Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/apGQNHJrjf745uBc0TTA5IYI_-w.cer
File:                     apGQNHJrjf745uBc0TTA5IYI_-w.cer (raw, json)
Hash identifier:          TfUabTkov/m5eQ8pQilR36GpYgADLbDbduZNcWhOfp8=
Subject key identifier:   6A:91:90:34:72:6B:8D:FE:F8:E6:E0:5C:D1:34:C0:E4:86:08:FF:EC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018DA791EBDD84AC9A1B7B6968F63EE87C41
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/32/f4b951-960a-4832-8863-df33fdca7362/1/apGQNHJrjf745uBc0TTA5IYI_-w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/32/f4b951-960a-4832-8863-df33fdca7362/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 14 Feb 2024 12:22:54 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 41170

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:91:eb:dd:84:ac:9a:1b:7b:69:68:f6:3e:e8:7c:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 14 12:22:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a919034726b8dfef8e6e05cd134c0e48608ffec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:cd:c6:29:90:0b:02:0c:f5:a9:03:69:36:6c:
                    24:e3:bc:88:3d:1d:1a:7f:da:c1:c8:f9:91:9c:e4:
                    ab:7a:4c:da:3c:d8:27:95:09:b4:36:f4:20:b4:4d:
                    4f:bd:d4:a1:c0:46:89:3b:6a:4f:d5:5b:63:50:60:
                    06:2d:2b:8c:f8:18:b4:84:af:ae:87:49:87:6a:a0:
                    7e:06:54:35:85:a6:83:46:28:08:b3:d2:22:89:3b:
                    cf:68:3a:a4:0b:83:4b:4d:0c:e3:6f:df:88:cc:27:
                    cd:37:f7:39:89:ba:22:52:48:ba:b0:94:08:a3:64:
                    92:4e:81:97:d4:4c:ed:59:a9:0d:c2:20:56:89:5b:
                    d5:79:a7:0a:de:ab:6d:7b:bc:51:6c:ad:90:85:24:
                    51:e2:3c:95:24:4c:d0:b5:ee:9c:62:0e:c8:f1:0c:
                    a9:31:8f:ca:fb:9a:a8:3e:2f:d9:03:73:7e:8b:ac:
                    b3:3f:4c:c6:34:61:bf:99:2a:5f:8b:f2:43:e5:84:
                    66:fc:4d:21:6b:55:ca:07:9f:43:62:f6:88:38:2e:
                    4b:b4:e7:80:b2:5d:6e:ed:c7:c0:20:b2:55:d5:56:
                    d0:c5:0f:05:10:da:0c:24:b6:0f:4c:bd:24:95:7f:
                    ce:60:74:49:a1:91:cc:a4:67:87:41:c9:97:7f:1f:
                    1e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:91:90:34:72:6B:8D:FE:F8:E6:E0:5C:D1:34:C0:E4:86:08:FF:EC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/f4b951-960a-4832-8863-df33fdca7362/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/f4b951-960a-4832-8863-df33fdca7362/1/apGQNHJrjf745uBc0TTA5IYI_-w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41170

    Signature Algorithm: sha256WithRSAEncryption
         50:88:2b:22:65:db:3e:87:c2:a6:a8:95:ad:ce:de:be:32:39:
         21:4b:e0:16:31:29:9b:1c:bf:f3:bd:64:4c:98:9e:25:bb:ec:
         5f:bd:ad:a7:43:8b:45:e4:c7:b0:b0:c1:ad:07:14:c0:d9:e7:
         47:74:c8:e1:c7:57:5f:26:ce:6b:10:36:31:32:46:b0:65:71:
         2d:70:e8:f3:d2:21:6e:3c:84:e9:31:f0:f2:92:84:57:d7:e6:
         9f:a6:b4:6b:20:90:47:48:ef:7a:64:7e:6f:05:ec:03:2d:b7:
         3b:55:23:89:44:29:73:f6:18:0a:9c:0e:da:e5:22:8d:31:9d:
         ca:31:ad:24:51:80:08:d0:7e:af:49:c8:57:02:12:7f:e3:88:
         52:f2:46:9c:86:05:cb:2f:0a:a2:c9:ab:9b:33:23:03:6b:49:
         ab:cf:fb:69:95:6f:ab:8b:61:bb:d5:2e:ed:b1:c1:ad:7f:5d:
         04:4f:3e:c0:1a:ec:5c:c4:ea:f4:dd:2a:1b:76:7d:73:f9:91:
         63:ea:38:85:c7:f5:35:89:53:34:8a:b2:53:d9:2d:e4:20:e3:
         5b:3e:9c:5a:df:a7:5c:9d:29:3a:d9:7a:8c:2e:68:fc:f4:e6:
         2c:19:69:8e:d7:15:68:a4:96:a7:07:ee:14:be:56:1e:52:fe:
         66:35:fa:25
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY2nkevdhKyaG3tpaPY+6HxBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjE0MTIyMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTkxOTAzNDcyNmI4ZGZlZjhlNmUwNWNkMTM0YzBlNDg2MDhmZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8s3GKZALAgz1qQNpNmwk47yIPR0a
f9rByPmRnOSrekzaPNgnlQm0NvQgtE1PvdShwEaJO2pP1VtjUGAGLSuM+Bi0hK+u
h0mHaqB+BlQ1haaDRigIs9IiiTvPaDqkC4NLTQzjb9+IzCfNN/c5iboiUki6sJQI
o2SSToGX1EztWakNwiBWiVvVeacK3qtte7xRbK2QhSRR4jyVJEzQte6cYg7I8Qyp
MY/K+5qoPi/ZA3N+i6yzP0zGNGG/mSpfi/JD5YRm/E0ha1XKB59DYvaIOC5LtOeA
sl1u7cfAILJV1VbQxQ8FENoMJLYPTL0klX/OYHRJoZHMpGeHQcmXfx8ehQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGqRkDRya43++ObgXNE0wOSGCP/sMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMyL2Y0Yjk1
MS05NjBhLTQ4MzItODg2My1kZjMzZmRjYTczNjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIvZjRiOTUx
LTk2MGEtNDgzMi04ODYzLWRmMzNmZGNhNzM2Mi8xL2FwR1FOSEpyamY3NDV1QmMw
VFRBNUlZSV8tdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCg0jANBgkqhkiG9w0BAQsFAAOCAQEAUIgrImXbPofC
pqiVrc7evjI5IUvgFjEpmxy/871kTJieJbvsX72tp0OLReTHsLDBrQcUwNnnR3TI
4cdXXybOaxA2MTJGsGVxLXDo89IhbjyE6THw8pKEV9fmn6a0ayCQR0jvemR+bwXs
Ay23O1UjiUQpc/YYCpwO2uUijTGdyjGtJFGACNB+r0nIVwISf+OIUvJGnIYFyy8K
osmrmzMjA2tJq8/7aZVvq4thu9Uu7bHBrX9dBE8+wBrsXMTq9N0qG3Z9c/mRY+o4
hcf1NYlTNIqyU9kt5CDjWz6cWt+nXJ0pOtl6jC5o/PTmLBlpjtcVaKSWpwfuFL5W
HlL+ZjX6JQ==
-----END CERTIFICATE-----