Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jLb-ZWc_sSi7RFpfTfubpY4BmFQ.cer
File:                     jLb-ZWc_sSi7RFpfTfubpY4BmFQ.cer (raw, json)
Hash identifier:          klgm3aiMWuy4cpEqlfpIf0nFTxQNZBJAc/T7Zk/MKTY=
Subject key identifier:   8C:B6:FE:65:67:3F:B1:28:BB:44:5A:5F:4D:FB:9B:A5:8E:01:98:54
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018FEFD0821217D3F054AC6726C7AC721B59
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2c/713cdf-b72c-4ce9-ac4f-89e9d48a4365/1/jLb-ZWc_sSi7RFpfTfubpY4BmFQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2c/713cdf-b72c-4ce9-ac4f-89e9d48a4365/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 06 Jun 2024 23:09:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215259

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ef:d0:82:12:17:d3:f0:54:ac:67:26:c7:ac:72:1b:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  6 23:09:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cb6fe65673fb128bb445a5f4dfb9ba58e019854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6a:58:a3:81:81:35:f0:f1:1d:65:27:c5:0d:
                    e3:26:a5:24:53:69:ee:37:1f:64:60:37:fb:c5:ca:
                    a4:a4:de:a3:5a:02:be:f2:05:db:be:81:17:00:ea:
                    6e:44:89:eb:d7:4a:b5:80:94:0d:38:88:7d:24:4c:
                    4c:d6:e2:d0:cc:81:9b:07:68:66:d1:d1:c5:8c:80:
                    bc:74:ce:e6:b6:4e:f3:30:e9:72:09:52:aa:7d:ad:
                    6f:40:2f:ba:37:d1:81:5c:6e:6e:24:66:c7:a6:34:
                    e8:75:c9:dd:b4:d9:e0:b7:4e:a6:ad:17:da:9a:6b:
                    84:56:03:5a:c1:b9:99:69:f5:9b:3e:bb:8e:02:7e:
                    d6:d7:ce:22:6f:05:ec:42:4c:2e:3a:55:d0:f8:68:
                    2a:2d:1b:08:6d:e0:92:f0:48:de:27:db:a5:0a:25:
                    70:3e:b1:64:95:33:34:19:4a:b4:37:dd:bf:9c:38:
                    50:56:d4:fe:ea:97:96:ef:3e:af:5c:bd:60:60:d6:
                    61:5b:ed:e4:d5:bb:ea:f8:7e:31:20:4a:8f:bb:f0:
                    c9:f6:67:e7:66:b1:0a:17:5a:8c:5c:ba:ff:53:23:
                    c5:ac:37:6c:23:8d:69:60:94:9a:6e:e0:80:1b:28:
                    ad:fc:0a:df:04:e8:dc:13:ab:dd:df:f1:98:6f:7e:
                    da:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B6:FE:65:67:3F:B1:28:BB:44:5A:5F:4D:FB:9B:A5:8E:01:98:54
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/713cdf-b72c-4ce9-ac4f-89e9d48a4365/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/713cdf-b72c-4ce9-ac4f-89e9d48a4365/1/jLb-ZWc_sSi7RFpfTfubpY4BmFQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215259

    Signature Algorithm: sha256WithRSAEncryption
         4b:dc:79:4d:1f:04:1c:e4:0a:db:ae:70:4d:e2:5a:29:7a:1f:
         f7:df:50:22:b0:35:f8:06:90:54:46:e4:d3:55:f0:f0:52:c8:
         60:92:71:6a:a6:66:e9:18:05:25:fe:ca:42:2d:0c:47:09:a8:
         56:46:b1:92:c0:b1:01:27:ee:59:81:39:89:c5:7c:17:59:c2:
         43:e1:3b:c0:aa:d9:71:b7:2b:62:72:2b:8a:e4:7e:b5:1b:a2:
         42:14:a4:96:ea:0f:bc:bb:54:88:85:03:91:54:a2:98:83:4b:
         71:03:19:28:fe:b1:33:a7:65:50:29:b0:73:7f:e7:47:23:46:
         9c:b1:46:a8:37:1b:8a:b3:75:68:ab:73:8e:f4:6d:21:c2:b1:
         dc:d4:20:b3:ff:74:25:e6:20:94:ea:27:30:9e:44:c7:df:a1:
         10:1d:90:87:7f:88:df:08:35:a0:67:38:81:42:48:7b:fe:6d:
         71:6e:a7:df:4a:00:72:1e:24:30:1c:d3:c2:4e:0d:24:50:3f:
         bf:dd:07:fd:11:d6:16:3c:6e:2f:9e:20:38:fb:e3:27:5e:6c:
         c7:e6:23:29:04:da:a0:07:58:3c:a3:d8:5b:b5:99:62:b1:90:
         f3:00:70:6d:c9:ca:4e:f8:05:b1:2e:54:cc:39:df:7a:3c:47:
         fb:b9:90:f2
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY/v0IISF9PwVKxnJseschtZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjA2MjMwOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2I2ZmU2NTY3M2ZiMTI4YmI0NDVhNWY0ZGZiOWJhNThlMDE5ODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGpYo4GBNfDxHWUnxQ3jJqUkU2nu
Nx9kYDf7xcqkpN6jWgK+8gXbvoEXAOpuRInr10q1gJQNOIh9JExM1uLQzIGbB2hm
0dHFjIC8dM7mtk7zMOlyCVKqfa1vQC+6N9GBXG5uJGbHpjTodcndtNngt06mrRfa
mmuEVgNawbmZafWbPruOAn7W184ibwXsQkwuOlXQ+GgqLRsIbeCS8EjeJ9ulCiVw
PrFklTM0GUq0N92/nDhQVtT+6peW7z6vXL1gYNZhW+3k1bvq+H4xIEqPu/DJ9mfn
ZrEKF1qMXLr/UyPFrDdsI41pYJSabuCAGyit/ArfBOjcE6vd3/GYb37aQwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIy2/mVnP7Eou0RaX037m6WOAZhUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJjLzcxM2Nk
Zi1iNzJjLTRjZTktYWM0Zi04OWU5ZDQ4YTQzNjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvNzEzY2Rm
LWI3MmMtNGNlOS1hYzRmLTg5ZTlkNDhhNDM2NS8xL2pMYi1aV2Nfc1NpN1JGcGZU
ZnVicFk0Qm1GUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNI2zANBgkqhkiG9w0BAQsFAAOCAQEAS9x5TR8EHOQK
265wTeJaKXof999QIrA1+AaQVEbk01Xw8FLIYJJxaqZm6RgFJf7KQi0MRwmoVkax
ksCxASfuWYE5icV8F1nCQ+E7wKrZcbcrYnIriuR+tRuiQhSkluoPvLtUiIUDkVSi
mINLcQMZKP6xM6dlUCmwc3/nRyNGnLFGqDcbirN1aKtzjvRtIcKx3NQgs/90JeYg
lOonMJ5Ex9+hEB2Qh3+I3wg1oGc4gUJIe/5tcW6n30oAch4kMBzTwk4NJFA/v90H
/RHWFjxuL54gOPvjJ15sx+YjKQTaoAdYPKPYW7WZYrGQ8wBwbcnKTvgFsS5UzDnf
ejxH+7mQ8g==
-----END CERTIFICATE-----