Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/paimkAmtLokJhr3XbGM8GzHwbzo.cer
File:                     paimkAmtLokJhr3XbGM8GzHwbzo.cer (raw, json)
Hash identifier:          tEK7lGbmzr3YuSuhnNyGvxolWThOOQLaknToG4c7xGA=
Subject key identifier:   A5:A8:A6:90:09:AD:2E:89:09:86:BD:D7:6C:63:3C:1B:31:F0:6F:3A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56ED574FB2BC74ED60CA1FE3EFB2DC9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/paimkAmtLokJhr3XbGM8GzHwbzo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216219
                          IP: 2a13:f740::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d5:74:fb:2b:c7:4e:d6:0c:a1:fe:3e:fb:2d:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5a8a69009ad2e890986bdd76c633c1b31f06f3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e4:16:4a:05:a6:66:7d:a9:f4:f1:e8:4b:7c:
                    29:9c:66:dd:d9:28:e1:1d:98:ba:69:0d:4e:e8:71:
                    f7:71:55:ef:70:fb:56:a1:9a:a4:54:34:71:ac:bb:
                    7d:d3:1e:df:d7:69:d7:bd:4a:3a:d8:e1:ab:76:c6:
                    a1:56:34:fb:ee:b8:84:c1:e0:08:30:78:9e:be:f7:
                    db:af:e5:ec:3c:f9:c7:03:73:13:4f:e6:7f:90:b7:
                    2d:54:70:76:ce:0a:88:ed:87:47:0e:05:92:a0:e7:
                    f8:7e:60:64:13:7b:00:3f:3d:b8:08:64:03:fa:b8:
                    c7:5c:e6:96:e0:43:e6:0f:1e:a5:07:16:c3:04:89:
                    ee:42:74:7e:62:b3:bb:b8:24:b0:89:08:ba:c5:17:
                    f1:35:24:11:fe:fb:03:83:45:aa:49:a1:48:4a:03:
                    31:d4:b3:ff:3c:b1:c3:49:9b:29:27:40:9e:e1:01:
                    d0:83:49:ff:a2:ea:28:b7:4c:b2:5f:31:75:42:4b:
                    e8:50:bb:16:57:3b:e2:27:fb:67:24:08:24:9f:2e:
                    60:de:c3:d5:72:ba:91:55:98:ff:eb:a0:4c:c7:83:
                    fa:20:80:9d:cc:e6:22:63:15:2a:8e:78:f4:84:0f:
                    58:cb:15:b2:d0:ad:8c:0e:46:ee:38:c2:08:86:ba:
                    ef:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:A8:A6:90:09:AD:2E:89:09:86:BD:D7:6C:63:3C:1B:31:F0:6F:3A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/paimkAmtLokJhr3XbGM8GzHwbzo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:f740::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216219

    Signature Algorithm: sha256WithRSAEncryption
         8c:bc:25:7f:83:3e:7b:d4:3f:7e:8a:f8:10:e7:dd:42:ef:a9:
         6b:01:dc:ec:37:15:21:21:62:83:b1:95:cc:6d:94:65:26:3c:
         7c:5d:f7:e3:71:9b:b5:8e:6f:69:06:40:ea:3e:fd:2d:2f:2d:
         53:71:fb:1a:85:5d:fe:ca:15:ad:62:4d:a0:c5:42:bb:ae:32:
         9c:51:bb:4f:b1:c3:0d:56:bd:69:3f:c1:3a:e5:50:11:5e:8b:
         c1:ea:7d:3d:6a:d1:9e:87:2a:76:c3:fe:65:0e:bb:c9:ea:44:
         fc:10:5b:0f:10:11:1f:39:66:c7:29:f6:be:86:9d:2a:6e:6a:
         ed:06:4e:3c:05:4d:e5:13:76:17:b1:d1:47:88:ca:7c:38:9c:
         58:07:a6:c7:c8:5a:ff:da:6c:22:48:1a:4b:3c:64:40:7f:6f:
         51:6c:4b:05:aa:d4:81:7b:8d:19:41:ca:e6:2f:dd:86:9f:69:
         42:e6:12:c8:f3:6a:e6:16:4d:01:41:c6:f0:28:b5:04:56:ed:
         38:34:0c:87:5d:6f:c8:7a:78:5d:55:16:b0:8f:f0:96:91:ec:
         94:21:48:93:67:ff:7c:0e:17:69:d0:25:02:4c:b5:47:1f:4e:
         d8:d3:b5:55:61:78:1b:68:40:24:72:1d:cc:b6:38:03:b9:e3:
         68:a4:12:c9
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYzFbtV0+yvHTtYMof4++y3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWE4YTY5MDA5YWQyZTg5MDk4NmJkZDc2YzYzM2MxYjMxZjA2ZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeQWSgWmZn2p9PHoS3wpnGbd2Sjh
HZi6aQ1O6HH3cVXvcPtWoZqkVDRxrLt90x7f12nXvUo62OGrdsahVjT77riEweAI
MHievvfbr+XsPPnHA3MTT+Z/kLctVHB2zgqI7YdHDgWSoOf4fmBkE3sAPz24CGQD
+rjHXOaW4EPmDx6lBxbDBInuQnR+YrO7uCSwiQi6xRfxNSQR/vsDg0WqSaFISgMx
1LP/PLHDSZspJ0Ce4QHQg0n/ouoot0yyXzF1QkvoULsWVzviJ/tnJAgkny5g3sPV
crqRVZj/66BMx4P6IICdzOYiYxUqjnj0hA9YyxWy0K2MDkbuOMIIhrrvxQIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFKWoppAJrS6JCYa912xjPBsx8G86MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VjL2M0ZGFk
YS0xYTI5LTQ0OWEtOWFjNi1iMTJlYmYzNDViYzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWMvYzRkYWRh
LTFhMjktNDQ5YS05YWM2LWIxMmViZjM0NWJjMy8xL3BhaW1rQW10TG9rSmhyM1hi
R004R3pId2J6by5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhP3QDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDTJswDQYJKoZIhvcNAQELBQADggEBAIy8JX+DPnvUP36K+BDn3ULvqWsB3Ow3
FSEhYoOxlcxtlGUmPHxd9+Nxm7WOb2kGQOo+/S0vLVNx+xqFXf7KFa1iTaDFQruu
MpxRu0+xww1WvWk/wTrlUBFei8HqfT1q0Z6HKnbD/mUOu8nqRPwQWw8QER85Zscp
9r6GnSpuau0GTjwFTeUTdhex0UeIynw4nFgHpsfIWv/abCJIGks8ZEB/b1FsSwWq
1IF7jRlByuYv3YafaULmEsjzauYWTQFBxvAotQRW7Tg0DIddb8h6eF1VFrCP8JaR
7JQhSJNn/3wOF2nQJQJMtUcfTtjTtVVheBtoQCRyHcy2OAO542ikEsk=
-----END CERTIFICATE-----