Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_zODjDqc_mwTG-8VK235C0nIO_g.cer
File:                     _zODjDqc_mwTG-8VK235C0nIO_g.cer (raw, json)
Hash identifier:          TYtSOKmsAZHEZYrRPImVgLewl8UWaj8L3VapyMoEGRw=
Subject key identifier:   FF:33:83:8C:3A:9C:FE:6C:13:1B:EF:15:2B:6D:F9:0B:49:C8:3B:F8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018DC1C3640878D4B0E17719D04017916378
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/43/9901bb-0a31-4e86-9d80-48f11608b1c6/1/_zODjDqc_mwTG-8VK235C0nIO_g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/43/9901bb-0a31-4e86-9d80-48f11608b1c6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 19 Feb 2024 14:27:04 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215472

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:c3:64:08:78:d4:b0:e1:77:19:d0:40:17:91:63:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 19 14:27:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff33838c3a9cfe6c131bef152b6df90b49c83bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:af:36:ac:93:66:2f:a9:31:a5:a1:0e:9c:bf:
                    90:f1:bb:ff:ab:47:c9:66:74:cc:73:c0:08:7f:13:
                    d8:0e:51:fd:f5:e6:17:90:ad:86:ef:95:59:3c:61:
                    a3:a0:2a:77:fd:b3:52:00:95:77:51:81:9d:af:9d:
                    15:22:37:73:16:41:07:48:b7:ff:b1:99:ea:29:46:
                    01:a8:4a:26:4f:4d:fb:69:83:0b:23:51:2c:14:cf:
                    79:11:a3:fc:92:ff:5e:f1:00:aa:b7:cf:e7:6a:2a:
                    5d:08:c6:e8:db:e1:8c:a4:27:cf:b0:3a:03:bc:95:
                    22:c5:57:b6:21:9b:a7:8b:6b:d6:0b:cf:4d:1a:ba:
                    48:dd:83:9b:e0:3c:3b:ab:9d:aa:02:96:73:c4:6b:
                    9a:b6:7d:99:28:96:45:02:c3:14:b3:8d:13:57:63:
                    56:42:07:49:02:68:df:c9:9e:82:d2:f7:de:22:d7:
                    10:46:f2:38:f5:a0:10:ce:4f:99:37:e5:29:b2:e6:
                    29:59:06:7e:96:28:66:31:cf:a1:4b:90:a0:32:fc:
                    80:0c:52:c1:80:e6:54:aa:19:3b:0d:2c:8c:1f:4a:
                    08:d2:06:4e:eb:91:93:76:af:94:f9:6f:e5:dd:e8:
                    ce:a7:e1:55:0e:6c:17:aa:e0:b3:9c:49:16:52:1f:
                    25:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:33:83:8C:3A:9C:FE:6C:13:1B:EF:15:2B:6D:F9:0B:49:C8:3B:F8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9901bb-0a31-4e86-9d80-48f11608b1c6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9901bb-0a31-4e86-9d80-48f11608b1c6/1/_zODjDqc_mwTG-8VK235C0nIO_g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215472

    Signature Algorithm: sha256WithRSAEncryption
         ab:20:73:5a:f3:fc:e8:a9:89:06:a0:79:a1:5f:14:32:de:64:
         56:67:26:27:7b:35:3e:e2:83:51:8f:28:d0:e5:d0:8b:85:0a:
         d3:56:d5:65:b6:ba:bc:e6:b6:76:f0:3d:21:cb:1b:a2:d0:30:
         72:bf:5a:e0:aa:6b:80:c6:8f:e2:b4:83:a3:28:8e:5a:c2:65:
         13:87:93:12:14:a4:c6:74:e8:7a:5f:a5:91:65:34:f6:c5:84:
         11:2e:d1:07:17:47:f0:71:d8:1d:b2:ca:46:4a:35:40:ef:cb:
         aa:af:bb:73:6a:e2:17:f6:55:70:8b:88:b7:6a:61:a1:40:69:
         8b:1d:c9:a7:0f:fc:1a:6f:04:3e:f1:4b:fa:1c:4d:37:22:0a:
         ac:cd:a7:a2:36:c8:92:87:34:28:fd:23:f9:e0:36:e5:e3:91:
         2f:1a:d4:b8:78:4d:6f:68:5d:a1:b1:06:30:b0:48:04:99:5c:
         54:ee:ee:d0:3a:b6:6c:ad:e6:94:71:85:7f:80:93:b3:cb:d1:
         4a:16:df:c1:e5:31:c2:4a:a4:e0:d6:a8:7d:95:17:e9:c9:75:
         90:d5:b3:1d:57:72:89:99:b8:2f:2c:91:e9:4d:20:d8:8f:f0:
         28:3b:b1:30:6d:45:36:c7:61:d9:12:8f:ee:cf:cc:2e:94:16:
         40:b6:da:67
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY3Bw2QIeNSw4XcZ0EAXkWN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjE5MTQyNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjMzODM4YzNhOWNmZTZjMTMxYmVmMTUyYjZkZjkwYjQ5YzgzYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn682rJNmL6kxpaEOnL+Q8bv/q0fJ
ZnTMc8AIfxPYDlH99eYXkK2G75VZPGGjoCp3/bNSAJV3UYGdr50VIjdzFkEHSLf/
sZnqKUYBqEomT037aYMLI1EsFM95EaP8kv9e8QCqt8/naipdCMbo2+GMpCfPsDoD
vJUixVe2IZuni2vWC89NGrpI3YOb4Dw7q52qApZzxGuatn2ZKJZFAsMUs40TV2NW
QgdJAmjfyZ6C0vfeItcQRvI49aAQzk+ZN+UpsuYpWQZ+lihmMc+hS5CgMvyADFLB
gOZUqhk7DSyMH0oI0gZO65GTdq+U+W/l3ejOp+FVDmwXquCznEkWUh8lsQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFP8zg4w6nP5sExvvFStt+QtJyDv4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQzLzk5MDFi
Yi0wYTMxLTRlODYtOWQ4MC00OGYxMTYwOGIxYzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDMvOTkwMWJi
LTBhMzEtNGU4Ni05ZDgwLTQ4ZjExNjA4YjFjNi8xL196T0RqRHFjX213VEctOFZL
MjM1QzBuSU9fZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNJsDANBgkqhkiG9w0BAQsFAAOCAQEAqyBzWvP86KmJ
BqB5oV8UMt5kVmcmJ3s1PuKDUY8o0OXQi4UK01bVZba6vOa2dvA9IcsbotAwcr9a
4KprgMaP4rSDoyiOWsJlE4eTEhSkxnToel+lkWU09sWEES7RBxdH8HHYHbLKRko1
QO/Lqq+7c2riF/ZVcIuIt2phoUBpix3Jpw/8Gm8EPvFL+hxNNyIKrM2nojbIkoc0
KP0j+eA25eORLxrUuHhNb2hdobEGMLBIBJlcVO7u0Dq2bK3mlHGFf4CTs8vRShbf
weUxwkqk4NaofZUX6cl1kNWzHVdyiZm4LyyR6U0g2I/wKDuxMG1FNsdh2RKP7s/M
LpQWQLbaZw==
-----END CERTIFICATE-----