Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/RfrUZJQD8kUC6cP6QBA5Vbw7WSQ.cer
File:                     RfrUZJQD8kUC6cP6QBA5Vbw7WSQ.cer (raw, json)
Hash identifier:          aoGU2A214T2BJxXXhOw0McqjJReOSUtV26sjwTYjqqg=
Subject key identifier:   45:FA:D4:64:94:03:F2:45:02:E9:C3:FA:40:10:39:55:BC:3B:59:24
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D6AEAB4DBF5BE6B02E7BB49C9026E6CBF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.sn-p.io/repo/sn-p-io/1/45FAD4649403F24502E9C3FA40103955BC3B5924.mft
caRepository:             rsync://rpki.sn-p.io/repo/sn-p-io/1/
Notify URL:               https://rpki.sn-p.io/rrdp/notification.xml
Certificate not before:   Fri 02 Feb 2024 17:43:03 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200975
                          AS: 205848
                          IP: 2001:67c:129c::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6a:ea:b4:db:f5:be:6b:02:e7:bb:49:c9:02:6e:6c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb  2 17:43:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45fad4649403f24502e9c3fa40103955bc3b5924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:db:0b:88:81:e6:36:dc:67:a3:51:c7:5a:f8:
                    d5:44:7f:bc:31:40:5b:38:a0:52:71:6b:49:d1:82:
                    88:57:d1:af:86:33:2d:18:b1:12:73:81:4a:f0:3d:
                    13:9a:f3:ea:99:04:6d:54:e8:5d:22:24:a7:b5:12:
                    ea:6c:fd:a8:d5:f1:4a:bd:b0:0b:39:89:19:72:49:
                    93:11:c7:3b:6f:45:05:fe:c5:a4:99:8b:da:30:54:
                    c8:46:f0:2a:70:02:15:ba:01:6c:22:c3:35:7c:95:
                    bd:ed:98:9e:f0:45:75:c2:f8:d6:0b:a6:b8:dd:73:
                    79:1b:81:bc:f7:b2:12:7a:30:53:b4:02:5b:d5:ac:
                    ce:a0:6c:89:54:83:ac:47:39:1c:a0:4f:3a:0b:25:
                    ce:d5:84:17:4e:3f:a2:0d:98:74:0a:ab:6f:92:47:
                    d2:77:4f:b2:86:01:98:23:a5:6c:62:3c:ad:c2:24:
                    51:fd:6e:e4:81:3a:37:83:c8:46:20:2c:41:3a:c5:
                    a3:a2:ea:b5:fd:b3:85:0b:0b:c6:6b:7b:d3:06:f7:
                    cd:3c:d1:31:1b:09:3f:3f:48:4f:ee:2e:4c:e8:4b:
                    be:b3:37:d6:0f:bf:4f:70:7b:6b:c4:5e:e7:0c:38:
                    06:bb:c2:1e:e2:4d:59:6b:2f:2d:c1:c4:8b:0e:54:
                    40:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:FA:D4:64:94:03:F2:45:02:E9:C3:FA:40:10:39:55:BC:3B:59:24
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.sn-p.io/repo/sn-p-io/1/
                RPKI Manifest - URI:rsync://rpki.sn-p.io/repo/sn-p-io/1/45FAD4649403F24502E9C3FA40103955BC3B5924.mft
                RPKI Notify - URI:https://rpki.sn-p.io/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:129c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200975
