Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/r_8Tpn8iXDwqYGZYwjlluBkdQAg.cer
File:                     r_8Tpn8iXDwqYGZYwjlluBkdQAg.cer (raw, json)
Hash identifier:          gNYsF5KpZU+7oN/9zkWH/S9LcOB202xUCkcmvTF8PME=
Subject key identifier:   AF:FF:13:A6:7F:22:5C:3C:2A:60:66:58:C2:39:65:B8:19:1D:40:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA89B810C7C40C188A6ACC193ADBCB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4a/8f063c-119a-47a0-8b0d-6d2b2ba2a88a/1/r_8Tpn8iXDwqYGZYwjlluBkdQAg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4a/8f063c-119a-47a0-8b0d-6d2b2ba2a88a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:20 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 50225
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:89:b8:10:c7:c4:0c:18:8a:6a:cc:19:3a:db:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afff13a67f225c3c2a606658c23965b8191d4008
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2d:22:d7:ee:f5:b9:6c:dc:cb:03:86:3c:f1:
                    c5:0c:fe:96:d2:b2:5b:cc:41:49:6d:07:5d:19:a5:
                    50:67:31:d5:57:ad:15:12:59:eb:c8:f3:1b:46:58:
                    52:55:8a:03:6b:89:7c:86:81:96:25:dc:06:f2:61:
                    ce:9f:85:21:89:c8:c8:26:85:d3:ad:94:89:76:6f:
                    5e:2e:d6:f4:34:3e:c7:5a:b4:5a:ea:73:bd:3a:aa:
                    c3:2a:77:08:23:6b:0d:1b:33:1d:dc:eb:c5:c4:08:
                    4b:13:b5:2f:2d:60:62:f8:89:8f:b6:21:c0:22:61:
                    bf:87:07:e8:d6:60:b6:4e:d2:be:89:9d:0b:67:b6:
                    4b:67:f9:17:48:61:f9:08:5f:24:ff:b7:e7:fc:0d:
                    c4:65:48:09:b4:29:d2:6d:4d:51:1e:2b:6b:16:12:
                    86:4f:ee:39:4e:88:0a:2b:70:16:06:00:5f:63:36:
                    c2:ac:fb:49:7e:df:9c:af:15:d2:fc:b0:bd:34:5e:
                    b3:ef:2d:df:27:99:87:21:cf:48:ef:da:37:64:f2:
                    3a:9d:e9:4c:19:5a:a9:6f:fc:8f:11:4e:89:83:59:
                    51:24:57:27:50:27:14:7f:fa:0b:b1:50:ed:b3:50:
                    f7:b3:6c:25:4e:02:36:64:da:66:dc:25:c4:24:cc:
                    7c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:FF:13:A6:7F:22:5C:3C:2A:60:66:58:C2:39:65:B8:19:1D:40:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8f063c-119a-47a0-8b0d-6d2b2ba2a88a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8f063c-119a-47a0-8b0d-6d2b2ba2a88a/1/r_8Tpn8iXDwqYGZYwjlluBkdQAg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50225

    Signature Algorithm: sha256WithRSAEncryption
         43:68:6f:e9:33:89:3f:5e:bd:d3:d2:78:c1:1e:f0:ca:44:c3:
         f3:ac:83:fe:05:58:b2:9f:0a:d3:e3:5b:3c:54:0c:75:64:25:
         92:ec:9d:ba:8f:af:63:28:38:ba:b3:d2:9d:7e:32:dd:8f:a1:
         c2:b4:da:e3:7c:98:01:23:9e:13:54:56:50:b2:cc:a1:dd:4f:
         b8:18:15:ed:72:60:4f:da:4f:bf:60:65:8d:fb:92:50:44:79:
         20:ee:85:fe:06:09:25:17:95:70:42:bd:45:0c:24:49:8f:0c:
         15:d5:e9:0b:37:0a:29:82:ad:6f:af:09:65:50:af:fb:c1:1c:
         48:a4:a4:13:28:ca:9f:bc:f3:d1:d8:50:88:81:33:c6:12:12:
         a7:9b:5c:ad:bb:6d:e6:46:81:4b:4f:b6:06:18:dc:60:05:31:
         2c:a8:03:bf:b0:41:0c:b3:a4:f1:81:4d:50:1d:08:66:a5:f9:
         a6:26:ce:5d:d9:ec:21:0c:d0:00:d2:fb:42:a4:09:1a:da:bb:
         16:60:bc:e7:5e:1f:29:ef:6d:03:bf:71:da:0c:ed:a9:18:61:
         5d:cc:94:68:70:c3:a1:f4:2e:9f:01:eb:55:63:1d:79:22:e7:
         b9:7f:b0:35:6c:a9:ae:6c:19:78:ef:87:e1:ef:39:e2:88:b3:
         5a:b5:9d:eb
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQf+om4EMfEDBiKaswZOtvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmZmMTNhNjdmMjI1YzNjMmE2MDY2NThjMjM5NjViODE5MWQ0MDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAty0i1+71uWzcywOGPPHFDP6W0rJb
zEFJbQddGaVQZzHVV60VElnryPMbRlhSVYoDa4l8hoGWJdwG8mHOn4UhicjIJoXT
rZSJdm9eLtb0ND7HWrRa6nO9OqrDKncII2sNGzMd3OvFxAhLE7UvLWBi+ImPtiHA
ImG/hwfo1mC2TtK+iZ0LZ7ZLZ/kXSGH5CF8k/7fn/A3EZUgJtCnSbU1RHitrFhKG
T+45TogKK3AWBgBfYzbCrPtJft+crxXS/LC9NF6z7y3fJ5mHIc9I79o3ZPI6nelM
GVqpb/yPEU6Jg1lRJFcnUCcUf/oLsVDts1D3s2wlTgI2ZNpm3CXEJMx8QwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFK//E6Z/Ilw8KmBmWMI5ZbgZHUAIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRhLzhmMDYz
Yy0xMTlhLTQ3YTAtOGIwZC02ZDJiMmJhMmE4OGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEvOGYwNjNj
LTExOWEtNDdhMC04YjBkLTZkMmIyYmEyYTg4YS8xL3JfOFRwbjhpWER3cVlHWll3
amxsdUJrZFFBZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDEMTANBgkqhkiG9w0BAQsFAAOCAQEAQ2hv6TOJP169
09J4wR7wykTD86yD/gVYsp8K0+NbPFQMdWQlkuyduo+vYyg4urPSnX4y3Y+hwrTa
43yYASOeE1RWULLMod1PuBgV7XJgT9pPv2BljfuSUER5IO6F/gYJJReVcEK9RQwk
SY8MFdXpCzcKKYKtb68JZVCv+8EcSKSkEyjKn7zz0dhQiIEzxhISp5tcrbtt5kaB
S0+2BhjcYAUxLKgDv7BBDLOk8YFNUB0IZqX5pibOXdnsIQzQANL7QqQJGtq7FmC8
514fKe9tA79x2gztqRhhXcyUaHDDofQunwHrVWMdeSLnuX+wNWyprmwZeO+H4e85
4oizWrWd6w==
-----END CERTIFICATE-----