Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iF7nSXYIGvmeHXt0Btio9fbA97k.cer
File:                     iF7nSXYIGvmeHXt0Btio9fbA97k.cer (raw, json)
Hash identifier:          XBbYAB0AnQITGrTuUd1SVRPQ37FqDSMBALdyIiJeKcw=
Subject key identifier:   88:5E:E7:49:76:08:1A:F9:9E:1D:7B:74:06:D8:A8:F5:F6:C0:F7:B9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D547A4554072A299948D0813699BF8A86
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/31/f04e8a-a091-41be-8a27-ff9d24b4219d/1/iF7nSXYIGvmeHXt0Btio9fbA97k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/31/f04e8a-a091-41be-8a27-ff9d24b4219d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 29 Jan 2024 09:08:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215652

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:54:7a:45:54:07:2a:29:99:48:d0:81:36:99:bf:8a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 29 09:08:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=885ee74976081af99e1d7b7406d8a8f5f6c0f7b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:57:f4:c3:2e:07:e6:65:bb:57:67:36:fb:79:
                    38:44:06:12:23:31:48:7e:77:20:f5:6d:a3:b1:80:
                    17:f1:b2:cb:26:63:ae:f6:04:0d:dc:c7:d4:34:0c:
                    ed:9f:cf:e0:1f:98:02:a7:b4:cc:a6:9c:a0:94:1f:
                    9a:d8:f6:2a:79:14:2c:a8:e3:a9:98:f8:21:37:31:
                    cf:61:c7:b0:42:03:a5:30:3a:cf:27:58:11:e2:06:
                    68:dc:d8:55:fb:eb:a8:d8:94:8e:cb:6f:3e:21:17:
                    3b:53:8a:f7:aa:6c:79:05:91:b6:94:17:cf:c9:7d:
                    64:25:eb:87:83:ba:7d:69:dd:8a:fc:c1:34:5f:60:
                    53:ec:23:7b:3f:ed:9b:dc:ab:89:49:51:9c:2b:96:
                    7b:6e:01:45:a9:78:43:51:b9:f9:86:63:e0:9c:91:
                    3b:c6:9f:59:7f:63:29:a0:05:45:15:71:18:73:c4:
                    35:4c:8f:36:af:4b:cb:e6:16:8c:fd:6f:5b:7c:7e:
                    a1:ef:ce:a9:a2:53:bc:57:e6:36:6a:8e:ba:c8:d7:
                    7c:6d:f9:64:d9:af:d9:b1:9a:56:51:90:61:4a:6f:
                    af:1d:7b:5b:f2:52:c3:41:66:07:85:a3:91:01:42:
                    cf:ad:d7:bd:08:b7:7a:38:a8:f1:3f:64:bd:a7:13:
                    dd:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:5E:E7:49:76:08:1A:F9:9E:1D:7B:74:06:D8:A8:F5:F6:C0:F7:B9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/f04e8a-a091-41be-8a27-ff9d24b4219d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/f04e8a-a091-41be-8a27-ff9d24b4219d/1/iF7nSXYIGvmeHXt0Btio9fbA97k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215652

    Signature Algorithm: sha256WithRSAEncryption
         37:b3:a3:03:eb:52:33:f3:02:03:05:cf:db:d6:53:6f:f9:03:
         3c:af:2e:5d:b4:e7:af:26:39:4b:c3:39:6a:00:2d:b4:a1:b8:
         4c:bf:85:01:96:df:e2:9e:ab:98:87:d5:d3:e2:f0:fc:f7:16:
         a0:92:b1:74:bf:74:b2:10:b1:15:d5:d9:14:69:52:34:61:43:
         0e:ef:e7:12:26:d2:8f:46:58:85:ba:aa:49:82:b7:e5:96:5d:
         38:c3:c1:12:54:a0:fe:e7:c9:bc:3d:8f:36:7b:1d:39:2f:df:
         76:5d:31:25:f7:bb:de:ee:0f:25:73:22:34:f4:a1:b0:52:0b:
         1a:43:3b:45:ae:1a:ef:8e:e3:66:06:2a:d6:35:49:9d:1c:e6:
         c8:f4:93:9a:b6:ce:5f:49:34:c2:6b:3a:5f:93:e8:31:92:2b:
         f8:2e:87:a7:a9:76:10:55:28:67:3b:3f:4f:59:d0:cf:8f:65:
         4d:c7:88:7c:e6:f2:84:22:32:d9:58:a5:2a:cc:db:a8:ba:d5:
         d4:fb:2c:eb:86:fa:42:63:aa:fd:af:02:0d:52:49:91:c6:f9:
         5d:65:c5:dd:41:b1:fb:98:f2:b2:89:22:9e:ec:2d:ab:d6:a4:
         d5:76:78:ec:f7:d3:88:02:5e:18:4c:18:55:dc:7f:63:68:50:
         9e:66:e4:3e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY1UekVUByopmUjQgTaZv4qGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTI5MDkwODM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODVlZTc0OTc2MDgxYWY5OWUxZDdiNzQwNmQ4YThmNWY2YzBmN2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6lf0wy4H5mW7V2c2+3k4RAYSIzFI
fncg9W2jsYAX8bLLJmOu9gQN3MfUNAztn8/gH5gCp7TMppyglB+a2PYqeRQsqOOp
mPghNzHPYcewQgOlMDrPJ1gR4gZo3NhV++uo2JSOy28+IRc7U4r3qmx5BZG2lBfP
yX1kJeuHg7p9ad2K/ME0X2BT7CN7P+2b3KuJSVGcK5Z7bgFFqXhDUbn5hmPgnJE7
xp9Zf2MpoAVFFXEYc8Q1TI82r0vL5haM/W9bfH6h786polO8V+Y2ao66yNd8bflk
2a/ZsZpWUZBhSm+vHXtb8lLDQWYHhaORAULPrde9CLd6OKjxP2S9pxPdkQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIhe50l2CBr5nh17dAbYqPX2wPe5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMxL2YwNGU4
YS1hMDkxLTQxYmUtOGEyNy1mZjlkMjRiNDIxOWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzEvZjA0ZThh
LWEwOTEtNDFiZS04YTI3LWZmOWQyNGI0MjE5ZC8xL2lGN25TWFlJR3ZtZUhYdDBC
dGlvOWZiQTk3ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNKZDANBgkqhkiG9w0BAQsFAAOCAQEAN7OjA+tSM/MC
AwXP29ZTb/kDPK8uXbTnryY5S8M5agAttKG4TL+FAZbf4p6rmIfV0+Lw/PcWoJKx
dL90shCxFdXZFGlSNGFDDu/nEibSj0ZYhbqqSYK35ZZdOMPBElSg/ufJvD2PNnsd
OS/fdl0xJfe73u4PJXMiNPShsFILGkM7Ra4a747jZgYq1jVJnRzmyPSTmrbOX0k0
wms6X5PoMZIr+C6Hp6l2EFUoZzs/T1nQz49lTceIfObyhCIy2VilKszbqLrV1Pss
64b6QmOq/a8CDVJJkcb5XWXF3UGx+5jysokinuwtq9ak1XZ47PfTiAJeGEwYVdx/
Y2hQnmbkPg==
-----END CERTIFICATE-----