Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3mojECPvX5oxb1o3SWIqmTYM-E.cer
File:                     a3mojECPvX5oxb1o3SWIqmTYM-E.cer (raw, json)
Hash identifier:          YnSrGz20L8nYYY/849U78jnGkBd2uzkystVMl3ftVwc=
Subject key identifier:   6B:79:A8:8C:40:8F:BD:7E:68:C5:BD:68:DD:25:88:AA:64:D8:33:E1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EAEB8F3D2202A3A2D26530B2F2253FAF3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/15/2abcfd-4909-4f00-86fc-254a6cd20116/1/a3mojECPvX5oxb1o3SWIqmTYM-E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/15/2abcfd-4909-4f00-86fc-254a6cd20116/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 05 Apr 2024 14:45:40 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215439

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:b8:f3:d2:20:2a:3a:2d:26:53:0b:2f:22:53:fa:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr  5 14:45:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b79a88c408fbd7e68c5bd68dd2588aa64d833e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:21:e4:29:bc:30:85:e4:59:87:3a:54:40:8c:
                    76:35:1f:9e:b5:a4:c6:9d:77:db:bd:82:a1:ea:00:
                    c3:b4:e2:56:f7:64:2c:38:76:dd:2b:0c:19:b0:3c:
                    fe:0b:b1:28:91:c0:80:6b:a0:d0:41:d9:22:1e:5d:
                    9f:a2:21:32:3e:69:8e:f9:a7:d2:18:13:46:8f:5d:
                    e5:62:6c:c2:24:ed:36:4a:ec:3c:45:b0:98:eb:67:
                    ca:59:4e:90:a5:75:83:2b:40:61:23:00:26:4f:05:
                    9b:d9:ff:1f:af:ce:1c:e0:32:6c:9f:04:66:26:ad:
                    23:43:d1:08:7b:5d:79:0a:22:b2:ee:bd:d7:8f:5e:
                    ad:d8:51:dd:ea:e2:0e:79:f5:ef:5a:e5:cf:4c:cf:
                    30:57:1b:75:d9:67:29:80:de:1b:9c:74:f2:c4:e0:
                    23:3a:b5:ac:8d:8d:71:28:31:3a:b7:0a:46:5d:c9:
                    58:50:51:37:7e:1a:3a:59:12:ed:98:2a:97:c4:19:
                    c9:cc:9c:cc:d3:4a:8f:13:68:5b:4a:95:2e:99:ab:
                    81:47:87:13:9b:da:c5:6c:de:af:0d:64:34:5a:fe:
                    47:43:d7:25:92:50:b3:d9:ec:fc:98:74:fc:66:e1:
                    48:48:17:22:19:28:7f:1c:db:c9:34:aa:98:5d:ad:
                    4b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:79:A8:8C:40:8F:BD:7E:68:C5:BD:68:DD:25:88:AA:64:D8:33:E1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/2abcfd-4909-4f00-86fc-254a6cd20116/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/2abcfd-4909-4f00-86fc-254a6cd20116/1/a3mojECPvX5oxb1o3SWIqmTYM-E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215439

    Signature Algorithm: sha256WithRSAEncryption
         27:11:a6:20:28:04:5b:a3:84:de:7a:17:a5:16:25:cb:1b:bb:
         9f:54:a9:c2:5d:42:e6:16:13:fe:fe:ff:bc:df:10:d5:b7:f2:
         9d:36:d6:bf:9c:a9:e3:df:30:f1:ab:5a:8e:8a:ed:79:b2:24:
         ec:f7:22:a0:16:08:13:35:75:67:1d:70:c7:53:e2:20:ef:b4:
         62:f1:07:19:91:ad:8a:41:e9:b0:b7:ce:58:f5:65:e9:af:30:
         07:bf:31:c0:5f:db:c6:28:13:35:4c:42:73:4f:35:70:5d:6c:
         4a:2b:c5:39:c7:d8:ee:62:28:84:4b:33:ae:68:b0:0a:43:c8:
         f3:34:51:3a:29:0e:1c:7a:44:57:27:f5:bb:eb:88:40:53:eb:
         3b:f0:c3:c6:ae:e0:39:86:ee:5d:3a:7c:60:d4:cb:bd:fc:7f:
         2a:9d:61:c1:32:32:0b:31:03:28:84:0c:4f:19:42:a4:c2:9a:
         b0:ef:20:6c:0f:04:2b:cb:1b:11:05:43:7c:cc:db:bf:eb:d3:
         08:bd:64:aa:69:8e:e2:5c:77:2a:62:f5:e4:49:b4:ba:b9:b2:
         f5:8a:c5:2d:86:60:df:dd:28:9f:5d:16:05:fc:df:63:4a:3c:
         08:49:7a:15:ba:05:4a:f4:3b:12:84:55:0e:cb:87:9a:cc:d0:
         0f:34:73:32
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY6uuPPSICo6LSZTCy8iU/rzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDA1MTQ0NTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjc5YTg4YzQwOGZiZDdlNjhjNWJkNjhkZDI1ODhhYTY0ZDgzM2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCHkKbwwheRZhzpUQIx2NR+etaTG
nXfbvYKh6gDDtOJW92QsOHbdKwwZsDz+C7EokcCAa6DQQdkiHl2foiEyPmmO+afS
GBNGj13lYmzCJO02Suw8RbCY62fKWU6QpXWDK0BhIwAmTwWb2f8fr84c4DJsnwRm
Jq0jQ9EIe115CiKy7r3Xj16t2FHd6uIOefXvWuXPTM8wVxt12WcpgN4bnHTyxOAj
OrWsjY1xKDE6twpGXclYUFE3fho6WRLtmCqXxBnJzJzM00qPE2hbSpUumauBR4cT
m9rFbN6vDWQ0Wv5HQ9clklCz2ez8mHT8ZuFISBciGSh/HNvJNKqYXa1L/wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGt5qIxAj71+aMW9aN0liKpk2DPhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE1LzJhYmNm
ZC00OTA5LTRmMDAtODZmYy0yNTRhNmNkMjAxMTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTUvMmFiY2Zk
LTQ5MDktNGYwMC04NmZjLTI1NGE2Y2QyMDExNi8xL2EzbW9qRUNQdlg1b3hiMW8z
U1dJcW1UWU0tRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNJjzANBgkqhkiG9w0BAQsFAAOCAQEAJxGmICgEW6OE
3noXpRYlyxu7n1Spwl1C5hYT/v7/vN8Q1bfynTbWv5yp498w8atajortebIk7Pci
oBYIEzV1Zx1wx1PiIO+0YvEHGZGtikHpsLfOWPVl6a8wB78xwF/bxigTNUxCc081
cF1sSivFOcfY7mIohEszrmiwCkPI8zRROikOHHpEVyf1u+uIQFPrO/DDxq7gOYbu
XTp8YNTLvfx/Kp1hwTIyCzEDKIQMTxlCpMKasO8gbA8EK8sbEQVDfMzbv+vTCL1k
qmmO4lx3KmL15Em0urmy9YrFLYZg390on10WBfzfY0o8CEl6FboFSvQ7EoRVDsuH
mszQDzRzMg==
-----END CERTIFICATE-----