Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iZFbtGEcVfYprTpMz-NXwECh3BI.cer
File:                     iZFbtGEcVfYprTpMz-NXwECh3BI.cer (raw, json)
Hash identifier:          Qcgmm96mC8i0WTByuaMlNqtuyu5TYUcybaYks0zQJ7g=
Subject key identifier:   89:91:5B:B4:61:1C:55:F6:29:AD:3A:4C:CF:E3:57:C0:40:A1:DC:12
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D18E86AC03CFD577A28E5102C557F9C51
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b0/74ac9d-2a53-4ae5-ba72-62afcb9972d7/1/iZFbtGEcVfYprTpMz-NXwECh3BI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b0/74ac9d-2a53-4ae5-ba72-62afcb9972d7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 17 Jan 2024 19:31:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199344

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:e8:6a:c0:3c:fd:57:7a:28:e5:10:2c:55:7f:9c:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 17 19:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89915bb4611c55f629ad3a4ccfe357c040a1dc12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:80:1a:ac:60:c2:16:a1:2b:9f:0f:5b:53:8e:
                    18:b9:29:53:d3:af:77:b0:41:83:67:61:93:93:db:
                    83:d1:c6:df:da:78:a0:a4:15:9b:e3:88:bb:93:2e:
                    0a:04:34:69:08:c5:2f:72:fe:d9:b1:7e:64:cb:d1:
                    41:6b:16:d4:f4:52:b2:1e:28:74:0d:e5:43:31:36:
                    d8:bc:35:1c:44:6b:a4:69:41:55:68:cf:1a:1f:0f:
                    ff:e7:f4:b1:b1:01:73:19:4e:e7:23:f6:77:65:f8:
                    aa:89:f5:03:5b:1d:73:43:60:9a:d5:96:17:14:b2:
                    1a:44:15:49:64:cd:73:ee:2a:17:1d:88:0f:f1:a2:
                    13:30:3b:f3:e0:b2:04:42:a0:bb:55:fc:d7:3d:41:
                    3a:be:50:44:4e:8d:7b:c5:08:d0:25:44:81:f6:0b:
                    82:f9:8a:9d:27:98:d6:4c:a5:cd:69:1f:86:a3:1a:
                    44:49:7f:38:14:51:43:44:e0:74:93:c3:99:2a:4c:
                    fb:15:a1:66:4f:19:0f:f8:86:b3:b2:8e:80:ec:5a:
                    2c:29:82:f6:0a:83:50:da:48:e6:e2:4f:84:81:3d:
                    4c:28:16:96:2b:60:06:da:af:d6:f1:e6:2f:78:c3:
                    12:1e:fe:6a:fe:c0:7f:20:56:6c:74:9a:40:ed:c9:
                    06:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:91:5B:B4:61:1C:55:F6:29:AD:3A:4C:CF:E3:57:C0:40:A1:DC:12
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/74ac9d-2a53-4ae5-ba72-62afcb9972d7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/74ac9d-2a53-4ae5-ba72-62afcb9972d7/1/iZFbtGEcVfYprTpMz-NXwECh3BI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199344

    Signature Algorithm: sha256WithRSAEncryption
         84:ee:64:91:9f:2d:76:b1:48:b5:43:81:bb:88:e0:24:7e:da:
         b2:37:4c:e8:af:1f:e3:04:81:2a:1b:91:cd:86:b8:c9:d2:04:
         30:d9:5e:a2:ac:55:da:51:1e:ee:df:0c:0c:3d:a7:be:cd:1c:
         eb:ec:e0:ef:f5:40:af:06:d4:00:01:5d:e8:40:63:88:79:cb:
         04:67:1c:6f:4e:13:a1:63:47:07:06:89:ec:0d:9f:bd:c3:45:
         91:d1:38:08:21:7b:da:50:ba:2e:ed:b8:80:fd:57:2b:8f:33:
         a4:69:e8:53:96:45:09:69:a1:b9:3d:d7:42:24:86:e7:d3:2c:
         8b:72:b5:5b:01:40:d4:e2:8e:4c:5c:ab:71:04:dd:c4:1f:92:
         41:c5:2b:d8:eb:d5:b5:55:c2:83:bd:67:d5:51:19:b6:8f:28:
         69:31:01:e7:6f:d4:9b:cf:f7:dd:d4:41:f3:44:68:e4:49:d2:
         1c:60:b3:29:a4:35:93:d6:04:89:6e:b0:e7:9a:a7:32:05:f8:
         1c:a7:bc:54:bb:ad:a0:93:39:70:14:5b:69:52:6e:f4:d2:47:
         a6:59:52:e1:85:ee:29:d6:4a:10:69:4c:35:48:b1:98:01:95:
         9c:43:43:af:bf:ec:01:9f:2e:89:a8:94:50:c1:ad:bc:84:f4:
         ce:23:52:a6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY0Y6GrAPP1XeijlECxVf5xRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTE3MTkzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkxNWJiNDYxMWM1NWY2MjlhZDNhNGNjZmUzNTdjMDQwYTFkYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4AarGDCFqErnw9bU44YuSlT0693
sEGDZ2GTk9uD0cbf2nigpBWb44i7ky4KBDRpCMUvcv7ZsX5ky9FBaxbU9FKyHih0
DeVDMTbYvDUcRGukaUFVaM8aHw//5/SxsQFzGU7nI/Z3ZfiqifUDWx1zQ2Ca1ZYX
FLIaRBVJZM1z7ioXHYgP8aITMDvz4LIEQqC7VfzXPUE6vlBETo17xQjQJUSB9guC
+YqdJ5jWTKXNaR+GoxpESX84FFFDROB0k8OZKkz7FaFmTxkP+Iazso6A7FosKYL2
CoNQ2kjm4k+EgT1MKBaWK2AG2q/W8eYveMMSHv5q/sB/IFZsdJpA7ckGyQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFImRW7RhHFX2Ka06TM/jV8BAodwSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IwLzc0YWM5
ZC0yYTUzLTRhZTUtYmE3Mi02MmFmY2I5OTcyZDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAvNzRhYzlk
LTJhNTMtNGFlNS1iYTcyLTYyYWZjYjk5NzJkNy8xL2laRmJ0R0VjVmZZcHJUcE16
LU5Yd0VDaDNCSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMKsDANBgkqhkiG9w0BAQsFAAOCAQEAhO5kkZ8tdrFI
tUOBu4jgJH7asjdM6K8f4wSBKhuRzYa4ydIEMNleoqxV2lEe7t8MDD2nvs0c6+zg
7/VArwbUAAFd6EBjiHnLBGccb04ToWNHBwaJ7A2fvcNFkdE4CCF72lC6Lu24gP1X
K48zpGnoU5ZFCWmhuT3XQiSG59Msi3K1WwFA1OKOTFyrcQTdxB+SQcUr2OvVtVXC
g71n1VEZto8oaTEB52/Um8/33dRB80Ro5EnSHGCzKaQ1k9YEiW6w55qnMgX4HKe8
VLutoJM5cBRbaVJu9NJHpllS4YXuKdZKEGlMNUixmAGVnENDr7/sAZ8uiaiUUMGt
vIT0ziNSpg==
-----END CERTIFICATE-----