Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rzRlQ3ZpzlhiYaBmzErR6kZOtmM.cer
File:                     rzRlQ3ZpzlhiYaBmzErR6kZOtmM.cer (raw, json)
Hash identifier:          Tg4AqYrGDJRdJXpWXQGKKt1Q3DsOEzMTF6jjcdl/ddI=
Subject key identifier:   AF:34:65:43:76:69:CE:58:62:61:A0:66:CC:4A:D1:EA:46:4E:B6:63
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA99C24D5A2074FE79175F45D04FE8EE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/4861ba-4d1c-493c-a90d-60cf660ad533/1/rzRlQ3ZpzlhiYaBmzErR6kZOtmM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/4861ba-4d1c-493c-a90d-60cf660ad533/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:35:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199633

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:c2:4d:5a:20:74:fe:79:17:5f:45:d0:4f:e8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:35:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af3465437669ce586261a066cc4ad1ea464eb663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:72:a6:0b:5d:73:ca:06:15:73:6a:98:55:33:
                    38:3c:fe:10:b5:b3:ae:cf:10:60:80:1f:15:42:b4:
                    48:e8:8e:5e:16:01:90:47:ed:9f:9d:e1:36:b0:cd:
                    e6:0a:86:4d:71:aa:ff:d8:58:92:06:73:77:d0:e8:
                    37:3e:20:db:48:f1:a4:01:09:56:3b:24:1a:8b:3f:
                    a2:5c:71:dd:7d:07:27:ef:71:95:98:68:ae:39:07:
                    5c:88:0d:10:2a:cf:68:26:77:24:b3:77:16:71:ff:
                    18:ef:40:1b:2f:81:af:49:9d:30:e4:18:84:74:84:
                    50:08:c3:70:ad:3e:0c:2e:1b:23:cc:7b:5a:7a:a8:
                    b9:19:19:3f:45:5b:7f:60:8c:8e:ca:f2:7a:5b:fe:
                    3f:8e:d6:22:97:59:c5:f3:de:25:43:8e:cf:9b:c1:
                    9d:2e:94:72:33:d8:3e:3b:7d:2d:05:6b:e7:6f:6e:
                    f3:19:3a:8f:9b:35:8d:91:62:12:96:b7:a8:3b:68:
                    90:a6:3d:07:d3:c5:62:d0:a3:15:1c:b7:39:a9:81:
                    a5:9a:77:f7:3f:2e:c2:0a:e1:4d:8c:f2:3a:a5:4a:
                    6b:b3:21:fd:ef:fd:03:86:38:29:29:f1:04:b8:9e:
                    ff:49:27:f0:03:57:f7:6d:eb:be:26:ad:a2:94:5b:
                    78:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:34:65:43:76:69:CE:58:62:61:A0:66:CC:4A:D1:EA:46:4E:B6:63
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4861ba-4d1c-493c-a90d-60cf660ad533/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4861ba-4d1c-493c-a90d-60cf660ad533/1/rzRlQ3ZpzlhiYaBmzErR6kZOtmM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199633

    Signature Algorithm: sha256WithRSAEncryption
         56:2f:20:2d:31:dd:bf:57:63:f1:43:91:2e:c4:de:dc:e8:75:
         e3:ca:27:0f:28:f2:5b:c0:68:9f:03:33:ed:02:52:24:8c:94:
         e6:1d:a1:7f:8f:a9:87:0d:34:34:78:83:25:02:69:b1:e0:31:
         bd:c4:59:9b:b7:7c:7a:92:25:ee:9b:24:c2:52:ef:7e:25:18:
         ec:15:5b:cc:ff:b0:6b:4c:9d:51:6b:2a:25:0f:50:e0:13:4d:
         c7:fa:4f:2b:34:a6:a2:88:02:d6:e4:74:4e:f2:40:61:0f:04:
         6f:42:19:29:bc:e2:f8:22:71:71:79:94:1d:22:c8:b3:11:f9:
         06:f3:ec:44:73:cd:d9:6c:6b:9e:6e:87:da:bb:66:65:9d:14:
         cc:d6:06:71:4e:3e:0d:75:f0:dc:c8:06:5f:61:96:4b:9a:6d:
         44:9f:ce:56:9a:c0:f5:02:d0:90:c9:66:eb:db:a9:61:ff:81:
         66:e4:52:24:bd:72:3c:d6:da:13:b6:72:58:f6:ff:51:c1:8a:
         6d:67:a8:c1:ed:e9:8f:77:fa:44:45:e3:ec:65:e8:e6:ac:92:
         b7:39:e9:90:04:c2:17:e0:b1:30:73:b4:04:fb:83:14:60:81:
         93:af:5c:eb:93:30:fe:c4:17:bf:6b:58:06:da:89:10:c7:97:
         44:df:4c:e9
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKmcJNWiB0/nkXX0XQT+juMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjM0NjU0Mzc2NjljZTU4NjI2MWEwNjZjYzRhZDFlYTQ2NGViNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3KmC11zygYVc2qYVTM4PP4QtbOu
zxBggB8VQrRI6I5eFgGQR+2fneE2sM3mCoZNcar/2FiSBnN30Og3PiDbSPGkAQlW
OyQaiz+iXHHdfQcn73GVmGiuOQdciA0QKs9oJncks3cWcf8Y70AbL4GvSZ0w5BiE
dIRQCMNwrT4MLhsjzHtaeqi5GRk/RVt/YIyOyvJ6W/4/jtYil1nF894lQ47Pm8Gd
LpRyM9g+O30tBWvnb27zGTqPmzWNkWISlreoO2iQpj0H08Vi0KMVHLc5qYGlmnf3
Py7CCuFNjPI6pUprsyH97/0DhjgpKfEEuJ7/SSfwA1f3beu+Jq2ilFt4nwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFK80ZUN2ac5YYmGgZsxK0epGTrZjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlLzQ4NjFi
YS00ZDFjLTQ5M2MtYTkwZC02MGNmNjYwYWQ1MzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvNDg2MWJh
LTRkMWMtNDkzYy1hOTBkLTYwY2Y2NjBhZDUzMy8xL3J6UmxRM1pwemxoaVlhQm16
RXJSNmtaT3RtTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwML0TANBgkqhkiG9w0BAQsFAAOCAQEAVi8gLTHdv1dj
8UORLsTe3Oh148onDyjyW8BonwMz7QJSJIyU5h2hf4+phw00NHiDJQJpseAxvcRZ
m7d8epIl7pskwlLvfiUY7BVbzP+wa0ydUWsqJQ9Q4BNNx/pPKzSmoogC1uR0TvJA
YQ8Eb0IZKbzi+CJxcXmUHSLIsxH5BvPsRHPN2Wxrnm6H2rtmZZ0UzNYGcU4+DXXw
3MgGX2GWS5ptRJ/OVprA9QLQkMlm69upYf+BZuRSJL1yPNbaE7ZyWPb/UcGKbWeo
we3pj3f6REXj7GXo5qyStznpkATCF+CxMHO0BPuDFGCBk69c65Mw/sQXv2tYBtqJ
EMeXRN9M6Q==
-----END CERTIFICATE-----