Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Tgb93gU95YTiype-NjhKwCqcwV8.cer
File:                     Tgb93gU95YTiype-NjhKwCqcwV8.cer (raw, json)
Hash identifier:          6Qvka6qGn1dY9RiLNOyd1g8Omupm/QCkcyhNVURj1xg=
Subject key identifier:   4E:06:FD:DE:05:3D:E5:84:E2:CA:97:BE:36:38:4A:C0:2A:9C:C1:5F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94BD8BE45846BBF4FD509DCF20F05A4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/85/8df79e-dff4-4a30-be70-9f800621904a/1/Tgb93gU95YTiype-NjhKwCqcwV8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/85/8df79e-dff4-4a30-be70-9f800621904a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:30:40 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210204

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:d8:be:45:84:6b:bf:4f:d5:09:dc:f2:0f:05:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e06fdde053de584e2ca97be36384ac02a9cc15f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:20:78:68:68:f2:29:eb:0b:5c:93:94:4a:57:
                    e4:32:df:75:35:39:e4:1e:17:1c:2e:5c:9f:ba:48:
                    55:53:01:02:1a:0a:e8:1e:b6:58:52:42:33:10:5e:
                    6d:00:f8:f9:c5:d8:ba:af:2d:5b:84:b6:ea:40:77:
                    33:6d:21:b2:30:03:8e:9e:f4:5c:df:0d:fd:dd:2f:
                    82:bf:2a:51:88:f2:05:e3:30:61:69:e6:ca:0e:9a:
                    e9:d0:73:16:cf:84:d0:79:f2:c6:07:ff:04:82:8c:
                    01:af:55:98:9a:eb:30:f6:8f:75:82:c0:c4:50:d4:
                    35:38:38:b5:d2:64:30:6a:d4:c7:21:d2:aa:c5:ba:
                    48:36:30:1a:b3:0e:28:29:71:e4:b0:ef:5a:3a:99:
                    80:90:ba:10:d9:d6:c4:0b:c6:40:8a:04:a2:8c:e8:
                    28:2b:00:11:15:01:23:c2:06:e0:b6:6c:8e:90:b1:
                    be:b7:d9:c5:9e:b2:63:1c:a1:fe:a4:06:02:9e:2f:
                    68:94:4f:68:2c:3c:cd:32:2f:55:6d:ab:18:56:55:
                    a1:5c:12:09:6d:4d:ee:ba:1e:07:02:24:42:81:2a:
                    f4:d6:b9:63:95:ec:c8:a3:2a:0c:0d:0d:94:e8:4a:
                    3a:36:cc:3c:c7:f7:a9:95:3a:c4:85:66:b7:6c:a2:
                    02:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:06:FD:DE:05:3D:E5:84:E2:CA:97:BE:36:38:4A:C0:2A:9C:C1:5F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/8df79e-dff4-4a30-be70-9f800621904a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/8df79e-dff4-4a30-be70-9f800621904a/1/Tgb93gU95YTiype-NjhKwCqcwV8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210204

    Signature Algorithm: sha256WithRSAEncryption
         79:49:6b:c8:3b:49:68:48:d4:34:1d:25:47:69:6b:f7:cd:ee:
         88:53:94:d9:ea:96:7c:3d:18:27:1d:ea:49:4e:f4:1d:08:c6:
         f1:96:87:f0:39:43:98:be:59:71:83:fb:26:c0:85:bb:b7:6a:
         2a:4d:8a:37:d0:ab:de:ee:e0:9f:e7:09:41:b6:a1:29:78:bf:
         bd:68:fd:16:4d:b1:a2:39:55:d3:7c:bc:20:e1:64:5a:90:58:
         d3:5d:31:cd:39:6c:32:8f:b6:c2:b6:d0:42:f9:d4:a3:16:2b:
         ef:8f:df:8e:33:43:de:52:67:69:ce:91:fd:58:45:37:fb:67:
         c9:22:06:f3:0c:19:16:10:2b:97:7c:c4:45:36:55:82:eb:f7:
         68:b1:ca:7a:0a:c7:32:c4:83:14:63:ed:bf:bf:9e:cf:7e:bb:
         a4:46:ba:8d:a3:d7:89:f0:06:ba:8e:b2:1b:26:62:58:0f:4f:
         e3:48:ec:85:cd:44:58:a8:19:61:f7:bc:75:55:e7:f3:a9:92:
         32:4a:fc:d9:e2:cc:c7:cd:00:78:6b:1e:92:b4:6d:d2:69:1e:
         dd:13:6f:54:3d:18:6a:8b:0d:f2:d2:07:be:d7:15:8c:28:92:
         db:59:01:42:a4:99:a2:93:87:7d:40:df:7b:06:14:82:7b:11:
         87:7a:e1:a6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzJS9i+RYRrv0/VCdzyDwWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTA2ZmRkZTA1M2RlNTg0ZTJjYTk3YmUzNjM4NGFjMDJhOWNjMTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyB4aGjyKesLXJOUSlfkMt91NTnk
HhccLlyfukhVUwECGgroHrZYUkIzEF5tAPj5xdi6ry1bhLbqQHczbSGyMAOOnvRc
3w393S+CvypRiPIF4zBhaebKDprp0HMWz4TQefLGB/8EgowBr1WYmusw9o91gsDE
UNQ1ODi10mQwatTHIdKqxbpINjAasw4oKXHksO9aOpmAkLoQ2dbEC8ZAigSijOgo
KwARFQEjwgbgtmyOkLG+t9nFnrJjHKH+pAYCni9olE9oLDzNMi9VbasYVlWhXBIJ
bU3uuh4HAiRCgSr01rljlezIoyoMDQ2U6Eo6Nsw8x/eplTrEhWa3bKICYQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFE4G/d4FPeWE4sqXvjY4SsAqnMFfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg1LzhkZjc5
ZS1kZmY0LTRhMzAtYmU3MC05ZjgwMDYyMTkwNGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUvOGRmNzll
LWRmZjQtNGEzMC1iZTcwLTlmODAwNjIxOTA0YS8xL1RnYjkzZ1U5NVlUaXlwZS1O
amhLd0NxY3dWOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM1HDANBgkqhkiG9w0BAQsFAAOCAQEAeUlryDtJaEjU
NB0lR2lr983uiFOU2eqWfD0YJx3qSU70HQjG8ZaH8DlDmL5ZcYP7JsCFu7dqKk2K
N9Cr3u7gn+cJQbahKXi/vWj9Fk2xojlV03y8IOFkWpBY010xzTlsMo+2wrbQQvnU
oxYr74/fjjND3lJnac6R/VhFN/tnySIG8wwZFhArl3zERTZVguv3aLHKegrHMsSD
FGPtv7+ez367pEa6jaPXifAGuo6yGyZiWA9P40jshc1EWKgZYfe8dVXn86mSMkr8
2eLMx80AeGsekrRt0mke3RNvVD0YaosN8tIHvtcVjCiS21kBQqSZopOHfUDfewYU
gnsRh3rhpg==
-----END CERTIFICATE-----