Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lFAxyyKjXNts5XnLcCcOp7Oomic.cer
File:                     lFAxyyKjXNts5XnLcCcOp7Oomic.cer (raw, json)
Hash identifier:          v7C76DaexXZ+E73KyMDbN55fL3uQ1MDjI96wnVuIVl8=
Subject key identifier:   94:50:31:CB:22:A3:5C:DB:6C:E5:79:CB:70:27:0E:A7:B3:A8:9A:27
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BBF69A4DD8B8FF1ED271C311D11C6E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/c5592a54-4035-4970-86dc-3d1803b7b60f/0/945031CB22A35CDB6CE579CB70270EA7B3A89A27.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/c5592a54-4035-4970-86dc-3d1803b7b60f/0
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:33:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 41732
                          AS: 211940

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f6:9a:4d:d8:b8:ff:1e:d2:71:c3:11:d1:1c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=945031cb22a35cdb6ce579cb70270ea7b3a89a27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:00:0e:c0:31:93:a8:86:f0:8c:2f:b5:d3:a1:
                    7c:39:47:45:5f:7c:9a:c2:40:5a:b1:df:59:85:44:
                    fa:89:8c:cb:72:71:51:f4:15:0f:62:43:55:27:54:
                    0d:17:08:a4:50:38:70:09:e0:f1:76:b1:a9:84:38:
                    8b:c9:24:64:48:08:fb:6e:7c:12:d4:77:e7:b7:56:
                    41:54:78:e3:d5:ff:58:6b:e7:ec:01:11:40:89:ad:
                    98:68:de:0c:92:7e:26:56:02:b5:30:8d:95:b1:b1:
                    ae:48:e8:27:d7:a9:4d:ad:ad:70:35:b3:7c:df:1b:
                    c5:29:f8:f6:d9:3c:0a:ae:6f:03:f5:0e:cd:84:ee:
                    59:08:f5:f5:57:58:6e:cb:6c:ba:63:6c:a1:5a:6c:
                    35:b1:e7:72:72:9f:ac:e1:c7:41:a6:f1:d8:f2:dc:
                    5f:f9:1d:54:a0:df:ca:5e:26:50:6a:e2:80:70:6a:
                    73:a4:5c:1c:2b:d4:4e:d3:b7:44:2c:ea:1b:48:5b:
                    0e:0b:31:7a:e8:79:42:9c:f3:10:40:2a:d9:02:a9:
                    1d:bf:98:22:08:00:ce:aa:cc:78:15:a9:c6:eb:c0:
                    39:a9:f7:49:2a:e7:d2:67:84:6c:30:10:2d:55:63:
                    a8:71:65:41:08:2e:62:8c:b3:a8:40:e8:de:40:45:
                    3b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:50:31:CB:22:A3:5C:DB:6C:E5:79:CB:70:27:0E:A7:B3:A8:9A:27
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5592a54-4035-4970-86dc-3d1803b7b60f/0
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5592a54-4035-4970-86dc-3d1803b7b60f/0/945031CB22A35CDB6CE579CB70270EA7B3A89A27.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41732
                  211940

    Signature Algorithm: sha256WithRSAEncryption
         67:f0:17:23:b6:ee:f6:ba:f5:83:d7:bd:de:01:1a:18:4b:c3:
         87:fa:b1:4b:b1:0a:9c:90:e9:43:55:17:63:d5:9b:2a:89:2e:
         98:f4:c0:d7:9b:b7:20:e9:38:c0:9a:93:3b:dd:54:cb:65:de:
         f6:22:20:dd:69:7f:3f:98:fb:4e:2a:03:71:a7:26:50:0a:29:
         a7:5b:6c:91:07:8b:1b:07:62:b2:46:bc:18:b3:91:f3:f2:ac:
         aa:29:d8:bf:3b:a6:a0:63:8b:6a:5a:bb:fc:1e:73:45:86:50:
         85:52:65:29:00:e8:45:52:bc:80:80:62:35:07:5c:a6:c7:11:
         ae:6c:52:40:52:bd:88:d4:6f:5e:3e:55:59:67:ea:fd:c3:d8:
         c0:14:f0:b5:28:c6:0c:d8:5c:5d:2c:0f:09:5b:cb:04:5a:3f:
         98:89:00:a9:a4:45:a0:76:fc:6c:f0:41:7e:57:c7:28:30:b1:
         ec:9e:8d:2d:dc:b4:85:0e:0f:22:45:ea:d5:91:a4:c3:4f:6f:
         f4:0e:29:7d:c7:e7:dd:17:f6:71:51:b1:f4:8a:cb:1c:4f:38:
         af:78:3c:7b:ba:34:16:38:33:93:87:d5:2c:83:f9:ea:b8:b2:
         3b:78:bb:8b:44:e5:a7:74:a0:e2:5f:b8:a5:bf:c6:30:45:c7:
         1c:81:bf:85
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzJu/aaTdi4/x7SccMR0RxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDUwMzFjYjIyYTM1Y2RiNmNlNTc5Y2I3MDI3MGVhN2IzYTg5YTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9QAOwDGTqIbwjC+106F8OUdFX3ya
wkBasd9ZhUT6iYzLcnFR9BUPYkNVJ1QNFwikUDhwCeDxdrGphDiLySRkSAj7bnwS
1Hfnt1ZBVHjj1f9Ya+fsARFAia2YaN4Mkn4mVgK1MI2VsbGuSOgn16lNra1wNbN8
3xvFKfj22TwKrm8D9Q7NhO5ZCPX1V1huy2y6Y2yhWmw1sedycp+s4cdBpvHY8txf
+R1UoN/KXiZQauKAcGpzpFwcK9RO07dELOobSFsOCzF66HlCnPMQQCrZAqkdv5gi
CADOqsx4FanG68A5qfdJKufSZ4RsMBAtVWOocWVBCC5ijLOoQOjeQEU7BQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFJRQMcsio1zbbOV5y3AnDqezqJonMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE+BggrBgEFBQcBCwSCATAwggEsMF4GCCsGAQUFBzAFhlJy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M1NTky
YTU0LTQwMzUtNDk3MC04NmRjLTNkMTgwM2I3YjYwZi8wMIGLBggrBgEFBQcwCoZ/
cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9jNTU5
MmE1NC00MDM1LTQ5NzAtODZkYy0zZDE4MDNiN2I2MGYvMC85NDUwMzFDQjIyQTM1
Q0RCNkNFNTc5Q0I3MDI3MEVBN0IzQTg5QTI3Lm1mdDA8BggrBgEFBQcwDYYwaHR0
cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3RpZmljYXRpb24ueG1sMFkG
A1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEIAQH/BBAwDqAMMAoCAwCjBAID
AzvkMA0GCSqGSIb3DQEBCwUAA4IBAQBn8Bcjtu72uvWD173eARoYS8OH+rFLsQqc
kOlDVRdj1ZsqiS6Y9MDXm7cg6TjAmpM73VTLZd72IiDdaX8/mPtOKgNxpyZQCimn
W2yRB4sbB2KyRrwYs5Hz8qyqKdi/O6agY4tqWrv8HnNFhlCFUmUpAOhFUryAgGI1
B1ymxxGubFJAUr2I1G9ePlVZZ+r9w9jAFPC1KMYM2FxdLA8JW8sEWj+YiQCppEWg
dvxs8EF+V8coMLHsno0t3LSFDg8iRerVkaTDT2/0Dil9x+fdF/ZxUbH0isscTziv
eDx7ujQWODOTh9Usg/nquLI7eLuLROWndKDiX7ilv8YwRcccgb+F
-----END CERTIFICATE-----