Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/pQfCoLbihC5LQ_Vmy2NeU_RGCAc.cer
File:                     pQfCoLbihC5LQ_Vmy2NeU_RGCAc.cer (raw, json)
Hash identifier:          7QnDSxx5fkSW8BEGKpITqW/4mmV1XoBuzy1cxrpmLEA=
Subject key identifier:   A5:07:C2:A0:B6:E2:84:2E:4B:43:F5:66:CB:63:5E:53:F4:46:08:07
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC726ADE3CCE575FD797B02320CE923C7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bf/1b712f-bcd1-4ce8-b4c7-072128409974/1/pQfCoLbihC5LQ_Vmy2NeU_RGCAc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bf/1b712f-bcd1-4ce8-b4c7-072128409974/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:30:50 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210921

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ad:e3:cc:e5:75:fd:79:7b:02:32:0c:e9:23:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a507c2a0b6e2842e4b43f566cb635e53f4460807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:33:77:db:da:69:69:06:24:c3:bb:1b:ae:12:
                    ec:a6:fa:a6:03:b2:21:16:bf:a4:c7:84:ce:07:13:
                    e0:91:18:be:ef:cf:59:1a:5a:21:f2:83:5a:2d:39:
                    d7:71:00:aa:27:d3:2d:ed:7d:41:bd:23:aa:9a:5b:
                    f1:32:6b:5a:a1:b4:d1:5b:b9:99:1e:e5:48:cb:49:
                    d1:9a:4d:af:32:09:69:f6:57:fd:df:8d:d4:3e:42:
                    dc:df:51:7f:c1:e7:7d:2f:17:ee:b6:6f:48:1d:30:
                    58:f8:2d:14:c2:86:25:77:77:4d:48:da:7c:92:f5:
                    96:7f:45:51:47:d8:08:bd:89:82:a9:68:a9:c0:dd:
                    ba:16:1d:e0:c4:53:90:c6:a2:09:e9:e2:a1:fd:5f:
                    04:8c:7e:ac:f9:c5:d1:7e:8d:ad:e1:a0:7f:ee:c0:
                    f4:cc:04:1d:4a:c7:0b:e9:60:ed:d6:34:11:5c:ae:
                    70:e5:ba:8e:64:5f:c7:b8:7c:aa:1b:80:d7:14:02:
                    8b:58:24:52:65:1b:a9:db:19:58:02:01:17:87:95:
                    b3:c3:46:df:06:8a:d9:d8:6f:86:a5:c9:8e:ff:33:
                    6b:ed:8c:6b:bd:af:9a:c6:87:dc:80:0b:ae:64:68:
                    14:d8:7d:7d:21:99:27:c9:69:b4:a8:18:eb:bd:4b:
                    d3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:07:C2:A0:B6:E2:84:2E:4B:43:F5:66:CB:63:5E:53:F4:46:08:07
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/1b712f-bcd1-4ce8-b4c7-072128409974/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/1b712f-bcd1-4ce8-b4c7-072128409974/1/pQfCoLbihC5LQ_Vmy2NeU_RGCAc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210921

    Signature Algorithm: sha256WithRSAEncryption
         82:b4:fe:a3:14:7d:c5:0a:61:c5:9c:0a:38:63:5b:20:24:51:
         a0:2e:90:98:bc:df:85:ef:e5:f8:36:18:21:ce:3d:ac:89:c4:
         26:e2:90:31:f9:8a:9d:b3:ab:b9:73:7e:86:d5:96:13:fe:c9:
         a1:c8:9e:40:79:fa:80:d1:43:8e:ba:20:fb:29:d6:54:bf:12:
         c5:6d:18:47:2b:78:88:15:75:f7:cd:3c:b8:74:4a:b8:54:39:
         c4:a7:4f:52:0b:87:52:67:40:55:f1:a9:ec:76:01:ce:9b:37:
         54:77:eb:7e:5a:db:fc:81:b7:1e:08:95:de:67:3b:2e:7d:d3:
         81:c2:14:bc:5e:2a:02:15:50:99:89:97:af:54:52:22:da:03:
         5d:8e:a9:df:a3:38:e1:af:2d:a9:0e:c3:e1:09:49:6f:cf:33:
         66:c1:75:14:81:9c:aa:df:d0:34:6f:ed:c0:96:08:49:4e:40:
         94:24:29:8b:74:c0:93:a0:59:80:84:3d:eb:42:70:1f:bc:e6:
         76:5b:4a:85:da:33:30:0f:bf:f0:27:5b:9c:2b:29:b4:2c:34:
         38:06:03:7a:20:39:6e:9f:80:80:39:ef:1c:9c:2a:a4:e9:3f:
         cb:d6:3a:05:28:b5:69:68:30:21:1e:a5:40:e0:71:a3:53:c8:
         a7:4f:43:54
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHJq3jzOV1/Xl7AjIM6SPHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTA3YzJhMGI2ZTI4NDJlNGI0M2Y1NjZjYjYzNWU1M2Y0NDYwODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jN329ppaQYkw7sbrhLspvqmA7Ih
Fr+kx4TOBxPgkRi+789ZGloh8oNaLTnXcQCqJ9Mt7X1BvSOqmlvxMmtaobTRW7mZ
HuVIy0nRmk2vMglp9lf9343UPkLc31F/wed9Lxfutm9IHTBY+C0UwoYld3dNSNp8
kvWWf0VRR9gIvYmCqWipwN26Fh3gxFOQxqIJ6eKh/V8EjH6s+cXRfo2t4aB/7sD0
zAQdSscL6WDt1jQRXK5w5bqOZF/HuHyqG4DXFAKLWCRSZRup2xlYAgEXh5Wzw0bf
BorZ2G+GpcmO/zNr7Yxrva+axofcgAuuZGgU2H19IZknyWm0qBjrvUvTJwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFKUHwqC24oQuS0P1ZstjXlP0RggHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JmLzFiNzEy
Zi1iY2QxLTRjZTgtYjRjNy0wNzIxMjg0MDk5NzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmYvMWI3MTJm
LWJjZDEtNGNlOC1iNGM3LTA3MjEyODQwOTk3NC8xL3BRZkNvTGJpaEM1TFFfVm15
Mk5lVV9SR0NBYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM36TANBgkqhkiG9w0BAQsFAAOCAQEAgrT+oxR9xQph
xZwKOGNbICRRoC6QmLzfhe/l+DYYIc49rInEJuKQMfmKnbOruXN+htWWE/7Jocie
QHn6gNFDjrog+ynWVL8SxW0YRyt4iBV19808uHRKuFQ5xKdPUguHUmdAVfGp7HYB
zps3VHfrflrb/IG3HgiV3mc7Ln3TgcIUvF4qAhVQmYmXr1RSItoDXY6p36M44a8t
qQ7D4QlJb88zZsF1FIGcqt/QNG/twJYISU5AlCQpi3TAk6BZgIQ960JwH7zmdltK
hdozMA+/8CdbnCsptCw0OAYDeiA5bp+AgDnvHJwqpOk/y9Y6BSi1aWgwIR6lQOBx
o1PIp09DVA==
-----END CERTIFICATE-----