Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iVrm8kUpE20rhWpyZ5cmR-4jgm8.cer
File:                     iVrm8kUpE20rhWpyZ5cmR-4jgm8.cer (raw, json)
Hash identifier:          P/pKSVRpKxx347bq3ga+QMCMiCT2E6jpMst5/wMxnrc=
Subject key identifier:   89:5A:E6:F2:45:29:13:6D:2B:85:6A:72:67:97:26:47:EE:23:82:6F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D18B6C99AAFA705CAF13AB4A4DA132B06
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a5/6cb43f-6a32-4fbe-a3b1-0a5503b26641/1/iVrm8kUpE20rhWpyZ5cmR-4jgm8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a5/6cb43f-6a32-4fbe-a3b1-0a5503b26641/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 17 Jan 2024 18:37:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216393

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:b6:c9:9a:af:a7:05:ca:f1:3a:b4:a4:da:13:2b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 17 18:37:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=895ae6f24529136d2b856a7267972647ee23826f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:99:8b:ca:ee:34:62:fc:37:39:65:5b:6c:19:
                    63:2a:77:1e:89:c5:6a:ce:75:1f:b7:33:57:9a:0c:
                    9d:60:a8:47:c7:f2:c8:de:a9:2a:2b:67:69:64:30:
                    1d:04:91:c9:6f:49:82:08:35:44:54:6c:a0:51:13:
                    de:e0:d0:29:db:2c:4c:ef:b0:d4:70:2f:c2:43:ba:
                    a8:c2:43:5f:ef:42:33:92:da:aa:c8:ae:cf:d9:dd:
                    8b:74:0a:f3:fe:25:d0:14:05:b5:0a:1c:3e:8d:78:
                    05:cd:65:19:a4:8e:d3:22:99:9c:87:a3:0a:d5:81:
                    8b:f0:4a:d2:4d:ba:30:76:d8:e5:f0:bb:c6:98:37:
                    e6:3e:f1:91:15:a0:fe:0d:6a:ce:f1:92:2a:d4:7b:
                    4f:21:ad:84:9c:36:70:23:ce:06:52:aa:b0:85:68:
                    8d:52:86:4d:42:11:14:2e:e8:85:24:0f:c1:ff:90:
                    c6:ac:9b:be:06:02:06:1d:a6:43:3a:54:22:29:b6:
                    2b:bd:a6:1d:bc:c0:23:10:5d:cd:d0:df:26:00:44:
                    ce:ff:c8:85:35:8c:c7:e0:1e:4f:40:c6:85:b5:bc:
                    24:20:47:aa:c5:bc:74:a1:67:f9:d0:e5:7f:02:4b:
                    5d:76:fc:5d:22:21:87:f4:5e:72:16:7d:c2:8c:35:
                    3b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:5A:E6:F2:45:29:13:6D:2B:85:6A:72:67:97:26:47:EE:23:82:6F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/6cb43f-6a32-4fbe-a3b1-0a5503b26641/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/6cb43f-6a32-4fbe-a3b1-0a5503b26641/1/iVrm8kUpE20rhWpyZ5cmR-4jgm8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216393

    Signature Algorithm: sha256WithRSAEncryption
         0f:0b:37:e1:97:28:cd:2c:5c:02:2a:af:12:2f:f5:27:d3:3c:
         ec:c3:43:78:8f:76:f2:8e:3b:85:21:15:c8:2b:30:fc:07:90:
         df:d7:c9:31:7c:3a:ce:0f:d9:a0:b0:45:df:a8:a2:a9:ac:8d:
         f8:34:db:08:bd:4d:d5:b9:2b:c9:c4:ee:ad:c3:56:22:83:d3:
         a8:5f:eb:0d:7f:16:17:73:f3:a4:34:7e:c0:9c:7b:7e:71:d9:
         37:7d:a2:81:31:fb:7f:95:db:8d:6b:ee:42:c4:9c:17:c4:e1:
         f1:a7:dc:84:8a:d3:ad:76:a6:c3:51:3d:b7:53:67:6d:a8:9e:
         43:ff:0d:54:5a:fe:c2:12:15:27:bb:02:c5:33:06:1c:9a:20:
         06:c8:d0:18:25:49:83:d1:68:62:ae:f8:0f:dd:12:82:7e:1d:
         24:8c:5e:59:24:57:aa:a0:4b:69:75:a7:52:ca:2c:b0:ee:ea:
         ac:e7:68:84:bb:58:bb:88:bb:b4:e5:55:f4:29:23:fb:fd:b9:
         2f:59:55:47:33:be:9c:ef:fb:0a:f9:70:3d:e1:bb:d0:f1:25:
         21:29:93:6e:7f:55:33:f0:ba:ee:ce:da:52:1a:5d:b0:b8:e3:
         12:50:c7:4a:f3:4c:56:31:47:40:2b:23:7f:94:bc:6a:63:b9:
         86:ec:29:80
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY0Ytsmar6cFyvE6tKTaEysGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTE3MTgzNzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTVhZTZmMjQ1MjkxMzZkMmI4NTZhNzI2Nzk3MjY0N2VlMjM4MjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJmLyu40Yvw3OWVbbBljKnceicVq
znUftzNXmgydYKhHx/LI3qkqK2dpZDAdBJHJb0mCCDVEVGygURPe4NAp2yxM77DU
cC/CQ7qowkNf70IzktqqyK7P2d2LdArz/iXQFAW1Chw+jXgFzWUZpI7TIpmch6MK
1YGL8ErSTbowdtjl8LvGmDfmPvGRFaD+DWrO8ZIq1HtPIa2EnDZwI84GUqqwhWiN
UoZNQhEULuiFJA/B/5DGrJu+BgIGHaZDOlQiKbYrvaYdvMAjEF3N0N8mAETO/8iF
NYzH4B5PQMaFtbwkIEeqxbx0oWf50OV/AktddvxdIiGH9F5yFn3CjDU7JwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIla5vJFKRNtK4VqcmeXJkfuI4JvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E1LzZjYjQz
Zi02YTMyLTRmYmUtYTNiMS0wYTU1MDNiMjY2NDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTUvNmNiNDNm
LTZhMzItNGZiZS1hM2IxLTBhNTUwM2IyNjY0MS8xL2lWcm04a1VwRTIwcmhXcHla
NWNtUi00amdtOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNNSTANBgkqhkiG9w0BAQsFAAOCAQEADws34ZcozSxc
AiqvEi/1J9M87MNDeI928o47hSEVyCsw/AeQ39fJMXw6zg/ZoLBF36iiqayN+DTb
CL1N1bkrycTurcNWIoPTqF/rDX8WF3PzpDR+wJx7fnHZN32igTH7f5XbjWvuQsSc
F8Th8afchIrTrXamw1E9t1NnbaieQ/8NVFr+whIVJ7sCxTMGHJogBsjQGCVJg9Fo
Yq74D90Sgn4dJIxeWSRXqqBLaXWnUsossO7qrOdohLtYu4i7tOVV9Ckj+/25L1lV
RzO+nO/7CvlwPeG70PElISmTbn9VM/C67s7aUhpdsLjjElDHSvNMVjFHQCsjf5S8
amO5huwpgA==
-----END CERTIFICATE-----