Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aCf2BHqADr5LDcYpnAhO8F4Kqt4.cer
File:                     aCf2BHqADr5LDcYpnAhO8F4Kqt4.cer (raw, json)
Hash identifier:          o5Wsiotyxb09kIyLQKFLJe7S8i5y/mDORIbLB0RZWt0=
Subject key identifier:   68:27:F6:04:7A:80:0E:BE:4B:0D:C6:29:9C:08:4E:F0:5E:0A:AA:DE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01917FC6F3792122263B556B3914FB395B0D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/9af6c38e-8050-483d-a2cb-a61c9e2aa468/0/6827F6047A800EBE4B0DC6299C084EF05E0AAADE.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/9af6c38e-8050-483d-a2cb-a61c9e2aa468/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 23 Aug 2024 15:07:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214522

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7f:c6:f3:79:21:22:26:3b:55:6b:39:14:fb:39:5b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 23 15:07:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6827f6047a800ebe4b0dc6299c084ef05e0aaade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:4f:0c:c4:65:d8:43:a6:fa:21:de:d2:3f:ff:
                    f1:e2:50:b5:fe:f1:3d:70:41:3a:1d:2c:ce:32:ca:
                    0b:19:f3:4a:30:28:d6:21:5e:5f:bb:76:0f:ce:bd:
                    1c:10:98:30:2f:b0:37:dd:d6:8f:53:2e:4a:c1:56:
                    7d:cc:69:9e:df:05:19:ae:bd:08:00:41:2f:60:c2:
                    8e:c6:87:d4:ea:fc:64:be:10:df:a5:d6:03:b1:c9:
                    98:03:5b:97:f7:6e:96:4b:e8:81:67:99:6b:70:e0:
                    3d:f0:81:96:99:f1:65:fa:9b:65:d8:fc:ec:82:4d:
                    cf:7c:99:8d:04:9a:58:96:f8:c3:ce:cb:9a:32:c4:
                    71:24:86:99:e3:80:cc:8d:89:11:c0:d0:17:cb:e0:
                    66:39:03:6f:80:a3:c0:f1:73:26:cc:02:6b:a1:e9:
                    07:07:96:d1:e7:33:fc:f7:ce:de:28:18:65:1a:d6:
                    4b:7f:95:02:de:45:83:65:fd:2b:66:4a:6b:e3:11:
                    e4:83:13:58:90:38:f8:63:2c:db:c8:f1:0d:e1:a4:
                    8a:8e:b4:56:e2:5c:c0:a4:33:ba:d6:58:27:b1:58:
                    bb:c2:00:77:17:da:ab:8a:8b:78:34:ae:51:26:f8:
                    e0:1a:3b:35:cd:8a:cb:e7:e7:c5:40:a8:6f:03:c3:
                    ca:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:27:F6:04:7A:80:0E:BE:4B:0D:C6:29:9C:08:4E:F0:5E:0A:AA:DE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/9af6c38e-8050-483d-a2cb-a61c9e2aa468/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/9af6c38e-8050-483d-a2cb-a61c9e2aa468/0/6827F6047A800EBE4B0DC6299C084EF05E0AAADE.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214522

    Signature Algorithm: sha256WithRSAEncryption
         9d:c4:fa:3e:1f:a4:cc:cd:a4:f4:3f:bf:c7:80:70:b1:dc:62:
         f6:18:eb:00:18:cd:8a:ed:6b:15:cc:87:c9:2a:6a:8e:95:01:
         55:47:bc:d6:b1:89:bd:df:99:4e:e0:d7:ce:bf:63:7b:9b:5a:
         37:69:bb:93:b1:fa:5b:03:4f:5e:cd:f9:6c:40:fd:46:13:44:
         e5:72:46:69:43:66:f9:62:5a:ff:40:06:27:28:9e:65:f4:61:
         b9:92:98:dc:23:9f:44:01:bd:14:9f:80:0a:ba:5e:87:a5:5e:
         2b:15:7a:1b:43:b6:09:84:49:a9:a2:c7:d0:9e:42:50:8d:39:
         e9:3c:68:5a:3d:74:b5:ef:40:84:24:40:8c:9f:c2:15:d4:0a:
         c3:12:80:1c:79:21:eb:a9:a5:fe:56:1a:10:92:98:c8:62:23:
         19:5d:69:cd:4d:78:52:76:7d:27:ad:33:3c:03:45:61:cb:a9:
         e1:15:c8:9b:12:7a:19:d4:bd:14:54:ae:fd:71:1e:61:2f:fb:
         93:f0:1f:26:6c:fc:2f:e2:6b:85:76:7c:68:61:ef:bb:16:a0:
         68:5b:57:94:3d:79:79:e9:fb:15:45:c1:6e:69:88:2b:5c:a4:
         ef:89:29:4f:ad:ac:ca:01:f4:e9:61:2a:0b:5e:92:f4:9a:97:
         3f:76:c9:66
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZF/xvN5ISImO1VrORT7OVsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODIzMTUwNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODI3ZjYwNDdhODAwZWJlNGIwZGM2Mjk5YzA4NGVmMDVlMGFhYWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/k8MxGXYQ6b6Id7SP//x4lC1/vE9
cEE6HSzOMsoLGfNKMCjWIV5fu3YPzr0cEJgwL7A33daPUy5KwVZ9zGme3wUZrr0I
AEEvYMKOxofU6vxkvhDfpdYDscmYA1uX926WS+iBZ5lrcOA98IGWmfFl+ptl2Pzs
gk3PfJmNBJpYlvjDzsuaMsRxJIaZ44DMjYkRwNAXy+BmOQNvgKPA8XMmzAJroekH
B5bR5zP8987eKBhlGtZLf5UC3kWDZf0rZkpr4xHkgxNYkDj4YyzbyPEN4aSKjrRW
4lzApDO61lgnsVi7wgB3F9qriot4NK5RJvjgGjs1zYrL5+fFQKhvA8PKkQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFGgn9gR6gA6+Sw3GKZwITvBeCqreMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzlhZjZj
MzhlLTgwNTAtNDgzZC1hMmNiLWE2MWM5ZTJhYTQ2OC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWFm
NmMzOGUtODA1MC00ODNkLWEyY2ItYTYxYzllMmFhNDY4LzAvNjgyN0Y2MDQ3QTgw
MEVCRTRCMERDNjI5OUMwODRFRjA1RTBBQUFERS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDRfow
DQYJKoZIhvcNAQELBQADggEBAJ3E+j4fpMzNpPQ/v8eAcLHcYvYY6wAYzYrtaxXM
h8kqao6VAVVHvNaxib3fmU7g186/Y3ubWjdpu5Ox+lsDT17N+WxA/UYTROVyRmlD
ZvliWv9ABiconmX0YbmSmNwjn0QBvRSfgAq6XoelXisVehtDtgmESamix9CeQlCN
Oek8aFo9dLXvQIQkQIyfwhXUCsMSgBx5Ieuppf5WGhCSmMhiIxldac1NeFJ2fSet
MzwDRWHLqeEVyJsSehnUvRRUrv1xHmEv+5PwHyZs/C/ia4V2fGhh77sWoGhbV5Q9
eXnp+xVFwW5piCtcpO+JKU+trMoB9OlhKgtekvSalz92yWY=
-----END CERTIFICATE-----