Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec1Sh9sjpaT-cWadrFQz-KSEYb0.cer
File:                     ec1Sh9sjpaT-cWadrFQz-KSEYb0.cer (raw, json)
Hash identifier:          J3FAV4MNUhh1mu3vbCPrnHg85GIlYX3nwg9hjAsPY7s=
Subject key identifier:   79:CD:52:87:DB:23:A5:A4:FE:71:66:9D:AC:54:33:F8:A4:84:61:BD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0191DD5648EA74C2707282D6EFEB65990B76
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/2aca3ca6-34cc-4772-bac0-a35dd0195ce7/2/79CD5287DB23A5A4FE71669DAC5433F8A48461BD.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/2aca3ca6-34cc-4772-bac0-a35dd0195ce7/2/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Tue 10 Sep 2024 19:08:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 50755
                          AS: 200676

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 23:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:dd:56:48:ea:74:c2:70:72:82:d6:ef:eb:65:99:0b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 10 19:08:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79cd5287db23a5a4fe71669dac5433f8a48461bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:18:bd:00:12:da:84:56:d7:bf:a8:05:e8:29:
                    93:64:e1:69:51:ca:08:f6:1a:62:9c:b9:36:78:71:
                    c1:9c:30:de:55:85:7d:00:89:72:fc:14:a0:e8:34:
                    ea:fa:6d:0a:65:92:61:f2:d4:d9:92:6f:4a:1b:4a:
                    95:e5:f3:ab:41:81:2f:ba:ef:21:ce:e5:bf:2f:9b:
                    f7:fc:9c:7c:6c:2d:b3:ca:d7:c4:7c:0d:c0:b2:cf:
                    2e:21:46:08:b9:73:1a:e2:a3:6b:22:80:30:b5:ef:
                    d8:83:cf:ff:97:9e:58:b3:21:61:65:f8:a6:f6:b3:
                    70:3a:7a:34:a2:d1:13:02:80:5d:88:95:d4:dd:69:
                    ea:2b:7d:ae:0d:1e:96:a7:ff:f2:56:93:b8:f3:9c:
                    e1:ac:62:d8:26:07:a6:1a:d2:de:6f:a1:00:0e:e7:
                    15:dd:a4:86:8c:34:3e:72:db:af:16:0c:11:07:f7:
                    c3:78:bf:4c:65:24:a3:7e:d7:f7:a6:8e:21:69:43:
                    99:7c:71:48:32:19:91:1d:87:50:a2:d6:4e:c6:e3:
                    2b:4b:5d:d7:9b:80:6a:57:9a:7b:4c:8f:69:28:89:
                    3d:14:17:44:b5:43:12:c7:07:5e:a3:bf:c2:0f:f8:
                    f1:15:ad:07:06:a9:34:53:6f:10:fa:df:bd:6a:19:
                    f9:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:CD:52:87:DB:23:A5:A4:FE:71:66:9D:AC:54:33:F8:A4:84:61:BD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/2aca3ca6-34cc-4772-bac0-a35dd0195ce7/2/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/2aca3ca6-34cc-4772-bac0-a35dd0195ce7/2/79CD5287DB23A5A4FE71669DAC5433F8A48461BD.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50755
                  200676

    Signature Algorithm: sha256WithRSAEncryption
         3c:6b:24:71:0c:f1:f7:5d:61:37:b6:05:54:9b:4d:ea:d7:c8:
         27:ad:3e:55:f8:ca:25:e7:a9:a0:0f:b6:8e:20:11:8b:0d:b8:
         db:ef:16:b8:24:5f:fa:6a:c0:12:e0:c1:09:4a:6e:f5:63:d9:
         d5:6e:51:3f:8c:da:3e:36:53:fe:7d:82:5c:4a:e7:ba:39:95:
         34:26:26:8d:6c:52:e3:23:13:37:91:d7:81:d3:01:da:cc:60:
         7d:c5:be:47:8e:f1:ed:37:f4:96:94:ae:41:d3:78:12:00:3d:
         63:f3:55:0f:0c:a3:78:f8:a5:14:a2:b7:de:49:10:a1:69:0e:
         3b:0e:74:6e:4f:59:d7:e4:68:d8:60:4f:30:24:e4:8b:a2:87:
         0e:98:72:84:24:7e:c0:4f:b7:fb:a5:82:ef:63:aa:a6:6b:64:
         42:4a:9a:a3:f0:24:2c:e5:4e:64:b5:65:80:d2:94:66:0a:aa:
         e8:4d:a6:1e:0e:0c:22:2b:22:da:b6:c5:b5:04:51:3f:b4:d4:
         cc:62:eb:32:60:ee:d7:9d:3b:94:87:a9:21:70:d1:e2:b7:a4:
         79:d1:6e:69:68:88:68:5f:53:13:10:75:ef:9c:61:c4:26:eb:
         fb:e0:0b:98:f7:c1:57:e4:87:28:f5:42:93:3f:87:52:19:32:
         c3:f7:9f:fe
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZHdVkjqdMJwcoLW7+tlmQt2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTEwMTkwODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWNkNTI4N2RiMjNhNWE0ZmU3MTY2OWRhYzU0MzNmOGE0ODQ2MWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5xi9ABLahFbXv6gF6CmTZOFpUcoI
9hpinLk2eHHBnDDeVYV9AIly/BSg6DTq+m0KZZJh8tTZkm9KG0qV5fOrQYEvuu8h
zuW/L5v3/Jx8bC2zytfEfA3Ass8uIUYIuXMa4qNrIoAwte/Yg8//l55YsyFhZfim
9rNwOno0otETAoBdiJXU3WnqK32uDR6Wp//yVpO485zhrGLYJgemGtLeb6EADucV
3aSGjDQ+ctuvFgwRB/fDeL9MZSSjftf3po4haUOZfHFIMhmRHYdQotZOxuMrS13X
m4BqV5p7TI9pKIk9FBdEtUMSxwdeo7/CD/jxFa0HBqk0U28Q+t+9ahn5FQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHnNUofbI6Wk/nFmnaxUM/ikhGG9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzJhY2Ez
Y2E2LTM0Y2MtNDc3Mi1iYWMwLWEzNWRkMDE5NWNlNy8yLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmFj
YTNjYTYtMzRjYy00NzcyLWJhYzAtYTM1ZGQwMTk1Y2U3LzIvNzlDRDUyODdEQjIz
QTVBNEZFNzE2NjlEQUM1NDMzRjhBNDg0NjFCRC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBCAEB/wQQMA6gDDAKAgMAxkMC
AwMP5DANBgkqhkiG9w0BAQsFAAOCAQEAPGskcQzx911hN7YFVJtN6tfIJ60+VfjK
JeepoA+2jiARiw242+8WuCRf+mrAEuDBCUpu9WPZ1W5RP4zaPjZT/n2CXErnujmV
NCYmjWxS4yMTN5HXgdMB2sxgfcW+R47x7Tf0lpSuQdN4EgA9Y/NVDwyjePilFKK3
3kkQoWkOOw50bk9Z1+Ro2GBPMCTki6KHDphyhCR+wE+3+6WC72OqpmtkQkqao/Ak
LOVOZLVlgNKUZgqq6E2mHg4MIisi2rbFtQRRP7TUzGLrMmDu1507lIepIXDR4rek
edFuaWiIaF9TExB175xhxCbr++ALmPfBV+SHKPVCkz+HUhkyw/ef/g==
-----END CERTIFICATE-----