Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/adA-sSuz_i5OlkUcnMPvjunTtfU.cer
File:                     adA-sSuz_i5OlkUcnMPvjunTtfU.cer (raw, json)
Hash identifier:          xNRhPtuXb81fpF0U9u3nX3hihlWimcW4ELFfiHgs6mw=
Subject key identifier:   69:D0:3E:B1:2B:B3:FE:2E:4E:96:45:1C:9C:C3:EF:8E:E9:D3:B5:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6F0A863E104F7C60F172A0538DB0B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6c/829bc6-ee1c-45a3-bcdd-057cee05e0e3/1/adA-sSuz_i5OlkUcnMPvjunTtfU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6c/829bc6-ee1c-45a3-bcdd-057cee05e0e3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 21439

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f0:a8:63:e1:04:f7:c6:0f:17:2a:05:38:db:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69d03eb12bb3fe2e4e96451c9cc3ef8ee9d3b5f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9a:f6:86:2a:b0:3c:b9:91:f9:d7:08:2e:8c:
                    ff:e6:47:84:29:bd:af:7e:e4:92:17:25:9f:a6:a6:
                    4e:3b:76:11:c0:dc:f4:3f:84:5d:fe:3a:1d:1c:23:
                    21:92:5f:50:79:4d:8e:b3:d6:b5:29:e8:1b:f6:8e:
                    57:78:10:3f:db:1f:f8:2b:65:d0:3b:d4:1c:14:1d:
                    8a:40:ec:4c:c7:c9:bc:36:f9:bb:1b:f3:75:6c:1e:
                    c3:91:ab:4e:45:fc:fb:86:9e:a4:4e:9f:12:61:bd:
                    3c:db:d3:38:3f:95:5a:2a:b8:2a:01:72:ce:70:a4:
                    41:f4:bb:8e:8f:f6:5f:a8:9c:e3:95:80:40:cf:ab:
                    c6:67:08:6e:4f:65:89:36:07:94:06:88:35:b8:f1:
                    35:a9:4a:9e:88:7b:d2:8c:cb:4c:38:36:c5:55:c1:
                    95:56:03:1e:3d:0c:cf:d3:df:95:05:a1:0b:85:3e:
                    1d:4a:37:87:f0:70:c8:51:d4:6d:d6:0a:73:29:70:
                    10:dc:83:d4:d7:00:19:70:bd:a5:8c:6a:6a:83:db:
                    fb:05:3c:43:7a:87:cb:f9:32:b4:0e:78:d1:8c:5d:
                    46:a0:5e:07:94:8e:5f:25:50:97:7f:d5:77:d2:d7:
                    62:ab:a5:4c:c1:d1:68:b8:83:a7:ed:97:11:44:b8:
                    ab:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D0:3E:B1:2B:B3:FE:2E:4E:96:45:1C:9C:C3:EF:8E:E9:D3:B5:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/829bc6-ee1c-45a3-bcdd-057cee05e0e3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/829bc6-ee1c-45a3-bcdd-057cee05e0e3/1/adA-sSuz_i5OlkUcnMPvjunTtfU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  21439

    Signature Algorithm: sha256WithRSAEncryption
         94:7b:d2:19:2b:53:97:1e:5c:66:5e:cb:96:17:74:0f:57:f0:
         db:ed:0e:80:89:1a:86:63:89:56:10:39:49:5f:a0:80:9b:88:
         67:2d:38:61:71:79:5d:27:65:25:a2:e4:e2:86:3b:9e:66:bd:
         45:fb:48:04:2f:a3:a7:e6:02:fd:bc:db:6f:0b:f2:53:8b:61:
         84:f2:93:cd:db:6b:93:86:37:1f:0b:dd:81:1b:b4:81:e6:5c:
         cc:8f:54:d8:ac:15:94:7e:a3:74:4c:9e:af:05:54:b4:3b:41:
         b1:b1:cb:ba:ab:ee:ce:7b:a9:c0:65:96:37:7f:99:e8:bd:d9:
         54:2a:74:8f:cc:04:63:f3:7b:2d:df:6c:4a:8a:ea:91:9f:16:
         06:ff:ed:a7:44:f2:cd:33:58:33:e3:33:34:5e:32:3a:4d:28:
         6f:e7:b6:20:20:d9:2b:02:95:87:89:73:1c:73:6c:e7:d3:c1:
         41:0b:85:58:60:f2:c9:a9:77:5c:7c:08:ec:46:3c:3d:81:35:
         c2:87:f1:64:ea:40:bf:ca:f2:67:a9:f4:9d:eb:ca:67:3d:25:
         00:c6:50:a3:ba:87:1a:c9:ea:51:80:40:93:be:eb:ed:5d:64:
         40:29:a7:51:4a:a0:72:39:65:8b:45:e2:ed:29:36:37:90:26:
         63:fa:ab:3c
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYzDtvCoY+EE98YPFyoFONsLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWQwM2ViMTJiYjNmZTJlNGU5NjQ1MWM5Y2MzZWY4ZWU5ZDNiNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpr2hiqwPLmR+dcILoz/5keEKb2v
fuSSFyWfpqZOO3YRwNz0P4Rd/jodHCMhkl9QeU2Os9a1Kegb9o5XeBA/2x/4K2XQ
O9QcFB2KQOxMx8m8Nvm7G/N1bB7DkatORfz7hp6kTp8SYb0829M4P5VaKrgqAXLO
cKRB9LuOj/ZfqJzjlYBAz6vGZwhuT2WJNgeUBog1uPE1qUqeiHvSjMtMODbFVcGV
VgMePQzP09+VBaELhT4dSjeH8HDIUdRt1gpzKXAQ3IPU1wAZcL2ljGpqg9v7BTxD
eofL+TK0DnjRjF1GoF4HlI5fJVCXf9V30tdiq6VMwdFouIOn7ZcRRLirJQIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFGnQPrErs/4uTpZFHJzD747p07X1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZjLzgyOWJj
Ni1lZTFjLTQ1YTMtYmNkZC0wNTdjZWUwNWUwZTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmMvODI5YmM2
LWVlMWMtNDVhMy1iY2RkLTA1N2NlZTA1ZTBlMy8xL2FkQS1zU3V6X2k1T2xrVWNu
TVB2anVuVHRmVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBkGCCsGAQUF
BwEIAQH/BAowCKAGMAQCAlO/MA0GCSqGSIb3DQEBCwUAA4IBAQCUe9IZK1OXHlxm
XsuWF3QPV/Db7Q6AiRqGY4lWEDlJX6CAm4hnLThhcXldJ2UlouTihjueZr1F+0gE
L6On5gL9vNtvC/JTi2GE8pPN22uThjcfC92BG7SB5lzMj1TYrBWUfqN0TJ6vBVS0
O0Gxscu6q+7Oe6nAZZY3f5novdlUKnSPzARj83st32xKiuqRnxYG/+2nRPLNM1gz
4zM0XjI6TShv57YgINkrApWHiXMcc2zn08FBC4VYYPLJqXdcfAjsRjw9gTXCh/Fk
6kC/yvJnqfSd68pnPSUAxlCjuocayepRgECTvuvtXWRAKadRSqByOWWLReLtKTY3
kCZj+qs8
-----END CERTIFICATE-----