Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/o8VuwTDZivLQ0pRZ8g-nm9Y1kBU.cer
File:                     o8VuwTDZivLQ0pRZ8g-nm9Y1kBU.cer (raw, json)
Hash identifier:          gJNkXt9MJQY0HoH1veolJqgKgNzlklJQBczLYjMlRyY=
Subject key identifier:   A3:C5:6E:C1:30:D9:8A:F2:D0:D2:94:59:F2:0F:A7:9B:D6:35:90:15
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018DA35095C42C15ED069E236CFFBBF52904
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/84/20d9cc-143f-4ee8-8c69-b3e9be742894/1/o8VuwTDZivLQ0pRZ8g-nm9Y1kBU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/84/20d9cc-143f-4ee8-8c69-b3e9be742894/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 13 Feb 2024 16:33:03 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216049

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a3:50:95:c4:2c:15:ed:06:9e:23:6c:ff:bb:f5:29:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 13 16:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3c56ec130d98af2d0d29459f20fa79bd6359015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:51:8e:00:64:12:60:02:a1:1d:a6:56:e4:98:
                    3e:db:4d:96:84:ff:c8:70:b1:25:1c:dd:1d:bf:6b:
                    94:82:cb:2d:05:6b:88:34:17:83:81:11:1d:45:11:
                    f8:b3:d0:6b:ff:22:e9:0c:3c:06:95:36:fe:0b:0d:
                    c7:b9:9e:5b:ea:84:99:e8:87:86:bc:41:f2:cb:4c:
                    75:ab:d5:a0:70:60:78:c4:0d:85:63:5d:c4:2c:56:
                    b3:8a:86:36:4d:b4:7a:99:91:0c:21:f3:95:83:82:
                    53:8e:45:28:c7:72:65:1c:1b:cb:f2:f9:84:7d:2a:
                    de:7d:5c:c4:b4:93:a6:ee:c6:fe:37:e0:14:7e:5e:
                    9d:38:a7:8c:e1:60:be:53:1f:f6:61:8d:17:7c:f9:
                    dd:c4:61:19:f5:4a:43:65:39:a2:60:34:8b:48:6e:
                    69:a6:d6:17:a0:96:f9:ae:9a:cb:82:ee:35:9b:7d:
                    2d:92:d1:5c:fe:0b:8b:dc:59:14:80:98:44:d9:e3:
                    0a:43:b8:91:ab:9a:e2:d1:50:9d:86:be:2f:b8:af:
                    ce:84:8f:7a:59:3f:99:c5:01:e7:73:75:8f:a3:32:
                    01:92:79:93:d9:04:13:22:cd:68:9e:b9:af:88:17:
                    43:4f:46:cc:3e:d0:db:ea:a4:b2:e8:d2:3a:57:af:
                    4d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C5:6E:C1:30:D9:8A:F2:D0:D2:94:59:F2:0F:A7:9B:D6:35:90:15
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/20d9cc-143f-4ee8-8c69-b3e9be742894/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/20d9cc-143f-4ee8-8c69-b3e9be742894/1/o8VuwTDZivLQ0pRZ8g-nm9Y1kBU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216049

    Signature Algorithm: sha256WithRSAEncryption
         84:bd:30:ff:70:b3:10:58:81:9b:9a:bd:d3:7d:6b:46:ce:ce:
         6a:a9:fe:aa:ec:73:37:71:57:da:b8:54:e2:47:b6:7d:e9:65:
         f4:f4:d6:6e:94:c7:58:05:7f:4b:7c:0b:c9:f3:70:05:6d:63:
         e6:9f:31:cc:06:ad:24:28:14:fe:73:44:34:57:4c:16:90:f8:
         e5:75:f1:75:f3:10:7b:01:c0:f2:99:64:91:4d:fa:fb:da:9a:
         21:62:3c:7a:ae:c5:08:2b:a1:d9:a4:96:a3:18:2e:48:89:03:
         12:bb:3b:e1:fd:4a:e2:70:92:63:59:04:d3:cd:79:be:f8:93:
         29:69:95:20:7a:9a:c0:77:a0:ac:18:b6:ff:af:b6:27:b2:f4:
         fb:c3:ad:fe:95:cd:f9:76:07:78:87:25:2f:71:47:bf:d5:91:
         f9:d5:aa:3f:5c:8e:2b:79:e1:d0:5c:f2:56:d1:7e:77:f8:80:
         9b:a7:8e:04:0d:37:93:6c:e7:0c:c6:a4:53:4c:c4:8d:3a:b8:
         21:22:c2:1e:6d:4b:bd:a9:cd:e4:70:71:59:fd:9b:89:9f:49:
         65:48:94:d2:75:01:88:10:e6:a9:bf:ae:84:39:6a:38:66:67:
         d4:4c:e9:75:8d:e9:9f:4a:ca:5b:92:75:74:2e:62:ce:15:f8:
         0c:93:59:ba
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY2jUJXELBXtBp4jbP+79SkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjEzMTYzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2M1NmVjMTMwZDk4YWYyZDBkMjk0NTlmMjBmYTc5YmQ2MzU5MDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1GOAGQSYAKhHaZW5Jg+202WhP/I
cLElHN0dv2uUgsstBWuINBeDgREdRRH4s9Br/yLpDDwGlTb+Cw3HuZ5b6oSZ6IeG
vEHyy0x1q9WgcGB4xA2FY13ELFazioY2TbR6mZEMIfOVg4JTjkUox3JlHBvL8vmE
fSrefVzEtJOm7sb+N+AUfl6dOKeM4WC+Ux/2YY0XfPndxGEZ9UpDZTmiYDSLSG5p
ptYXoJb5rprLgu41m30tktFc/guL3FkUgJhE2eMKQ7iRq5ri0VCdhr4vuK/OhI96
WT+ZxQHnc3WPozIBknmT2QQTIs1onrmviBdDT0bMPtDb6qSy6NI6V69NTwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFKPFbsEw2Yry0NKUWfIPp5vWNZAVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg0LzIwZDlj
Yy0xNDNmLTRlZTgtOGM2OS1iM2U5YmU3NDI4OTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODQvMjBkOWNj
LTE0M2YtNGVlOC04YzY5LWIzZTliZTc0Mjg5NC8xL284VnV3VERaaXZMUTBwUlo4
Zy1ubTlZMWtCVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNL8TANBgkqhkiG9w0BAQsFAAOCAQEAhL0w/3CzEFiB
m5q9031rRs7Oaqn+quxzN3FX2rhU4ke2fell9PTWbpTHWAV/S3wLyfNwBW1j5p8x
zAatJCgU/nNENFdMFpD45XXxdfMQewHA8plkkU36+9qaIWI8eq7FCCuh2aSWoxgu
SIkDErs74f1K4nCSY1kE0815vviTKWmVIHqawHegrBi2/6+2J7L0+8Ot/pXN+XYH
eIclL3FHv9WR+dWqP1yOK3nh0FzyVtF+d/iAm6eOBA03k2znDMakU0zEjTq4ISLC
Hm1LvanN5HBxWf2biZ9JZUiU0nUBiBDmqb+uhDlqOGZn1EzpdY3pn0rKW5J1dC5i
zhX4DJNZug==
-----END CERTIFICATE-----