Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/pnknI_UOcyw4kgiUBnCl4KiWzzE.cer
File:                     pnknI_UOcyw4kgiUBnCl4KiWzzE.cer (raw, json)
Hash identifier:          so0ILl+WDJrupTbZJSbqFQIcbHJBEA4kwcC70mUBACE=
Subject key identifier:   A6:79:27:23:F5:0E:73:2C:38:92:08:94:06:70:A5:E0:A8:96:CF:31
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4255C3CF9DF3C1655D480E5F61140CF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/20/bc3c68-d550-4f09-a151-5b03dc8f7c0e/1/pnknI_UOcyw4kgiUBnCl4KiWzzE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/20/bc3c68-d550-4f09-a151-5b03dc8f7c0e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:30:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 206501

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5c:3c:f9:df:3c:16:55:d4:80:e5:f6:11:40:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6792723f50e732c389208940670a5e0a896cf31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ee:71:ba:d8:3d:49:3e:6f:10:ce:e5:0c:3b:
                    49:43:79:b4:b4:8a:3d:d2:9e:b3:00:f7:5a:cb:f9:
                    db:8b:05:7e:f7:2b:fb:8a:c9:1d:af:08:54:1f:3a:
                    8e:c9:b6:72:ed:9a:e7:c2:a8:a8:dd:04:5f:cf:d7:
                    75:1f:60:41:6d:24:8e:a3:70:d2:1c:1a:9e:a8:fa:
                    af:c3:8b:ca:f8:2e:4b:00:d2:60:46:80:50:12:0e:
                    36:45:67:16:3c:10:7a:ae:0c:a5:58:cd:78:0a:3a:
                    00:87:f1:16:3d:92:5c:2e:c9:cd:bc:32:de:4c:07:
                    01:ff:6e:4e:75:9c:4a:fe:7b:53:83:28:67:00:3e:
                    b8:10:12:5c:9e:e8:10:e4:f8:56:1b:b0:f0:66:0a:
                    73:22:e4:b4:8e:69:7b:6e:4a:46:d4:82:e4:0a:41:
                    f1:09:37:5b:b8:02:79:b4:02:76:92:aa:fe:a1:9c:
                    cd:36:10:06:75:eb:d6:06:f2:b7:e5:33:1a:f6:a7:
                    cc:11:61:e6:77:55:25:44:20:c5:2f:a7:b5:04:da:
                    af:37:1c:b9:29:0e:c1:93:7c:d9:a2:6e:88:c9:9e:
                    41:a5:6a:2e:5e:2c:ed:20:3d:04:55:18:2c:25:0d:
                    48:aa:b4:64:a4:43:f9:f5:36:97:15:0d:67:05:05:
                    7f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:79:27:23:F5:0E:73:2C:38:92:08:94:06:70:A5:E0:A8:96:CF:31
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/bc3c68-d550-4f09-a151-5b03dc8f7c0e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/bc3c68-d550-4f09-a151-5b03dc8f7c0e/1/pnknI_UOcyw4kgiUBnCl4KiWzzE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206501

    Signature Algorithm: sha256WithRSAEncryption
         03:75:89:71:2d:2e:88:ea:9c:4b:77:ad:25:ba:69:49:cf:93:
         c3:b7:b6:7f:99:82:60:81:14:68:2b:bf:ef:57:ef:a4:a9:64:
         b4:b5:cb:e1:3c:26:af:ad:db:e9:88:48:a0:10:32:13:48:39:
         c7:54:d4:24:95:9a:2b:f7:42:7f:8e:bb:68:ea:58:49:cc:06:
         97:84:78:88:83:91:34:06:4a:3c:78:1d:d5:ce:ae:e4:f8:d9:
         b2:da:bd:86:47:7f:7c:f9:0f:33:3e:60:1b:0a:c2:31:13:c9:
         8d:88:88:d6:d4:79:e5:83:58:c2:21:ad:76:7f:34:96:29:5a:
         eb:39:a5:18:a5:23:14:5f:55:73:14:f0:bf:f7:13:2c:af:dd:
         80:da:77:4e:b0:96:9e:c1:92:f8:e5:f7:b6:62:0b:2e:67:6f:
         9e:f3:09:73:9a:ac:f5:fe:a0:1a:45:c6:51:27:30:30:36:90:
         da:d6:e2:6d:25:81:5b:d2:ce:ee:f0:22:93:8c:4b:b7:9d:00:
         09:fd:2c:20:6e:5b:9a:e1:33:44:b6:bb:78:6f:c7:32:6a:7b:
         6f:4d:f9:cd:fc:f6:d3:6c:ba:39:b0:2d:96:8f:5d:a8:1e:6a:
         6d:c1:27:8c:b0:3b:49:1f:7c:04:18:18:73:64:08:1b:9d:b8:
         ab:fd:16:a4
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzEJVw8+d88FlXUgOX2EUDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc5MjcyM2Y1MGU3MzJjMzg5MjA4OTQwNjcwYTVlMGE4OTZjZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte5xutg9ST5vEM7lDDtJQ3m0tIo9
0p6zAPday/nbiwV+9yv7iskdrwhUHzqOybZy7Zrnwqio3QRfz9d1H2BBbSSOo3DS
HBqeqPqvw4vK+C5LANJgRoBQEg42RWcWPBB6rgylWM14CjoAh/EWPZJcLsnNvDLe
TAcB/25OdZxK/ntTgyhnAD64EBJcnugQ5PhWG7DwZgpzIuS0jml7bkpG1ILkCkHx
CTdbuAJ5tAJ2kqr+oZzNNhAGdevWBvK35TMa9qfMEWHmd1UlRCDFL6e1BNqvNxy5
KQ7Bk3zZom6IyZ5BpWouXiztID0EVRgsJQ1IqrRkpEP59TaXFQ1nBQV/zQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFKZ5JyP1DnMsOJIIlAZwpeCols8xMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIwL2JjM2M2
OC1kNTUwLTRmMDktYTE1MS01YjAzZGM4ZjdjMGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvYmMzYzY4
LWQ1NTAtNGYwOS1hMTUxLTViMDNkYzhmN2MwZS8xL3Bua25JX1VPY3l3NGtnaVVC
bkNsNEtpV3p6RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMmpTANBgkqhkiG9w0BAQsFAAOCAQEAA3WJcS0uiOqc
S3etJbppSc+Tw7e2f5mCYIEUaCu/71fvpKlktLXL4Twmr63b6YhIoBAyE0g5x1TU
JJWaK/dCf467aOpYScwGl4R4iIORNAZKPHgd1c6u5PjZstq9hkd/fPkPMz5gGwrC
MRPJjYiI1tR55YNYwiGtdn80lila6zmlGKUjFF9VcxTwv/cTLK/dgNp3TrCWnsGS
+OX3tmILLmdvnvMJc5qs9f6gGkXGUScwMDaQ2tbibSWBW9LO7vAik4xLt50ACf0s
IG5bmuEzRLa7eG/HMmp7b035zfz202y6ObAtlo9dqB5qbcEnjLA7SR98BBgYc2QI
G524q/0WpA==
-----END CERTIFICATE-----