Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mD6ikZcZkNxIb5OBJ4P63Yet6GM.cer
File:                     mD6ikZcZkNxIb5OBJ4P63Yet6GM.cer (raw, json)
Hash identifier:          mz0xkyt4WB7PUD/UKRvYYnCuq2LUx59xkJv+Ju6IQLM=
Subject key identifier:   98:3E:A2:91:97:19:90:DC:48:6F:93:81:27:83:FA:DD:87:AD:E8:63
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F0691AF86C739EEC1B89120DBB8B3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/66/42e99c-74a7-4155-b2b4-c6e9e0fd7080/1/mD6ikZcZkNxIb5OBJ4P63Yet6GM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/66/42e99c-74a7-4155-b2b4-c6e9e0fd7080/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:29:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200202

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:06:91:af:86:c7:39:ee:c1:b8:91:20:db:b8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=983ea291971990dc486f93812783fadd87ade863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:13:83:fc:14:77:c8:7e:2f:7f:a0:9a:04:92:
                    50:aa:93:ab:28:9a:0b:22:07:60:37:15:54:ae:20:
                    d7:f1:d4:4b:d7:04:d8:09:78:d7:8d:94:ef:1b:89:
                    d3:87:25:6f:de:6b:83:d1:6c:41:c7:b5:f2:2e:dd:
                    62:48:69:7c:a2:74:65:90:6f:90:7f:e7:ce:39:a6:
                    ce:b9:3f:ae:b2:e1:82:e4:83:54:a8:c4:8b:5f:a8:
                    e1:0c:b1:8b:d7:43:7f:08:af:dd:92:79:14:d1:13:
                    c5:34:61:61:c8:34:b5:18:23:7e:9d:f8:41:4d:fe:
                    d9:95:d6:b4:c9:c6:d4:3f:60:52:29:9d:73:9d:5d:
                    0e:f4:4b:4a:4d:c1:0b:23:f5:ac:4a:6e:fe:6f:3d:
                    65:30:85:2e:61:aa:af:89:6b:92:f4:20:03:dc:b0:
                    b1:66:00:60:7b:3b:d5:db:07:66:9a:95:10:07:90:
                    b8:20:f8:c5:26:67:d6:6e:8d:23:ee:9c:a8:b5:84:
                    ff:20:2f:13:65:fd:1e:c3:36:1a:34:d0:bc:f2:56:
                    7e:67:ac:5c:dc:f3:84:32:78:f3:ee:d7:91:0d:2b:
                    8c:fa:5f:7d:8c:18:7f:24:8d:5f:1e:cc:2f:60:18:
                    aa:d0:a6:25:55:c7:1c:d8:e3:0f:ea:d4:10:63:cc:
                    df:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:3E:A2:91:97:19:90:DC:48:6F:93:81:27:83:FA:DD:87:AD:E8:63
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/42e99c-74a7-4155-b2b4-c6e9e0fd7080/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/42e99c-74a7-4155-b2b4-c6e9e0fd7080/1/mD6ikZcZkNxIb5OBJ4P63Yet6GM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200202

    Signature Algorithm: sha256WithRSAEncryption
         84:ea:fd:73:e0:84:90:1f:d1:cd:61:72:38:59:32:92:80:47:
         8e:d6:95:f2:25:54:7f:92:21:9c:6f:27:cd:85:d2:8e:83:00:
         56:af:10:40:e4:a8:43:f1:5b:db:19:6f:50:73:41:0c:5a:a4:
         97:43:d8:96:3c:87:a3:e7:9a:43:66:ed:11:94:f7:d5:34:71:
         87:a9:27:47:d0:09:0e:ab:69:fb:08:01:01:a5:a5:31:bd:c4:
         66:6b:67:e9:50:68:51:a2:cc:64:7a:37:28:dc:a0:b7:1c:56:
         b4:fa:1b:15:e5:5a:8a:72:35:07:6d:79:86:c2:65:d6:56:89:
         a7:6e:72:20:31:e9:ef:d9:a0:37:90:53:aa:aa:4d:c5:0a:cf:
         c7:7d:b5:f4:01:67:99:66:b6:5c:3b:a2:e5:0c:2a:bd:6a:39:
         94:06:fd:63:ec:13:6d:e4:1f:c8:f2:ff:ae:23:ae:b6:b6:6b:
         87:3f:54:9d:45:b8:3a:81:d5:37:69:2e:3a:10:a1:5d:57:38:
         29:41:e4:28:48:41:96:a1:5a:df:af:7b:d1:66:27:39:3d:c9:
         4e:70:4c:8b:c6:96:2d:fb:17:c2:48:91:3a:a4:46:d6:02:ec:
         bb:cb:bc:aa:a5:48:9c:63:15:60:66:32:53:47:f7:ab:a8:c6:
         fe:1e:e6:15
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIbwaRr4bHOe7BuJEg27izMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODNlYTI5MTk3MTk5MGRjNDg2ZjkzODEyNzgzZmFkZDg3YWRlODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxOD/BR3yH4vf6CaBJJQqpOrKJoL
IgdgNxVUriDX8dRL1wTYCXjXjZTvG4nThyVv3muD0WxBx7XyLt1iSGl8onRlkG+Q
f+fOOabOuT+usuGC5INUqMSLX6jhDLGL10N/CK/dknkU0RPFNGFhyDS1GCN+nfhB
Tf7Zlda0ycbUP2BSKZ1znV0O9EtKTcELI/WsSm7+bz1lMIUuYaqviWuS9CAD3LCx
ZgBgezvV2wdmmpUQB5C4IPjFJmfWbo0j7pyotYT/IC8TZf0ewzYaNNC88lZ+Z6xc
3POEMnjz7teRDSuM+l99jBh/JI1fHswvYBiq0KYlVccc2OMP6tQQY8zffQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJg+opGXGZDcSG+TgSeD+t2HrehjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY2LzQyZTk5
Yy03NGE3LTQxNTUtYjJiNC1jNmU5ZTBmZDcwODAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYvNDJlOTlj
LTc0YTctNDE1NS1iMmI0LWM2ZTllMGZkNzA4MC8xL21ENmlrWmNaa054SWI1T0JK
NFA2M1lldDZHTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMOCjANBgkqhkiG9w0BAQsFAAOCAQEAhOr9c+CEkB/R
zWFyOFkykoBHjtaV8iVUf5IhnG8nzYXSjoMAVq8QQOSoQ/Fb2xlvUHNBDFqkl0PY
ljyHo+eaQ2btEZT31TRxh6knR9AJDqtp+wgBAaWlMb3EZmtn6VBoUaLMZHo3KNyg
txxWtPobFeVainI1B215hsJl1laJp25yIDHp79mgN5BTqqpNxQrPx3219AFnmWa2
XDui5QwqvWo5lAb9Y+wTbeQfyPL/riOutrZrhz9UnUW4OoHVN2kuOhChXVc4KUHk
KEhBlqFa36970WYnOT3JTnBMi8aWLfsXwkiROqRG1gLsu8u8qqVInGMVYGYyU0f3
q6jG/h7mFQ==
-----END CERTIFICATE-----