Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/S0iUlRKz97-akbi8iX5-GKQSfN0.cer
File:                     S0iUlRKz97-akbi8iX5-GKQSfN0.cer (raw, json)
Hash identifier:          FVCBIRoNMrHJO1a+yXhKPVZvhhop7PZQD9BbMYQRbIQ=
Subject key identifier:   4B:48:94:95:12:B3:F7:BF:9A:91:B8:BC:89:7E:7E:18:A4:12:7C:DD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019354778ABBFC0D1D4D0958DF6B6736CCD9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/7/4B48949512B3F7BF9A91B8BC897E7E18A4127CDD.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/7/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 22 Nov 2024 15:22:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213915

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:54:77:8a:bb:fc:0d:1d:4d:09:58:df:6b:67:36:cc:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 22 15:22:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b48949512b3f7bf9a91b8bc897e7e18a4127cdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:36:10:02:06:a0:fb:b5:0e:16:f9:92:e8:ec:
                    80:bd:f8:11:5f:2f:1a:ff:38:ef:71:92:fe:e3:96:
                    a6:65:07:b6:56:d5:b3:8d:03:06:b4:26:e5:7c:d4:
                    f3:2c:8a:c4:8f:80:4d:b6:4a:15:b6:51:e2:ec:c3:
                    b0:52:2f:75:84:e5:7e:16:09:60:48:a9:21:c2:ad:
                    af:57:a2:a2:2f:ec:bb:fb:41:77:85:56:50:22:ac:
                    0c:5a:5d:ea:c0:8c:aa:b2:46:78:e9:33:15:40:b7:
                    72:85:34:4a:99:f8:3d:0c:01:6e:09:d0:14:ad:86:
                    cb:2e:cd:00:62:2f:e2:46:fd:00:a3:61:26:14:c6:
                    09:d0:52:b1:ac:4a:3d:5a:48:72:d9:81:ee:2c:ad:
                    d1:91:4d:79:fd:70:a4:67:bd:dd:3f:7b:2b:ac:86:
                    f4:05:d9:81:e4:bd:94:09:84:56:d5:cd:a5:df:00:
                    f5:8d:0a:68:6a:0d:0c:70:4e:7d:04:cf:6f:01:41:
                    95:44:a5:19:1e:15:e4:23:b6:20:2d:75:8b:56:af:
                    50:c0:a8:69:15:cf:48:f2:0d:08:c8:cd:72:d7:0d:
                    42:ea:2d:28:93:4c:60:34:30:12:7f:fb:da:7c:ab:
                    e7:2f:0f:21:fe:af:f1:70:23:bc:2e:86:b7:47:b4:
                    e7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:48:94:95:12:B3:F7:BF:9A:91:B8:BC:89:7E:7E:18:A4:12:7C:DD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/7/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/7/4B48949512B3F7BF9A91B8BC897E7E18A4127CDD.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213915

    Signature Algorithm: sha256WithRSAEncryption
         37:e0:05:a2:e4:24:0e:7f:e0:98:cf:de:f7:03:86:e9:2d:90:
         65:76:50:15:90:3e:d9:99:17:65:89:19:30:f5:81:31:8c:01:
         a2:34:93:73:ce:29:c2:b5:3c:30:14:c2:4f:70:b0:6b:a3:a2:
         c3:d8:ea:b0:f1:64:17:a8:1c:e1:90:59:5a:ec:90:b0:14:52:
         07:2e:2f:17:c6:1b:2c:64:39:18:46:90:7d:76:89:45:86:f8:
         c0:f4:bd:df:04:99:cb:fb:76:81:1a:cd:0a:85:32:1a:8b:d3:
         60:2d:cc:7e:94:a4:07:d0:e7:d2:7c:e6:38:55:62:7f:6d:ac:
         d3:d7:5f:ab:03:7e:39:45:0e:69:d2:4c:1a:17:06:b3:83:9c:
         a6:d0:dc:16:12:c6:4c:6f:6d:f3:82:71:20:53:41:ee:79:d4:
         15:3c:f5:d2:eb:06:2a:25:05:d3:9a:7b:62:5b:54:b5:a4:bb:
         eb:98:d9:c9:4d:09:5d:51:10:21:e7:dc:9b:d8:44:b5:2a:21:
         9e:28:0e:e7:46:1e:a2:09:2f:d3:56:69:fd:10:6a:de:3d:bb:
         61:7c:32:9f:bd:23:30:98:be:1f:7c:0d:91:68:e0:32:ff:6a:
         5b:76:a9:17:3b:56:45:56:8e:de:09:d8:37:18:86:b6:86:d5:
         6a:b0:33:91
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZNUd4q7/A0dTQlY32tnNszZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMTIyMTUyMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQ4OTQ5NTEyYjNmN2JmOWE5MWI4YmM4OTdlN2UxOGE0MTI3Y2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzYQAgag+7UOFvmS6OyAvfgRXy8a
/zjvcZL+45amZQe2VtWzjQMGtCblfNTzLIrEj4BNtkoVtlHi7MOwUi91hOV+Fglg
SKkhwq2vV6KiL+y7+0F3hVZQIqwMWl3qwIyqskZ46TMVQLdyhTRKmfg9DAFuCdAU
rYbLLs0AYi/iRv0Ao2EmFMYJ0FKxrEo9Wkhy2YHuLK3RkU15/XCkZ73dP3srrIb0
BdmB5L2UCYRW1c2l3wD1jQpoag0McE59BM9vAUGVRKUZHhXkI7YgLXWLVq9QwKhp
Fc9I8g0IyM1y1w1C6i0ok0xgNDASf/vafKvnLw8h/q/xcCO8Loa3R7TneQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFEtIlJUSs/e/mpG4vIl+fhikEnzdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljMGVk
MDQ2LWZhOTUtNDVjMy05MTQ2LTk3MWRiOGE5ZThiYi83LzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWMw
ZWQwNDYtZmE5NS00NWMzLTkxNDYtOTcxZGI4YTllOGJiLzcvNEI0ODk0OTUxMkIz
RjdCRjlBOTFCOEJDODk3RTdFMThBNDEyN0NERC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDQ5sw
DQYJKoZIhvcNAQELBQADggEBADfgBaLkJA5/4JjP3vcDhuktkGV2UBWQPtmZF2WJ
GTD1gTGMAaI0k3POKcK1PDAUwk9wsGujosPY6rDxZBeoHOGQWVrskLAUUgcuLxfG
GyxkORhGkH12iUWG+MD0vd8Emcv7doEazQqFMhqL02AtzH6UpAfQ59J85jhVYn9t
rNPXX6sDfjlFDmnSTBoXBrODnKbQ3BYSxkxvbfOCcSBTQe551BU89dLrBiolBdOa
e2JbVLWku+uY2clNCV1RECHn3JvYRLUqIZ4oDudGHqIJL9NWaf0Qat49u2F8Mp+9
IzCYvh98DZFo4DL/alt2qRc7VkVWjt4J2DcYhraG1WqwM5E=
-----END CERTIFICATE-----