Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/RfrUZJQD8kUC6cP6QBA5Vbw7WSQ.cer
File:                     RfrUZJQD8kUC6cP6QBA5Vbw7WSQ.cer (raw, json)
Hash identifier:          dAEqHsAayBNg4ENtPvJwWnycke+O8/8T0M2NWJX6CXo=
Subject key identifier:   45:FA:D4:64:94:03:F2:45:02:E9:C3:FA:40:10:39:55:BC:3B:59:24
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0191E5362BFAC9A179F64CC2B9019EA1CAF0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.sn-p.io/repo/sn-p-io/1/45FAD4649403F24502E9C3FA40103955BC3B5924.mft
caRepository:             rsync://rpki.sn-p.io/repo/sn-p-io/1/
Notify URL:               https://rpki.sn-p.io/rrdp/notification.xml
Certificate not before:   Thu 12 Sep 2024 07:50:18 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200975
                          AS: 205848

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:36:2b:fa:c9:a1:79:f6:4c:c2:b9:01:9e:a1:ca:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 12 07:50:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45fad4649403f24502e9c3fa40103955bc3b5924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:db:0b:88:81:e6:36:dc:67:a3:51:c7:5a:f8:
                    d5:44:7f:bc:31:40:5b:38:a0:52:71:6b:49:d1:82:
                    88:57:d1:af:86:33:2d:18:b1:12:73:81:4a:f0:3d:
                    13:9a:f3:ea:99:04:6d:54:e8:5d:22:24:a7:b5:12:
                    ea:6c:fd:a8:d5:f1:4a:bd:b0:0b:39:89:19:72:49:
                    93:11:c7:3b:6f:45:05:fe:c5:a4:99:8b:da:30:54:
                    c8:46:f0:2a:70:02:15:ba:01:6c:22:c3:35:7c:95:
                    bd:ed:98:9e:f0:45:75:c2:f8:d6:0b:a6:b8:dd:73:
                    79:1b:81:bc:f7:b2:12:7a:30:53:b4:02:5b:d5:ac:
                    ce:a0:6c:89:54:83:ac:47:39:1c:a0:4f:3a:0b:25:
                    ce:d5:84:17:4e:3f:a2:0d:98:74:0a:ab:6f:92:47:
                    d2:77:4f:b2:86:01:98:23:a5:6c:62:3c:ad:c2:24:
                    51:fd:6e:e4:81:3a:37:83:c8:46:20:2c:41:3a:c5:
                    a3:a2:ea:b5:fd:b3:85:0b:0b:c6:6b:7b:d3:06:f7:
                    cd:3c:d1:31:1b:09:3f:3f:48:4f:ee:2e:4c:e8:4b:
                    be:b3:37:d6:0f:bf:4f:70:7b:6b:c4:5e:e7:0c:38:
                    06:bb:c2:1e:e2:4d:59:6b:2f:2d:c1:c4:8b:0e:54:
                    40:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:FA:D4:64:94:03:F2:45:02:E9:C3:FA:40:10:39:55:BC:3B:59:24
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.sn-p.io/repo/sn-p-io/1/
                RPKI Manifest - URI:rsync://rpki.sn-p.io/repo/sn-p-io/1/45FAD4649403F24502E9C3FA40103955BC3B5924.mft
                RPKI Notify - URI:https://rpki.sn-p.io/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200975
