Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/VRfJBSP1ZkGA9x4wYN2iMXLkz3U.cer
File:                     VRfJBSP1ZkGA9x4wYN2iMXLkz3U.cer (raw, json)
Hash identifier:          QVPqpDTp3iGu+HilrESpJVJ6tjcu7CDeenIBSRb3kac=
Subject key identifier:   55:17:C9:05:23:F5:66:41:80:F7:1E:30:60:DD:A2:31:72:E4:CF:75
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB1DB63713C30E6BB42EA65D729E78
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/48/a31b25-e927-4ea2-a8a0-20f44b9f4ee7/1/VRfJBSP1ZkGA9x4wYN2iMXLkz3U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/48/a31b25-e927-4ea2-a8a0-20f44b9f4ee7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:49 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210546

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1d:b6:37:13:c3:0e:6b:b4:2e:a6:5d:72:9e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5517c90523f5664180f71e3060dda23172e4cf75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:39:6d:e8:f9:79:3b:af:42:aa:fd:52:56:65:
                    a4:86:2b:78:d9:b2:e5:f9:29:08:a6:e0:a7:94:42:
                    da:7b:0f:6b:19:3b:d8:12:a1:b5:3e:7c:2c:75:13:
                    0a:8a:c1:ab:59:72:26:60:27:1d:c8:c8:1f:67:ad:
                    5b:5b:e0:4c:b5:1b:67:11:aa:93:2b:22:93:2a:13:
                    21:db:b2:68:c7:5a:ee:85:5c:e2:57:5d:42:58:86:
                    46:8f:fa:c7:8b:97:67:e2:3a:d8:c1:2b:e2:11:03:
                    e9:06:b7:10:6b:84:e3:e7:5d:14:50:b3:76:81:e0:
                    00:ad:37:28:02:1b:b9:92:5b:49:05:86:9a:d2:a9:
                    a5:f7:4a:d8:09:7a:f2:e6:cb:d7:e9:79:f9:9a:8d:
                    f8:14:38:cf:25:3b:60:68:e1:18:62:c2:92:2c:ec:
                    a8:a5:b0:94:bd:28:00:8e:cc:79:f2:b5:fe:80:37:
                    86:9b:8c:27:3b:1a:cc:cf:a5:36:d0:4b:01:2d:c6:
                    8f:70:df:aa:05:e1:9c:3c:38:1f:a4:32:3f:56:a3:
                    09:5c:d6:eb:e1:43:7b:cc:73:fe:67:db:38:d7:03:
                    7b:63:c9:40:1f:75:f8:05:93:0f:73:3b:60:b8:54:
                    2b:ae:66:c9:2b:09:ad:dc:c9:b8:37:2a:ca:50:f0:
                    cf:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:17:C9:05:23:F5:66:41:80:F7:1E:30:60:DD:A2:31:72:E4:CF:75
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a31b25-e927-4ea2-a8a0-20f44b9f4ee7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a31b25-e927-4ea2-a8a0-20f44b9f4ee7/1/VRfJBSP1ZkGA9x4wYN2iMXLkz3U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210546

    Signature Algorithm: sha256WithRSAEncryption
         7e:bd:1c:ea:58:e8:a3:83:2b:04:07:f9:e0:ac:48:5e:31:38:
         0c:75:f5:f1:8c:26:a9:9f:f5:15:d5:bc:18:61:59:b3:d8:2f:
         3e:88:e1:a9:06:ab:92:35:dc:58:dd:7e:b4:d5:a9:09:76:69:
         0d:ab:99:f8:5d:9c:2e:8e:a7:5a:a8:d6:13:50:c6:3a:20:59:
         23:ed:8f:00:33:db:7a:24:9a:de:e0:cf:bd:34:5e:b9:65:71:
         2d:19:6f:fe:fb:4f:8a:32:a4:4f:5e:e1:6f:39:45:2d:e7:f9:
         63:d4:5e:a4:ba:43:8b:a4:77:2e:fb:2f:0a:c3:bc:f7:7a:fe:
         b0:97:85:1f:65:32:ad:a7:7a:90:e0:0d:ac:63:b3:77:d4:9d:
         85:71:3e:f3:92:d4:94:df:98:87:51:87:4d:94:c7:ad:e2:db:
         71:36:ad:fa:27:eb:d4:d5:6c:8e:05:6a:d6:fe:99:3c:a2:9a:
         16:80:34:49:ca:59:04:5f:d6:9d:4a:32:92:2b:c5:a0:d8:89:
         af:72:f7:3b:b3:b5:35:76:f2:22:fd:76:57:7b:aa:d7:90:6a:
         47:26:1c:d0:22:76:c9:e7:f8:82:e7:5f:c3:db:a1:f9:ad:21:
         1f:f0:88:9e:77:b5:e3:b1:76:47:6a:1f:52:24:88:7c:25:72:
         6f:72:b9:f4
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzC2x22NxPDDmu0LqZdcp54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTE3YzkwNTIzZjU2NjQxODBmNzFlMzA2MGRkYTIzMTcyZTRjZjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zlt6Pl5O69Cqv1SVmWkhit42bLl
+SkIpuCnlELaew9rGTvYEqG1PnwsdRMKisGrWXImYCcdyMgfZ61bW+BMtRtnEaqT
KyKTKhMh27Jox1ruhVziV11CWIZGj/rHi5dn4jrYwSviEQPpBrcQa4Tj510UULN2
geAArTcoAhu5kltJBYaa0qml90rYCXry5svX6Xn5mo34FDjPJTtgaOEYYsKSLOyo
pbCUvSgAjsx58rX+gDeGm4wnOxrMz6U20EsBLcaPcN+qBeGcPDgfpDI/VqMJXNbr
4UN7zHP+Z9s41wN7Y8lAH3X4BZMPcztguFQrrmbJKwmt3Mm4NyrKUPDP8QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFFUXyQUj9WZBgPceMGDdojFy5M91MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ4L2EzMWIy
NS1lOTI3LTRlYTItYThhMC0yMGY0NGI5ZjRlZTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDgvYTMxYjI1
LWU5MjctNGVhMi1hOGEwLTIwZjQ0YjlmNGVlNy8xL1ZSZkpCU1AxWmtHQTl4NHdZ
TjJpTVhMa3ozVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM2cjANBgkqhkiG9w0BAQsFAAOCAQEAfr0c6ljoo4Mr
BAf54KxIXjE4DHX18YwmqZ/1FdW8GGFZs9gvPojhqQarkjXcWN1+tNWpCXZpDauZ
+F2cLo6nWqjWE1DGOiBZI+2PADPbeiSa3uDPvTReuWVxLRlv/vtPijKkT17hbzlF
Lef5Y9RepLpDi6R3LvsvCsO893r+sJeFH2Uyrad6kOANrGOzd9SdhXE+85LUlN+Y
h1GHTZTHreLbcTat+ifr1NVsjgVq1v6ZPKKaFoA0ScpZBF/WnUoykivFoNiJr3L3
O7O1NXbyIv12V3uq15BqRyYc0CJ2yef4gudfw9uh+a0hH/CInne147F2R2ofUiSI
fCVyb3K59A==
-----END CERTIFICATE-----