Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/g8nUIWdz620v5OSPOxocKDT-y9s.cer
File:                     g8nUIWdz620v5OSPOxocKDT-y9s.cer (raw, json)
Hash identifier:          n8vCJ/2S+Erm10qFepCvu6JYL1mepU66scBlxFfSZaI=
Subject key identifier:   83:C9:D4:21:67:73:EB:6D:2F:E4:E4:8F:3B:1A:1C:28:34:FE:CB:DB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB20310BDD002F815699850021C264
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2a/a0440d-11cf-4784-8653-da7bc77fd04e/1/g8nUIWdz620v5OSPOxocKDT-y9s.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2a/a0440d-11cf-4784-8653-da7bc77fd04e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:49 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 203790

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:20:31:0b:dd:00:2f:81:56:99:85:00:21:c2:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83c9d4216773eb6d2fe4e48f3b1a1c2834fecbdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:45:cf:95:cb:66:46:e3:f7:44:5f:38:0b:74:
                    4a:cd:82:cc:81:ef:07:e8:a3:6a:2a:48:bc:96:b5:
                    5a:63:01:4e:06:73:5e:f9:f4:5f:af:b1:89:a7:b6:
                    1b:29:85:fe:dd:03:12:e4:5d:f6:9a:23:21:22:ee:
                    aa:a2:59:fb:82:35:54:79:f1:34:6a:ba:17:2e:ca:
                    97:4b:da:68:a5:b5:72:eb:c4:71:09:98:79:69:8c:
                    98:66:93:2d:c9:77:18:54:6d:13:56:44:de:46:9f:
                    38:fc:3d:c4:ec:ff:c8:a1:32:13:0c:d3:f2:c8:ac:
                    e0:37:b2:1f:21:2e:19:2f:2a:fc:69:b7:ee:fe:33:
                    4a:c7:cb:8e:04:15:7c:17:8c:af:cc:8e:b6:21:2d:
                    14:5e:9d:4c:3d:31:ac:b5:dc:82:94:04:cd:05:48:
                    10:37:c3:6b:78:5f:e9:3b:80:cd:4a:bb:ac:66:91:
                    b9:41:63:1f:33:26:05:01:7b:fe:fe:ec:75:25:4b:
                    5f:b4:40:5a:bb:dc:6b:ce:b3:da:58:af:87:3b:47:
                    63:92:9a:97:79:df:b0:5a:02:2b:ec:58:05:b5:d7:
                    af:7a:16:ce:bd:6a:6f:79:8c:6e:cd:0f:4f:1c:fe:
                    d3:a8:62:f2:dd:cc:bc:f9:94:f9:94:17:1b:e3:84:
                    7c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C9:D4:21:67:73:EB:6D:2F:E4:E4:8F:3B:1A:1C:28:34:FE:CB:DB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a0440d-11cf-4784-8653-da7bc77fd04e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a0440d-11cf-4784-8653-da7bc77fd04e/1/g8nUIWdz620v5OSPOxocKDT-y9s.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203790

    Signature Algorithm: sha256WithRSAEncryption
         a0:99:63:7c:1c:f8:73:2b:08:0e:cc:75:d6:12:c2:9c:55:ae:
         67:e9:67:63:2b:7f:97:82:b3:35:73:65:bf:f1:ae:fe:51:5f:
         5e:0c:fc:dd:39:b4:fc:0c:6c:c4:37:08:cf:85:b4:57:88:93:
         82:71:44:e3:d2:1c:d5:63:4d:0d:d8:f2:32:ad:ae:a8:9d:33:
         49:75:8f:13:4e:c6:10:d2:45:e1:e7:7c:7d:b7:22:de:6f:1f:
         93:d6:54:82:2d:f0:da:f9:2c:79:cd:6a:42:21:52:74:b8:79:
         a1:d2:85:60:62:a3:4f:da:f9:9e:b2:03:fd:f4:d5:ae:61:10:
         b6:27:ab:61:5c:c1:5e:16:e2:42:89:d9:0b:ef:72:af:8d:e8:
         43:7f:67:38:a0:6b:7a:0a:ea:0b:34:b9:ed:1e:11:50:71:b0:
         ed:fd:e5:64:f5:86:b8:92:76:57:21:6a:64:5b:0a:bd:25:08:
         04:0f:e8:b4:f9:5b:57:3b:9f:4c:dc:04:bb:fc:c9:de:3b:17:
         8b:9d:42:f2:5e:93:b6:e7:df:67:28:c9:e8:92:b6:ee:c6:66:
         6a:f3:f8:aa:39:5e:9e:f3:7a:76:b6:6d:4c:a2:7a:70:07:cb:
         34:35:c7:9e:51:d3:98:f8:60:dd:fb:4b:4d:13:29:d0:1f:20:
         55:53:31:9f
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzC2yAxC90AL4FWmYUAIcJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2M5ZDQyMTY3NzNlYjZkMmZlNGU0OGYzYjFhMWMyODM0ZmVjYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikXPlctmRuP3RF84C3RKzYLMge8H
6KNqKki8lrVaYwFOBnNe+fRfr7GJp7YbKYX+3QMS5F32miMhIu6qoln7gjVUefE0
aroXLsqXS9popbVy68RxCZh5aYyYZpMtyXcYVG0TVkTeRp84/D3E7P/IoTITDNPy
yKzgN7IfIS4ZLyr8abfu/jNKx8uOBBV8F4yvzI62IS0UXp1MPTGstdyClATNBUgQ
N8NreF/pO4DNSrusZpG5QWMfMyYFAXv+/ux1JUtftEBau9xrzrPaWK+HO0djkpqX
ed+wWgIr7FgFtdevehbOvWpveYxuzQ9PHP7TqGLy3cy8+ZT5lBcb44R8uwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIPJ1CFnc+ttL+TkjzsaHCg0/svbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJhL2EwNDQw
ZC0xMWNmLTQ3ODQtODY1My1kYTdiYzc3ZmQwNGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEvYTA0NDBk
LTExY2YtNDc4NC04NjUzLWRhN2JjNzdmZDA0ZS8xL2c4blVJV2R6NjIwdjVPU1BP
eG9jS0RULXk5cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMcDjANBgkqhkiG9w0BAQsFAAOCAQEAoJljfBz4cysI
Dsx11hLCnFWuZ+lnYyt/l4KzNXNlv/Gu/lFfXgz83Tm0/AxsxDcIz4W0V4iTgnFE
49Ic1WNNDdjyMq2uqJ0zSXWPE07GENJF4ed8fbci3m8fk9ZUgi3w2vksec1qQiFS
dLh5odKFYGKjT9r5nrID/fTVrmEQtierYVzBXhbiQonZC+9yr43oQ39nOKBregrq
CzS57R4RUHGw7f3lZPWGuJJ2VyFqZFsKvSUIBA/otPlbVzufTNwEu/zJ3jsXi51C
8l6TtuffZyjJ6JK27sZmavP4qjlenvN6drZtTKJ6cAfLNDXHnlHTmPhg3ftLTRMp
0B8gVVMxnw==
-----END CERTIFICATE-----