Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jBPrj9nY20toqWnI_91IRoAqsKs.cer
File:                     jBPrj9nY20toqWnI_91IRoAqsKs.cer (raw, json)
Hash identifier:          P8eI6ek1KzLvdkhg6+03xHtJAjBPtLNOAwaa2elXxBI=
Subject key identifier:   8C:13:EB:8F:D9:D8:DB:4B:68:A9:69:C8:FF:DD:48:46:80:2A:B0:AB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC500FEBD994ECAACF4DDECC599370491
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/jBPrj9nY20toqWnI_91IRoAqsKs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200856
                          IP: 2001:67c:b24::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:fe:bd:99:4e:ca:ac:f4:dd:ec:c5:99:37:04:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c13eb8fd9d8db4b68a969c8ffdd4846802ab0ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:41:4f:ff:bc:dc:ff:62:46:f5:e3:31:94:cc:
                    1b:36:d3:1f:d8:f1:5e:ba:39:73:91:3b:b6:9d:50:
                    b3:66:38:4d:69:ec:fd:46:2e:76:54:aa:10:41:f3:
                    00:02:d5:c4:8c:0a:92:12:19:f8:dd:df:ce:9d:3b:
                    e4:23:ca:3d:71:73:d9:67:6d:65:04:bf:c6:dc:49:
                    01:52:f2:a3:f3:2e:d5:bd:f7:01:77:8f:f7:e4:cf:
                    36:56:8e:1a:4e:0c:6c:c1:8b:2c:0d:31:36:13:79:
                    bf:44:a6:21:02:6f:82:51:57:3e:53:32:1c:72:d6:
                    ae:4e:bd:57:80:ca:7d:a9:51:89:87:e8:5f:a5:ec:
                    bc:e2:43:40:8a:60:e4:89:e8:e5:f4:0b:23:09:b7:
                    f7:a9:e7:1f:50:ef:78:ee:4f:1d:49:87:c2:4f:6d:
                    96:4b:42:25:ec:b0:2d:58:1c:53:3c:f9:4b:bd:0d:
                    d5:85:84:58:f5:cf:7a:81:ab:17:23:f2:4a:7b:01:
                    6f:54:b2:4c:c6:d7:28:5d:90:9e:6a:2e:59:c3:4d:
                    6e:f5:c2:e0:f2:cf:72:ef:90:ff:2e:4e:29:b0:8f:
                    cd:65:f1:92:a3:fa:b7:cf:88:4b:8a:60:28:ad:ee:
                    11:1f:36:ef:ae:20:8b:da:a9:7f:bd:ba:c9:28:11:
                    39:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:13:EB:8F:D9:D8:DB:4B:68:A9:69:C8:FF:DD:48:46:80:2A:B0:AB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/jBPrj9nY20toqWnI_91IRoAqsKs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b24::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200856

    Signature Algorithm: sha256WithRSAEncryption
         98:a2:2b:98:15:54:8a:e8:15:5b:80:e0:c5:05:2f:eb:52:64:
         df:4f:64:fd:c2:e6:e0:37:70:d4:4c:d8:1c:f0:93:4c:bb:81:
         32:f8:e2:bb:70:70:fe:4a:e6:a9:8b:53:c8:84:44:ed:5b:22:
         a2:d9:fa:12:a6:7b:cb:25:58:bd:53:75:f7:3e:87:80:0d:37:
         fb:ca:9f:77:1a:ad:75:ab:2f:21:dc:38:1a:03:f5:69:fa:80:
         e4:f8:d3:f2:22:a3:0d:81:1a:29:a4:3f:34:f3:7f:8a:a7:9e:
         d0:e7:27:57:36:f7:72:51:60:fd:ec:56:be:95:94:2b:8a:7f:
         16:dd:86:da:69:28:89:03:77:66:59:a1:ce:14:c9:62:8d:e9:
         47:d6:6f:15:59:ae:27:05:15:35:2e:97:f8:b0:a0:68:60:c5:
         e8:3b:eb:0c:e4:ba:f5:84:64:e8:13:61:52:a5:1d:c3:1c:bd:
         05:fa:9a:93:33:c5:67:22:13:2f:3c:5b:9b:5d:e0:aa:a5:54:
         48:f1:7e:50:e5:40:09:43:58:06:8a:56:17:0c:74:c1:d8:a4:
         d7:3d:34:63:4e:45:68:de:8d:b3:1a:73:87:20:2a:28:38:84:
         07:1f:54:35:84:d7:51:e5:6f:8f:c0:26:f5:3a:97:8f:04:bc:
         33:4c:2f:00
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzFAP69mU7KrPTd7MWZNwSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzEzZWI4ZmQ5ZDhkYjRiNjhhOTY5YzhmZmRkNDg0NjgwMmFiMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUFP/7zc/2JG9eMxlMwbNtMf2PFe
ujlzkTu2nVCzZjhNaez9Ri52VKoQQfMAAtXEjAqSEhn43d/OnTvkI8o9cXPZZ21l
BL/G3EkBUvKj8y7VvfcBd4/35M82Vo4aTgxswYssDTE2E3m/RKYhAm+CUVc+UzIc
ctauTr1XgMp9qVGJh+hfpey84kNAimDkiejl9AsjCbf3qecfUO947k8dSYfCT22W
S0Il7LAtWBxTPPlLvQ3VhYRY9c96gasXI/JKewFvVLJMxtcoXZCeai5Zw01u9cLg
8s9y75D/Lk4psI/NZfGSo/q3z4hLimAore4RHzbvriCL2ql/vbrJKBE55QIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFIwT64/Z2NtLaKlpyP/dSEaAKrCrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE4LzhhZGY3
ZS0yZGVkLTQyNGQtODk1MS1lNjgyYmNiOWE2M2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvOGFkZjdl
LTJkZWQtNDI0ZC04OTUxLWU2ODJiY2I5YTYzYS8xL2pCUHJqOW5ZMjB0b3FXbklf
OTFJUm9BcXNLcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAskMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMQmDANBgkqhkiG9w0BAQsFAAOCAQEAmKIrmBVUiugVW4DgxQUv61Jk309k
/cLm4Ddw1EzYHPCTTLuBMvjiu3Bw/krmqYtTyIRE7Vsiotn6EqZ7yyVYvVN19z6H
gA03+8qfdxqtdasvIdw4GgP1afqA5PjT8iKjDYEaKaQ/NPN/iqee0OcnVzb3clFg
/exWvpWUK4p/Ft2G2mkoiQN3ZlmhzhTJYo3pR9ZvFVmuJwUVNS6X+LCgaGDF6Dvr
DOS69YRk6BNhUqUdwxy9BfqakzPFZyITLzxbm13gqqVUSPF+UOVACUNYBopWFwx0
wdik1z00Y05FaN6NsxpzhyAqKDiEBx9UNYTXUeVvj8Am9TqXjwS8M0wvAA==
-----END CERTIFICATE-----