                  205848

    Signature Algorithm: sha256WithRSAEncryption
         6b:5e:18:2b:4e:df:21:84:76:f3:9b:96:fa:8d:46:f1:5e:78:
         2e:7c:25:c5:b8:75:79:24:10:93:10:35:f2:65:14:ad:6a:fd:
         2d:1a:8d:7b:9b:64:0a:de:8f:8a:9a:7e:0f:79:5c:58:9b:42:
         25:6b:98:f6:f2:e6:e0:14:22:a4:6c:48:11:19:a5:14:bf:a3:
         49:41:01:60:12:ae:32:d8:24:d7:c7:43:f8:bc:a3:d1:a3:49:
         ae:3f:bd:53:41:03:14:93:5d:30:44:7a:32:e4:ed:a1:13:0e:
         08:25:df:33:9b:e0:fe:b2:0c:a5:d8:73:30:1f:ca:cd:4e:14:
         06:31:52:03:2f:ed:09:64:0e:b7:48:6d:ef:21:81:74:35:51:
         ca:50:25:0a:24:96:a8:d8:ae:c5:9d:e9:eb:b9:df:80:cc:79:
         53:fd:50:da:5d:85:b3:80:a6:56:42:1e:12:f3:23:6c:30:ad:
         73:ea:b0:2a:4f:61:20:e6:2f:12:a6:30:55:1f:99:fb:7b:a4:
         dd:52:10:0c:83:22:ea:c5:9b:07:c9:25:4a:84:16:8e:16:83:
         9c:fd:24:92:61:36:06:41:59:d2:02:dc:f2:10:36:a5:fa:72:
         44:db:b9:ca:86:f0:cb:8f:43:20:b8:fd:c0:8e:e2:55:02:6e:
         00:56:58:3c
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZHlNiv6yaF59kzCuQGeocrwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTEyMDc1MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWZhZDQ2NDk0MDNmMjQ1MDJlOWMzZmE0MDEwMzk1NWJjM2I1OTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tsLiIHmNtxno1HHWvjVRH+8MUBb
OKBScWtJ0YKIV9GvhjMtGLESc4FK8D0TmvPqmQRtVOhdIiSntRLqbP2o1fFKvbAL
OYkZckmTEcc7b0UF/sWkmYvaMFTIRvAqcAIVugFsIsM1fJW97Zie8EV1wvjWC6a4
3XN5G4G897ISejBTtAJb1azOoGyJVIOsRzkcoE86CyXO1YQXTj+iDZh0CqtvkkfS
d0+yhgGYI6VsYjytwiRR/W7kgTo3g8hGICxBOsWjouq1/bOFCwvGa3vTBvfNPNEx
Gwk/P0hP7i5M6Eu+szfWD79PcHtrxF7nDDgGu8Ie4k1Zay8twcSLDlRA6wIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFEX61GSUA/JFAunD+kAQOVW8O1kkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgdgGCCsGAQUFBwELBIHLMIHIMDAGCCsGAQUFBzAFhiRyc3lu
YzovL3Jwa2kuc24tcC5pby9yZXBvL3NuLXAtaW8vMS8wXAYIKwYBBQUHMAqGUHJz
eW5jOi8vcnBraS5zbi1wLmlvL3JlcG8vc24tcC1pby8xLzQ1RkFENDY0OTQwM0Yy
NDUwMkU5QzNGQTQwMTAzOTU1QkMzQjU5MjQubWZ0MDYGCCsGAQUFBzANhipodHRw
czovL3Jwa2kuc24tcC5pby9ycmRwL25vdGlmaWNhdGlvbi54bWwwWQYDVR0fBFIw
UDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVM
VC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3JsMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQgBAf8EEDAOoAwwCgIDAxEPAgMDJBgwDQYJ
KoZIhvcNAQELBQADggEBAGteGCtO3yGEdvOblvqNRvFeeC58JcW4dXkkEJMQNfJl
FK1q/S0ajXubZArej4qafg95XFibQiVrmPby5uAUIqRsSBEZpRS/o0lBAWASrjLY
JNfHQ/i8o9GjSa4/vVNBAxSTXTBEejLk7aETDggl3zOb4P6yDKXYczAfys1OFAYx
UgMv7QlkDrdIbe8hgXQ1UcpQJQoklqjYrsWd6eu534DMeVP9UNpdhbOAplZCHhLz
I2wwrXPqsCpPYSDmLxKmMFUfmft7pN1SEAyDIurFmwfJJUqEFo4Wg5z9JJJhNgZB
WdIC3PIQNqX6ckTbucqG8MuPQyC4/cCO4lUCbgBWWDw=
-----END CERTIFICATE-----