Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/s-r7uHz_75QBhnWfCKeBXxxnpyk.cer
File:                     s-r7uHz_75QBhnWfCKeBXxxnpyk.cer (raw, json)
Hash identifier:          QTI21MvQ/AEp2geQJh5mDtmyFQKmrocNQaE1uN8mplc=
Subject key identifier:   B3:EA:FB:B8:7C:FF:EF:94:01:86:75:9F:08:A7:81:5F:1C:67:A7:29
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D654D90A75D9DFA14B92F3F77E5E29A55
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/c974e2af-eaab-4d78-8d95-283144dda962/0/B3EAFBB87CFFEF940186759F08A7815F1C67A729.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/c974e2af-eaab-4d78-8d95-283144dda962/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Thu 01 Feb 2024 15:33:18 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215634

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:4d:90:a7:5d:9d:fa:14:b9:2f:3f:77:e5:e2:9a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb  1 15:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3eafbb87cffef940186759f08a7815f1c67a729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:76:3b:6d:ea:cc:e4:54:38:e5:d6:43:25:31:
                    ce:7d:82:9b:38:39:13:1b:4e:13:41:f0:0d:79:99:
                    1a:03:d3:cc:81:a3:09:78:a0:81:c9:35:72:09:ee:
                    bd:f5:03:4c:56:18:de:02:fb:27:a5:3e:a3:db:c1:
                    bd:36:48:02:fb:1f:8c:4e:0a:b3:0e:7b:0d:37:48:
                    86:88:3a:4a:51:8f:44:f8:b1:ba:61:83:91:86:dd:
                    26:d0:7e:08:4b:4b:8c:4a:eb:9a:b5:b2:6c:09:fd:
                    2a:d1:23:95:2d:73:f5:be:c5:07:1d:ab:c5:cf:f5:
                    36:e3:31:91:90:2b:77:0d:55:9c:0c:ee:9a:39:cd:
                    ee:c0:34:20:ec:08:29:37:71:ac:18:48:ac:12:5e:
                    96:6b:6d:11:03:e6:4f:da:6d:cf:18:09:a8:4b:30:
                    80:80:67:2e:8b:3a:10:5b:c1:87:3b:79:f2:1d:cd:
                    f6:6f:85:f4:eb:ba:5b:d6:69:7e:f4:ea:5d:f4:b6:
                    74:37:8c:4f:af:99:99:54:87:8b:04:31:fd:7e:6f:
                    42:5f:d7:b1:03:f9:96:1a:62:7f:2b:22:7c:e0:aa:
                    aa:ab:92:43:6e:e2:27:c5:ea:5b:ae:f7:ff:b1:a4:
                    ee:12:1e:70:b8:ff:3c:41:fd:66:5f:5e:64:e3:62:
                    aa:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:EA:FB:B8:7C:FF:EF:94:01:86:75:9F:08:A7:81:5F:1C:67:A7:29
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/c974e2af-eaab-4d78-8d95-283144dda962/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/c974e2af-eaab-4d78-8d95-283144dda962/0/B3EAFBB87CFFEF940186759F08A7815F1C67A729.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215634

    Signature Algorithm: sha256WithRSAEncryption
         12:47:49:d8:1b:3e:28:d2:7b:da:7b:a0:a8:b8:13:e3:0b:e2:
         5d:0c:1d:38:10:25:0e:3a:15:82:2b:97:ef:d3:66:06:34:2a:
         57:5a:36:3b:3d:aa:c0:52:cc:84:77:f6:38:22:f1:11:70:ab:
         ae:c9:5d:60:83:0f:48:21:eb:a1:b0:52:bd:cc:10:d4:39:48:
         5f:2a:cb:17:ea:ad:b6:09:54:e6:35:e4:68:bb:d1:1d:bd:4f:
         e1:1e:a1:62:2d:6a:98:c9:d7:a5:a2:4e:bd:b0:4b:87:29:62:
         20:03:45:14:57:88:2c:28:4f:62:11:c7:c5:69:8e:4e:b0:83:
         1e:2c:45:06:67:90:ea:c2:9d:99:77:a4:66:f4:97:75:a0:c5:
         24:10:ed:0f:72:d2:a7:81:a7:36:f0:e5:34:a0:21:83:4d:86:
         ad:05:c7:df:67:41:95:b2:3c:a7:38:0a:6b:21:49:8d:1a:f2:
         35:12:36:06:a5:5b:d4:ad:47:1e:7f:44:06:a4:39:96:d9:9f:
         6f:ed:57:39:df:1e:c9:d9:1b:ee:5c:cf:9e:e7:de:22:50:69:
         25:3a:7c:18:eb:8a:2a:34:10:b3:a0:26:98:d6:18:db:98:3d:
         af:83:1f:1b:9f:16:cb:01:53:6e:25:9b:df:ad:90:8d:a7:21:
         3d:0e:f6:55
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAY1lTZCnXZ36FLkvP3fl4ppVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjAxMTUzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2VhZmJiODdjZmZlZjk0MDE4Njc1OWYwOGE3ODE1ZjFjNjdhNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXY7berM5FQ45dZDJTHOfYKbODkT
G04TQfANeZkaA9PMgaMJeKCByTVyCe699QNMVhjeAvsnpT6j28G9NkgC+x+MTgqz
DnsNN0iGiDpKUY9E+LG6YYORht0m0H4IS0uMSuuatbJsCf0q0SOVLXP1vsUHHavF
z/U24zGRkCt3DVWcDO6aOc3uwDQg7AgpN3GsGEisEl6Wa20RA+ZP2m3PGAmoSzCA
gGcuizoQW8GHO3nyHc32b4X067pb1ml+9Opd9LZ0N4xPr5mZVIeLBDH9fm9CX9ex
A/mWGmJ/KyJ84Kqqq5JDbuInxepbrvf/saTuEh5wuP88Qf1mX15k42KqsQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFLPq+7h8/++UAYZ1nwingV8cZ6cpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M5NzRl
MmFmLWVhYWItNGQ3OC04ZDk1LTI4MzE0NGRkYTk2Mi8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzk3
NGUyYWYtZWFhYi00ZDc4LThkOTUtMjgzMTQ0ZGRhOTYyLzAvQjNFQUZCQjg3Q0ZG
RUY5NDAxODY3NTlGMDhBNzgxNUYxQzY3QTcyOS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDSlIw
DQYJKoZIhvcNAQELBQADggEBABJHSdgbPijSe9p7oKi4E+ML4l0MHTgQJQ46FYIr
l+/TZgY0KldaNjs9qsBSzIR39jgi8RFwq67JXWCDD0gh66GwUr3MENQ5SF8qyxfq
rbYJVOY15Gi70R29T+EeoWItapjJ16WiTr2wS4cpYiADRRRXiCwoT2IRx8Vpjk6w
gx4sRQZnkOrCnZl3pGb0l3WgxSQQ7Q9y0qeBpzbw5TSgIYNNhq0Fx99nQZWyPKc4
CmshSY0a8jUSNgalW9StRx5/RAakOZbZn2/tVznfHsnZG+5cz57n3iJQaSU6fBjr
iio0ELOgJpjWGNuYPa+DHxufFssBU24lm9+tkI2nIT0O9lU=
-----END CERTIFICATE-----