Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/r_8Tpn8iXDwqYGZYwjlluBkdQAg.cer
File:                     r_8Tpn8iXDwqYGZYwjlluBkdQAg.cer (raw, json)
Hash identifier:          IjfKKB1Jzvl/ZuXXhrNvx+xwaS5qBhEjJdptmoYEnhw=
Subject key identifier:   AF:FF:13:A6:7F:22:5C:3C:2A:60:66:58:C2:39:65:B8:19:1D:40:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801091CF84CC9C27A850916983BA45F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4a/8f063c-119a-47a0-8b0d-6d2b2ba2a88a/1/r_8Tpn8iXDwqYGZYwjlluBkdQAg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4a/8f063c-119a-47a0-8b0d-6d2b2ba2a88a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 50225

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:09:1c:f8:4c:c9:c2:7a:85:09:16:98:3b:a4:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afff13a67f225c3c2a606658c23965b8191d4008
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2d:22:d7:ee:f5:b9:6c:dc:cb:03:86:3c:f1:
                    c5:0c:fe:96:d2:b2:5b:cc:41:49:6d:07:5d:19:a5:
                    50:67:31:d5:57:ad:15:12:59:eb:c8:f3:1b:46:58:
                    52:55:8a:03:6b:89:7c:86:81:96:25:dc:06:f2:61:
                    ce:9f:85:21:89:c8:c8:26:85:d3:ad:94:89:76:6f:
                    5e:2e:d6:f4:34:3e:c7:5a:b4:5a:ea:73:bd:3a:aa:
                    c3:2a:77:08:23:6b:0d:1b:33:1d:dc:eb:c5:c4:08:
                    4b:13:b5:2f:2d:60:62:f8:89:8f:b6:21:c0:22:61:
                    bf:87:07:e8:d6:60:b6:4e:d2:be:89:9d:0b:67:b6:
                    4b:67:f9:17:48:61:f9:08:5f:24:ff:b7:e7:fc:0d:
                    c4:65:48:09:b4:29:d2:6d:4d:51:1e:2b:6b:16:12:
                    86:4f:ee:39:4e:88:0a:2b:70:16:06:00:5f:63:36:
                    c2:ac:fb:49:7e:df:9c:af:15:d2:fc:b0:bd:34:5e:
                    b3:ef:2d:df:27:99:87:21:cf:48:ef:da:37:64:f2:
                    3a:9d:e9:4c:19:5a:a9:6f:fc:8f:11:4e:89:83:59:
                    51:24:57:27:50:27:14:7f:fa:0b:b1:50:ed:b3:50:
                    f7:b3:6c:25:4e:02:36:64:da:66:dc:25:c4:24:cc:
                    7c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:FF:13:A6:7F:22:5C:3C:2A:60:66:58:C2:39:65:B8:19:1D:40:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8f063c-119a-47a0-8b0d-6d2b2ba2a88a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8f063c-119a-47a0-8b0d-6d2b2ba2a88a/1/r_8Tpn8iXDwqYGZYwjlluBkdQAg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50225

    Signature Algorithm: sha256WithRSAEncryption
         90:4a:93:49:c7:a1:07:9c:cd:99:62:af:f9:53:98:e4:09:65:
         1d:79:d8:88:08:5d:ee:bc:fa:e8:82:e5:94:ba:06:61:43:56:
         e1:7a:e2:4e:f8:41:46:a9:26:ae:e7:85:34:1d:45:71:e1:45:
         cc:0e:2e:e7:13:93:24:05:18:d0:0e:ec:c8:94:55:e7:02:3d:
         c4:bf:d7:a0:06:8c:21:a1:9e:d3:7b:3d:0c:7f:31:ee:27:8e:
         69:6a:d7:29:a8:06:85:49:09:88:b7:84:42:43:09:0a:39:58:
         f6:31:69:bf:2d:9f:00:0e:2a:23:54:8a:24:7a:36:21:d8:3e:
         a6:56:6d:51:5a:5e:35:dd:03:86:08:91:f4:26:6a:b4:c8:92:
         db:49:85:e0:66:d5:d8:94:10:a6:e3:6e:85:13:98:e5:50:3e:
         c0:2c:aa:1e:ac:74:bd:b7:d8:91:10:ff:6c:f2:5a:19:62:07:
         16:46:85:ca:16:79:80:04:db:84:dd:30:c5:43:f8:99:57:70:
         00:85:7f:53:41:9b:a4:4f:4d:09:e8:3b:ce:d9:f8:f6:26:6a:
         9e:cd:5e:b8:95:8a:7e:2a:bd:60:dd:b1:06:1d:22:3c:48:80:
         d3:c0:01:20:c3:ac:06:f7:1b:96:e8:c4:d7:79:1b:08:65:21:
         a5:5c:17:ce
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIAQkc+EzJwnqFCRaYO6RfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmZmMTNhNjdmMjI1YzNjMmE2MDY2NThjMjM5NjViODE5MWQ0MDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAty0i1+71uWzcywOGPPHFDP6W0rJb
zEFJbQddGaVQZzHVV60VElnryPMbRlhSVYoDa4l8hoGWJdwG8mHOn4UhicjIJoXT
rZSJdm9eLtb0ND7HWrRa6nO9OqrDKncII2sNGzMd3OvFxAhLE7UvLWBi+ImPtiHA
ImG/hwfo1mC2TtK+iZ0LZ7ZLZ/kXSGH5CF8k/7fn/A3EZUgJtCnSbU1RHitrFhKG
T+45TogKK3AWBgBfYzbCrPtJft+crxXS/LC9NF6z7y3fJ5mHIc9I79o3ZPI6nelM
GVqpb/yPEU6Jg1lRJFcnUCcUf/oLsVDts1D3s2wlTgI2ZNpm3CXEJMx8QwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFK//E6Z/Ilw8KmBmWMI5ZbgZHUAIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRhLzhmMDYz
Yy0xMTlhLTQ3YTAtOGIwZC02ZDJiMmJhMmE4OGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEvOGYwNjNj
LTExOWEtNDdhMC04YjBkLTZkMmIyYmEyYTg4YS8xL3JfOFRwbjhpWER3cVlHWll3
amxsdUJrZFFBZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDEMTANBgkqhkiG9w0BAQsFAAOCAQEAkEqTScehB5zN
mWKv+VOY5AllHXnYiAhd7rz66ILllLoGYUNW4XriTvhBRqkmrueFNB1FceFFzA4u
5xOTJAUY0A7syJRV5wI9xL/XoAaMIaGe03s9DH8x7ieOaWrXKagGhUkJiLeEQkMJ
CjlY9jFpvy2fAA4qI1SKJHo2Idg+plZtUVpeNd0DhgiR9CZqtMiS20mF4GbV2JQQ
puNuhROY5VA+wCyqHqx0vbfYkRD/bPJaGWIHFkaFyhZ5gATbhN0wxUP4mVdwAIV/
U0GbpE9NCeg7ztn49iZqns1euJWKfiq9YN2xBh0iPEiA08ABIMOsBvcblujE13kb
CGUhpVwXzg==
-----END CERTIFICATE-----