Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aeOtiwIkUhzQrnSSxpS8LU7h_bI.cer
File:                     aeOtiwIkUhzQrnSSxpS8LU7h_bI.cer (raw, json)
Hash identifier:          Xz2TKs1GMABLHWkbEvOIHdT56zRj45W+dsD05iql2KA=
Subject key identifier:   69:E3:AD:8B:02:24:52:1C:D0:AE:74:92:C6:94:BC:2D:4E:E1:FD:B2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D1A9DF0928A5F6EA2F6CF155385B5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/02/bd8ec1-17a4-44df-883d-e97d226fbeea/1/aeOtiwIkUhzQrnSSxpS8LU7h_bI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/02/bd8ec1-17a4-44df-883d-e97d226fbeea/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 203104

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1a:9d:f0:92:8a:5f:6e:a2:f6:cf:15:53:85:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69e3ad8b0224521cd0ae7492c694bc2d4ee1fdb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e7:97:6b:11:7d:43:8e:a2:7f:5a:93:66:ac:
                    fc:10:43:3f:da:98:19:03:41:84:e1:72:fd:80:36:
                    2a:9a:74:a6:24:b6:19:f4:1b:37:2d:65:0a:54:55:
                    ec:44:ef:20:09:b4:80:98:17:63:c0:99:8b:83:87:
                    9d:e8:2f:91:0a:ff:d1:31:1d:b4:b7:4e:65:5c:cd:
                    e9:ca:c4:6b:6f:0f:0d:58:d3:95:3a:28:75:ff:88:
                    c7:b8:d8:bc:88:c8:d0:61:e4:3f:3c:ab:4e:7c:66:
                    cb:04:84:a0:be:ee:14:fa:ea:c0:d7:a0:49:80:ff:
                    c6:98:20:1d:f8:3b:cb:fe:ea:3e:50:52:85:b9:e4:
                    70:19:24:1a:1c:fe:6b:31:5f:1b:a1:b4:af:a8:ef:
                    79:7b:0a:8f:14:27:3b:41:39:7d:34:77:57:76:c4:
                    62:e5:1e:a7:18:7b:20:bd:ed:d8:c2:ff:fb:22:5a:
                    2f:0a:d6:b3:b6:7f:71:9f:95:9a:38:2c:00:dc:df:
                    2a:2c:53:b6:3b:94:1b:18:df:a7:64:b9:e2:a3:eb:
                    51:50:6d:08:c3:d1:0e:2d:ec:c9:ac:4e:24:fb:b3:
                    f2:b0:43:3b:49:d4:25:ba:20:d5:5f:7c:75:9a:23:
                    5f:d3:44:e1:aa:50:84:54:8c:4a:ca:af:5e:1e:05:
                    32:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:E3:AD:8B:02:24:52:1C:D0:AE:74:92:C6:94:BC:2D:4E:E1:FD:B2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/bd8ec1-17a4-44df-883d-e97d226fbeea/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/bd8ec1-17a4-44df-883d-e97d226fbeea/1/aeOtiwIkUhzQrnSSxpS8LU7h_bI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203104

    Signature Algorithm: sha256WithRSAEncryption
         4c:77:1c:fe:a8:85:45:12:21:29:da:07:a4:53:ad:4a:d8:b5:
         c8:0d:28:38:ed:87:43:67:4f:cf:57:cc:14:ca:4f:dd:ec:2e:
         aa:9c:75:09:ce:1c:be:bc:72:e5:fa:af:fb:d8:9f:aa:15:c4:
         41:0e:30:cb:84:ad:f3:ea:65:59:77:fa:61:17:9b:4a:a2:d1:
         9d:68:f9:c7:d5:61:ca:2e:a4:03:55:54:68:5c:32:d6:39:8e:
         dc:80:a9:ab:7a:9e:48:2c:08:2e:e4:11:cc:ef:bc:b2:5b:c4:
         19:c4:bb:1f:c1:72:04:7a:09:c2:cf:0f:fe:ff:79:68:94:1a:
         82:70:30:4d:0e:d4:ce:e8:c5:b9:48:0b:e8:f9:a3:4a:3b:3f:
         74:45:05:06:5f:5c:40:ab:d7:f1:ea:18:8e:29:ad:5f:ab:48:
         c9:78:6f:d0:bb:35:a7:43:f5:1d:44:ec:31:e0:db:67:d5:80:
         f0:bd:65:54:ba:d6:37:ff:c0:45:12:f2:19:fa:5d:ea:18:7a:
         9a:a7:a2:4e:8f:e6:73:56:75:f3:74:5f:71:78:05:a4:24:a4:
         3e:34:54:05:6b:dd:19:37:53:14:74:f0:d2:62:bf:2b:da:8b:
         11:8e:36:ff:42:10:47:7c:5a:9f:12:bf:38:e2:d2:b4:54:6b:
         33:00:08:b9
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzCbRqd8JKKX26i9s8VU4W1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWUzYWQ4YjAyMjQ1MjFjZDBhZTc0OTJjNjk0YmMyZDRlZTFmZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+eXaxF9Q46if1qTZqz8EEM/2pgZ
A0GE4XL9gDYqmnSmJLYZ9Bs3LWUKVFXsRO8gCbSAmBdjwJmLg4ed6C+RCv/RMR20
t05lXM3pysRrbw8NWNOVOih1/4jHuNi8iMjQYeQ/PKtOfGbLBISgvu4U+urA16BJ
gP/GmCAd+DvL/uo+UFKFueRwGSQaHP5rMV8bobSvqO95ewqPFCc7QTl9NHdXdsRi
5R6nGHsgve3Ywv/7IlovCtaztn9xn5WaOCwA3N8qLFO2O5QbGN+nZLnio+tRUG0I
w9EOLezJrE4k+7PysEM7SdQluiDVX3x1miNf00ThqlCEVIxKyq9eHgUyKQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGnjrYsCJFIc0K50ksaUvC1O4f2yMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAyL2JkOGVj
MS0xN2E0LTQ0ZGYtODgzZC1lOTdkMjI2ZmJlZWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvYmQ4ZWMx
LTE3YTQtNDRkZi04ODNkLWU5N2QyMjZmYmVlYS8xL2FlT3Rpd0lrVWh6UXJuU1N4
cFM4TFU3aF9iSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMZYDANBgkqhkiG9w0BAQsFAAOCAQEATHcc/qiFRRIh
KdoHpFOtSti1yA0oOO2HQ2dPz1fMFMpP3ewuqpx1Cc4cvrxy5fqv+9ifqhXEQQ4w
y4St8+plWXf6YRebSqLRnWj5x9Vhyi6kA1VUaFwy1jmO3ICpq3qeSCwILuQRzO+8
slvEGcS7H8FyBHoJws8P/v95aJQagnAwTQ7UzujFuUgL6PmjSjs/dEUFBl9cQKvX
8eoYjimtX6tIyXhv0Ls1p0P1HUTsMeDbZ9WA8L1lVLrWN//ARRLyGfpd6hh6mqei
To/mc1Z183RfcXgFpCSkPjRUBWvdGTdTFHTw0mK/K9qLEY42/0IQR3xanxK/OOLS
tFRrMwAIuQ==
-----END CERTIFICATE-----