Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dOkZZagJ0axaoPDQVQassN2wKrg.cer
File:                     dOkZZagJ0axaoPDQVQassN2wKrg.cer (raw, json)
Hash identifier:          JqLIx+FvaDR/pcY5xSMsd5hL20My56A1oMXiHeLYbCg=
Subject key identifier:   74:E9:19:65:A8:09:D1:AC:5A:A0:F0:D0:55:06:AC:B0:DD:B0:2A:B8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0192BBB4064B2D328360644FBD0A5F47E9EB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/0/74E91965A809D1AC5AA0F0D05506ACB0DDB02AB8.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 23 Oct 2024 23:26:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214451

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bb:b4:06:4b:2d:32:83:60:64:4f:bd:0a:5f:47:e9:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 23 23:26:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74e91965a809d1ac5aa0f0d05506acb0ddb02ab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a7:59:29:47:70:41:9c:3c:51:ea:c6:78:b3:
                    f5:a0:d9:c0:d0:b9:e3:a2:02:f9:4c:7e:1f:0d:78:
                    a3:4c:7a:d6:95:eb:a5:af:7e:34:c5:82:a1:eb:4f:
                    e8:a3:63:9d:b6:e3:0a:95:75:f7:47:58:0e:77:b2:
                    2d:82:ae:b2:64:10:1a:e5:68:f0:e7:1b:6b:a5:e4:
                    44:b9:c6:53:e8:88:6d:46:19:66:a4:25:0d:76:c9:
                    5b:2c:04:a6:28:35:4b:7f:dc:d3:47:1c:8c:fa:76:
                    c3:2c:74:d8:ea:c3:c0:09:dc:96:03:f0:e9:f0:45:
                    99:b4:8d:a6:43:0f:6f:90:54:9a:81:3e:c8:71:03:
                    1f:ef:55:09:2e:14:77:81:48:20:5f:39:13:10:ac:
                    73:e2:4a:61:40:94:8d:29:e6:92:f6:ec:16:53:76:
                    75:97:c4:b9:82:e7:a3:0a:a0:87:d2:9c:6b:ae:7e:
                    86:52:0f:c7:2e:1c:59:1e:49:91:9a:fe:ad:41:4a:
                    27:38:6a:21:4c:3d:fe:98:b7:80:02:89:c4:d3:c6:
                    64:27:32:0d:25:e6:59:6b:c2:d3:00:4d:ba:86:47:
                    26:7a:15:ac:1f:01:ac:d3:95:70:4d:49:88:48:a9:
                    62:14:59:ad:89:45:b2:6f:54:5c:0c:1e:86:3a:1a:
                    1a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E9:19:65:A8:09:D1:AC:5A:A0:F0:D0:55:06:AC:B0:DD:B0:2A:B8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/0/74E91965A809D1AC5AA0F0D05506ACB0DDB02AB8.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214451

    Signature Algorithm: sha256WithRSAEncryption
         a8:40:bc:60:cb:c8:86:26:19:b9:10:cd:83:97:7c:ec:51:2a:
         49:0d:c1:2e:e8:fd:6e:23:23:00:47:bd:59:ab:d9:2a:b0:ec:
         29:50:23:fa:3d:2e:0a:80:84:8c:6c:0a:8d:7a:9c:90:49:a1:
         62:e7:db:32:bf:a7:72:0a:5e:20:5e:01:c3:0f:60:8b:11:22:
         94:d3:01:7b:2b:0f:f8:d5:66:c6:6b:54:c7:d2:80:8d:2a:ed:
         f2:0a:d5:21:aa:43:31:51:ff:2e:12:ab:9e:0b:53:bd:f8:42:
         a6:50:b2:26:80:68:78:e4:44:3f:de:6a:c6:32:b0:78:59:77:
         28:ac:53:e5:4d:4e:c3:b8:d2:12:b9:23:e1:2d:2c:4f:e4:d8:
         72:7b:5e:f3:4d:d5:2d:98:cf:84:02:21:cd:ca:fd:c3:02:48:
         ec:84:d2:87:2e:80:38:48:9e:95:43:38:98:41:73:d1:52:8c:
         2f:e7:b9:23:51:31:b1:4f:ba:8b:49:c4:b7:93:20:42:91:b0:
         ab:74:01:6f:88:2a:de:40:33:da:a2:27:61:c9:c9:32:9f:17:
         44:bd:a4:09:94:79:81:f6:20:21:46:a9:d7:9c:aa:a8:16:7c:
         81:f1:cf:e6:7e:cf:54:9b:c8:d5:26:43:7e:ff:63:0f:cd:f2:
         cf:3c:d6:23
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZK7tAZLLTKDYGRPvQpfR+nrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMDIzMjMyNjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGU5MTk2NWE4MDlkMWFjNWFhMGYwZDA1NTA2YWNiMGRkYjAyYWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1adZKUdwQZw8UerGeLP1oNnA0Lnj
ogL5TH4fDXijTHrWleulr340xYKh60/oo2OdtuMKlXX3R1gOd7Itgq6yZBAa5Wjw
5xtrpeREucZT6IhtRhlmpCUNdslbLASmKDVLf9zTRxyM+nbDLHTY6sPACdyWA/Dp
8EWZtI2mQw9vkFSagT7IcQMf71UJLhR3gUggXzkTEKxz4kphQJSNKeaS9uwWU3Z1
l8S5guejCqCH0pxrrn6GUg/HLhxZHkmRmv6tQUonOGohTD3+mLeAAonE08ZkJzIN
JeZZa8LTAE26hkcmehWsHwGs05VwTUmISKliFFmtiUWyb1RcDB6GOhoaewIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFHTpGWWoCdGsWqDw0FUGrLDdsCq4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyY2Y4
YmE3LWNiMDItNDE4Yi1iZTA0LTRkOWYzYTA3ZTk1MC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJj
ZjhiYTctY2IwMi00MThiLWJlMDQtNGQ5ZjNhMDdlOTUwLzAvNzRFOTE5NjVBODA5
RDFBQzVBQTBGMEQwNTUwNkFDQjBEREIwMkFCOC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDRbMw
DQYJKoZIhvcNAQELBQADggEBAKhAvGDLyIYmGbkQzYOXfOxRKkkNwS7o/W4jIwBH
vVmr2Sqw7ClQI/o9LgqAhIxsCo16nJBJoWLn2zK/p3IKXiBeAcMPYIsRIpTTAXsr
D/jVZsZrVMfSgI0q7fIK1SGqQzFR/y4Sq54LU734QqZQsiaAaHjkRD/easYysHhZ
dyisU+VNTsO40hK5I+EtLE/k2HJ7XvNN1S2Yz4QCIc3K/cMCSOyE0ocugDhInpVD
OJhBc9FSjC/nuSNRMbFPuotJxLeTIEKRsKt0AW+IKt5AM9qiJ2HJyTKfF0S9pAmU
eYH2ICFGqdecqqgWfIHxz+Z+z1SbyNUmQ37/Yw/N8s881iM=
-----END CERTIFICATE-----