmNs0S90wN
T87DjVXORjtGfgxQgK9bkpdYhDyBKSIn7EPjHkRCNS9HH71jT5e9+DSjbCuNQMLN
cuSl/FABNjtKWqoVWb/fjtzWJn2s3A2vKhd1aQ63PXCybCAxesK3KoDWpT4X4ywy
A9Hz1f8OkRpq2wT6DFNyvPjOXLO5yl7ux3jDLlcblHzNK1pB7VOOkjHINSeYHwT2
Co4FTlychfORaOEt1O/xQT3ot68sBcbEbqY0QPbkdAbnNKiooX2LIqMMnzIJCxeb
K+v1QmPWkg==
-----END CERTIFICATE-----