Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kDYQzypUZDoKG2sVH6ZuMlAEy0o.cer
File:                     kDYQzypUZDoKG2sVH6ZuMlAEy0o.cer (raw, json)
Hash identifier:          Qey4YHU73PZQJxNHg7kut+Yjv3H5HbG2W2UlTarPQic=
Subject key identifier:   90:36:10:CF:2A:54:64:3A:0A:1B:6B:15:1F:A6:6E:32:50:04:CB:4A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018E51263AB9E0C496E302C50535EC0CD51B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/63/b4e1bb-346a-44b3-a0af-bc53f388fafa/1/kDYQzypUZDoKG2sVH6ZuMlAEy0o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/63/b4e1bb-346a-44b3-a0af-bc53f388fafa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 18 Mar 2024 10:40:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213253

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:26:3a:b9:e0:c4:96:e3:02:c5:05:35:ec:0c:d5:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 18 10:40:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=903610cf2a54643a0a1b6b151fa66e325004cb4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:46:c5:54:96:ba:f0:20:58:48:7c:9b:e7:21:
                    86:ea:24:fa:bc:05:a1:20:42:8e:59:07:ee:1f:a3:
                    13:29:3e:42:bd:ce:90:a6:55:73:12:27:1e:75:e8:
                    9b:2f:5c:61:db:1b:64:6e:a5:62:21:b2:58:82:6c:
                    09:1c:fa:e6:35:c2:81:eb:5a:4d:cf:ac:f3:67:16:
                    ef:d3:04:b2:b0:99:d8:d1:d2:d9:ed:94:6f:3e:45:
                    d4:98:7f:81:3c:94:91:12:10:7c:d8:af:80:02:17:
                    c9:ff:e9:33:dd:04:63:f4:38:29:30:eb:5b:ce:46:
                    16:00:c8:dc:e1:b3:63:c4:58:72:a9:2d:c5:d6:60:
                    8f:4c:92:c1:6b:1e:c3:35:7b:4e:5d:e8:e0:8c:44:
                    dd:79:eb:fc:01:20:79:54:a6:54:f2:99:8a:37:47:
                    ac:bb:4f:e5:28:a0:29:35:c3:f6:5b:b9:2c:ed:8e:
                    05:7d:fb:ac:af:a0:46:09:3e:ee:2e:16:bc:da:ab:
                    1f:d1:18:9b:cb:2b:32:63:ae:af:fc:2a:5f:d0:d4:
                    c4:6f:82:5d:0c:49:6f:ea:20:a9:03:1f:45:51:6c:
                    81:61:3d:80:d9:3f:4a:76:ae:12:b2:01:df:a6:0f:
                    a8:9b:d3:29:59:57:31:4b:ea:27:16:96:ea:60:c0:
                    4f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:36:10:CF:2A:54:64:3A:0A:1B:6B:15:1F:A6:6E:32:50:04:CB:4A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b4e1bb-346a-44b3-a0af-bc53f388fafa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b4e1bb-346a-44b3-a0af-bc53f388fafa/1/kDYQzypUZDoKG2sVH6ZuMlAEy0o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213253

    Signature Algorithm: sha256WithRSAEncryption
         a0:8d:20:3a:c3:10:ac:0e:01:42:2c:f0:79:b3:a2:89:13:d3:
         25:24:72:99:49:d4:98:d6:38:01:61:0c:e0:3c:32:b9:f1:fc:
         aa:f6:d7:a0:27:e4:a8:bb:36:cc:ff:1d:b0:3b:a9:6e:00:8d:
         10:61:40:ba:9f:dd:f8:cb:02:08:87:4a:d4:c4:7f:df:bb:47:
         bc:8f:a8:88:1d:30:1d:32:59:59:42:70:f5:f2:5a:b5:47:ec:
         21:39:f6:44:21:ee:cf:30:85:ba:13:b3:6c:37:32:18:3c:44:
         27:aa:f3:64:df:c2:4d:85:5e:82:1e:72:c8:d2:1c:93:97:72:
         0d:3c:4b:c5:9f:94:06:a7:22:fa:7e:a3:a9:78:ee:de:97:db:
         cb:3b:4a:77:db:b0:27:6a:78:90:66:de:d1:b4:23:db:26:47:
         7a:f9:bf:ca:06:47:56:03:0e:73:ff:6b:8b:81:01:2c:de:1e:
         9d:9a:ce:f0:ed:2f:49:d8:76:33:b0:78:6e:05:89:7c:df:f7:
         ae:38:6f:89:e9:b5:4e:0b:93:7f:c8:de:31:d8:00:43:0d:ad:
         a6:0d:1a:f7:e7:2c:2c:fe:e3:83:1a:1b:3b:86:25:ee:66:3c:
         0b:a3:10:97:44:d2:ab:9e:f2:4e:f1:20:e4:74:26:f8:48:d2:
         c9:11:6f:bb
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY5RJjq54MSW4wLFBTXsDNUbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMzE4MTA0MDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM2MTBjZjJhNTQ2NDNhMGExYjZiMTUxZmE2NmUzMjUwMDRjYjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kbFVJa68CBYSHyb5yGG6iT6vAWh
IEKOWQfuH6MTKT5Cvc6QplVzEicedeibL1xh2xtkbqViIbJYgmwJHPrmNcKB61pN
z6zzZxbv0wSysJnY0dLZ7ZRvPkXUmH+BPJSREhB82K+AAhfJ/+kz3QRj9DgpMOtb
zkYWAMjc4bNjxFhyqS3F1mCPTJLBax7DNXtOXejgjETdeev8ASB5VKZU8pmKN0es
u0/lKKApNcP2W7ks7Y4Fffusr6BGCT7uLha82qsf0RibyysyY66v/Cpf0NTEb4Jd
DElv6iCpAx9FUWyBYT2A2T9Kdq4SsgHfpg+om9MpWVcxS+onFpbqYMBPKQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJA2EM8qVGQ6ChtrFR+mbjJQBMtKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYzL2I0ZTFi
Yi0zNDZhLTQ0YjMtYTBhZi1iYzUzZjM4OGZhZmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjMvYjRlMWJi
LTM0NmEtNDRiMy1hMGFmLWJjNTNmMzg4ZmFmYS8xL2tEWVF6eXBVWkRvS0cyc1ZI
Nlp1TWxBRXkwby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNBBTANBgkqhkiG9w0BAQsFAAOCAQEAoI0gOsMQrA4B
QizwebOiiRPTJSRymUnUmNY4AWEM4DwyufH8qvbXoCfkqLs2zP8dsDupbgCNEGFA
up/d+MsCCIdK1MR/37tHvI+oiB0wHTJZWUJw9fJatUfsITn2RCHuzzCFuhOzbDcy
GDxEJ6rzZN/CTYVegh5yyNIck5dyDTxLxZ+UBqci+n6jqXju3pfbyztKd9uwJ2p4
kGbe0bQj2yZHevm/ygZHVgMOc/9ri4EBLN4enZrO8O0vSdh2M7B4bgWJfN/3rjhv
iem1TguTf8jeMdgAQw2tpg0a9+csLP7jgxobO4Yl7mY8C6MQl0TSq57yTvEg5HQm
+EjSyRFvuw==
-----END CERTIFICATE-----