                  205848

    Signature Algorithm: sha256WithRSAEncryption
         91:fb:11:cc:0e:98:ef:56:d9:f9:7a:45:b5:12:35:a2:9d:9d:
         dc:86:d9:23:20:26:c6:3e:41:f8:c0:19:39:ee:40:de:f5:d5:
         76:20:2f:7a:ef:38:5c:93:d6:b5:64:36:19:5a:ef:c5:4a:87:
         20:41:20:1e:4c:6f:99:9f:a8:a8:50:43:da:08:53:f5:e0:48:
         fc:ce:e3:dc:f4:0c:7c:b1:3d:c1:06:1c:08:ea:3b:7d:0a:2e:
         3f:6b:7c:92:d0:02:e7:65:ca:49:bc:66:10:99:8a:4b:b1:fd:
         cb:dd:83:bc:54:04:4f:99:88:61:ce:52:29:1b:6d:e2:a6:6a:
         7f:e2:00:73:8f:c5:f0:0e:a6:78:7e:85:6d:26:b8:63:aa:9d:
         81:f5:95:cf:25:59:1b:c9:b9:36:49:e0:d7:48:f3:a3:d4:67:
         c8:a0:e0:57:f1:0a:3f:ed:8d:fd:be:2a:06:a7:b9:b3:b7:c7:
         b2:bc:55:c7:39:c0:b5:eb:ca:b2:12:bd:ec:1a:cb:78:91:50:
         21:23:a4:8f:0c:5e:01:8e:4e:92:75:9e:86:3e:f2:1b:cd:ef:
         04:f6:38:0b:9d:5a:12:53:94:fb:a1:98:21:a8:92:f8:d0:38:
         f6:b6:34:11:50:d3:0d:9d:de:c3:f7:c6:b5:c1:42:c8:29:65:
         d2:12:bf:b6
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAY1q6rTb9b5rAue7SckCbmy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjAyMTc0MzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWZhZDQ2NDk0MDNmMjQ1MDJlOWMzZmE0MDEwMzk1NWJjM2I1OTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tsLiIHmNtxno1HHWvjVRH+8MUBb
OKBScWtJ0YKIV9GvhjMtGLESc4FK8D0TmvPqmQRtVOhdIiSntRLqbP2o1fFKvbAL
OYkZckmTEcc7b0UF/sWkmYvaMFTIRvAqcAIVugFsIsM1fJW97Zie8EV1wvjWC6a4
3XN5G4G897ISejBTtAJb1azOoGyJVIOsRzkcoE86CyXO1YQXTj+iDZh0CqtvkkfS
d0+yhgGYI6VsYjytwiRR/W7kgTo3g8hGICxBOsWjouq1/bOFCwvGa3vTBvfNPNEx
Gwk/P0hP7i5M6Eu+szfWD79PcHtrxF7nDDgGu8Ie4k1Zay8twcSLDlRA6wIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFEX61GSUA/JFAunD+kAQOVW8O1kkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgdgGCCsGAQUFBwELBIHLMIHIMDAGCCsGAQUFBzAFhiRyc3lu
YzovL3Jwa2kuc24tcC5pby9yZXBvL3NuLXAtaW8vMS8wXAYIKwYBBQUHMAqGUHJz
eW5jOi8vcnBraS5zbi1wLmlvL3JlcG8vc24tcC1pby8xLzQ1RkFENDY0OTQwM0Yy
NDUwMkU5QzNGQTQwMTAzOTU1QkMzQjU5MjQubWZ0MDYGCCsGAQUFBzANhipodHRw
czovL3Jwa2kuc24tcC5pby9ycmRwL25vdGlmaWNhdGlvbi54bWwwWQYDVR0fBFIw
UDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVM
VC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3JsMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8Epww
HwYIKwYBBQUHAQgBAf8EEDAOoAwwCgIDAxEPAgMDJBgwDQYJKoZIhvcNAQELBQAD
ggEBAJH7EcwOmO9W2fl6RbUSNaKdndyG2SMgJsY+QfjAGTnuQN711XYgL3rvOFyT
1rVkNhla78VKhyBBIB5Mb5mfqKhQQ9oIU/XgSPzO49z0DHyxPcEGHAjqO30KLj9r
fJLQAudlykm8ZhCZikux/cvdg7xUBE+ZiGHOUikbbeKman/iAHOPxfAOpnh+hW0m
uGOqnYH1lc8lWRvJuTZJ4NdI86PUZ8ig4FfxCj/tjf2+KganubO3x7K8Vcc5wLXr
yrISveway3iRUCEjpI8MXgGOTpJ1noY+8hvN7wT2OAudWhJTlPuhmCGokvjQOPa2
NBFQ0w2d3sP3xrXBQsgpZdISv7Y=
-----END CERTIFICATE-----