Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Z8x03cxYR3PU-dUOPlsnu2Abios.cer
File:                     Z8x03cxYR3PU-dUOPlsnu2Abios.cer (raw, json)
Hash identifier:          RXjqR1eYb0GEc8XfVFQCctvSonxsT15NavAn6RqjNNk=
Subject key identifier:   67:CC:74:DD:CC:58:47:73:D4:F9:D5:0E:3E:5B:27:BB:60:1B:8A:8B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9B8849AE1F48CDD5E79AE63FACB661B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/28/ddf54f-d42c-45c6-8157-0fee9e064615/1/Z8x03cxYR3PU-dUOPlsnu2Abios.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/28/ddf54f-d42c-45c6-8157-0fee9e064615/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:29:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 205684
                          IP: 2001:678:d04::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b8:84:9a:e1:f4:8c:dd:5e:79:ae:63:fa:cb:66:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67cc74ddcc584773d4f9d50e3e5b27bb601b8a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a2:02:8d:0e:af:fd:32:c2:16:77:ca:1a:36:
                    a4:af:03:97:56:76:7c:a5:fc:b3:79:97:56:05:74:
                    bc:08:66:c9:ae:60:04:b0:7b:e5:9a:1f:55:5d:04:
                    09:c0:ff:93:b8:45:6b:09:f5:11:49:d7:c5:af:ff:
                    cf:5d:d1:ff:2c:8e:ff:4c:45:24:25:f4:84:e3:d3:
                    0d:d8:1d:e1:c6:3c:38:b4:3e:ad:d6:c6:26:4c:c8:
                    5e:02:22:6e:f2:42:4b:ce:f4:08:86:69:0b:bf:45:
                    a5:cf:65:58:2f:56:3f:95:cb:e2:1a:6d:c3:a9:3a:
                    27:17:16:cf:68:9b:f6:b0:d6:f6:2f:4c:fc:81:df:
                    28:c6:f4:55:b4:fa:7d:54:8f:38:4b:5a:53:37:ea:
                    46:ee:1a:e9:82:29:55:29:43:14:a0:f3:38:6a:aa:
                    5b:c4:e4:57:b0:b4:e1:a9:4b:45:f4:60:b9:0a:e1:
                    39:90:7e:b9:89:03:d4:ad:15:b0:c2:2d:fb:88:0c:
                    02:83:50:95:87:bc:5b:9b:e0:ff:88:f7:01:eb:3b:
                    c7:ca:6a:6d:79:bc:5f:21:fe:df:6f:ec:03:48:3d:
                    2f:c6:9c:d2:6e:db:f8:65:8d:f3:f0:55:13:02:f4:
                    e4:ea:dd:79:55:34:3b:d1:72:2e:2d:b3:ee:ec:fa:
                    27:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:CC:74:DD:CC:58:47:73:D4:F9:D5:0E:3E:5B:27:BB:60:1B:8A:8B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ddf54f-d42c-45c6-8157-0fee9e064615/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ddf54f-d42c-45c6-8157-0fee9e064615/1/Z8x03cxYR3PU-dUOPlsnu2Abios.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d04::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205684

    Signature Algorithm: sha256WithRSAEncryption
         6d:ca:12:ea:aa:cc:26:f5:13:b1:86:3a:c1:2f:63:85:13:fc:
         88:fe:26:a3:c8:bb:7b:e8:7d:6c:5e:c9:2a:af:88:0b:9a:8a:
         e8:ff:53:6d:97:41:15:de:7c:e3:95:61:2a:ae:fc:58:54:05:
         0a:b6:75:f2:7b:68:95:c7:94:ab:f2:6b:ff:ca:35:f3:3a:f5:
         04:78:8a:db:c3:b1:45:7f:86:9b:02:b2:92:e8:72:34:16:08:
         62:b6:5f:36:60:a3:9f:dd:b1:55:d5:e6:92:44:96:78:44:ba:
         0c:02:1a:76:68:5d:c8:b1:25:d2:ce:2c:c0:5e:c7:1d:31:08:
         03:01:5a:26:18:47:76:49:58:f5:0b:87:65:f1:89:a9:94:a0:
         4f:1c:03:a8:56:5b:3c:b0:fb:6f:d2:93:bc:00:3e:6b:a4:e9:
         e3:c2:3f:e2:7f:61:d2:d4:1d:d9:3e:12:d7:ee:29:16:c3:89:
         0f:9b:5c:0f:84:7b:1d:ab:37:68:a3:30:4f:af:20:95:4d:c1:
         51:be:dc:64:ce:72:50:04:1c:61:23:a9:ae:8b:50:34:4e:59:
         f8:ab:4d:65:79:03:f1:11:3c:46:2d:c0:ca:ff:63:c7:74:90:
         a5:fa:74:6e:e3:fa:19:a5:41:2b:67:8d:79:3f:f7:8e:55:0c:
         58:cb:65:d7
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzJuISa4fSM3V55rmP6y2YbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NjNzRkZGNjNTg0NzczZDRmOWQ1MGUzZTViMjdiYjYwMWI4YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6ICjQ6v/TLCFnfKGjakrwOXVnZ8
pfyzeZdWBXS8CGbJrmAEsHvlmh9VXQQJwP+TuEVrCfURSdfFr//PXdH/LI7/TEUk
JfSE49MN2B3hxjw4tD6t1sYmTMheAiJu8kJLzvQIhmkLv0Wlz2VYL1Y/lcviGm3D
qTonFxbPaJv2sNb2L0z8gd8oxvRVtPp9VI84S1pTN+pG7hrpgilVKUMUoPM4aqpb
xORXsLThqUtF9GC5CuE5kH65iQPUrRWwwi37iAwCg1CVh7xbm+D/iPcB6zvHympt
ebxfIf7fb+wDSD0vxpzSbtv4ZY3z8FUTAvTk6t15VTQ70XIuLbPu7PonCQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFGfMdN3MWEdz1PnVDj5bJ7tgG4qLMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI4L2RkZjU0
Zi1kNDJjLTQ1YzYtODE1Ny0wZmVlOWUwNjQ2MTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjgvZGRmNTRm
LWQ0MmMtNDVjNi04MTU3LTBmZWU5ZTA2NDYxNS8xL1o4eDAzY3hZUjNQVS1kVU9Q
bHNudTJBYmlvcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0EMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMjdDANBgkqhkiG9w0BAQsFAAOCAQEAbcoS6qrMJvUTsYY6wS9jhRP8iP4m
o8i7e+h9bF7JKq+IC5qK6P9TbZdBFd5845VhKq78WFQFCrZ18ntolceUq/Jr/8o1
8zr1BHiK28OxRX+GmwKykuhyNBYIYrZfNmCjn92xVdXmkkSWeES6DAIadmhdyLEl
0s4swF7HHTEIAwFaJhhHdklY9QuHZfGJqZSgTxwDqFZbPLD7b9KTvAA+a6Tp48I/
4n9h0tQd2T4S1+4pFsOJD5tcD4R7Has3aKMwT68glU3BUb7cZM5yUAQcYSOprotQ
NE5Z+KtNZXkD8RE8Ri3Ayv9jx3SQpfp0buP6GaVBK2eNeT/3jlUMWMtl1w==
-----END CERTIFICATE-----