Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sFJPZVujycpdmLBXwkwPCLcZ1Kc.cer
File:                     sFJPZVujycpdmLBXwkwPCLcZ1Kc.cer (raw, json)
Hash identifier:          wT5Yvu8cJFkYiLIb0yrMGZDatxlSCdeCEnmflaVDMR0=
Subject key identifier:   B0:52:4F:65:5B:A3:C9:CA:5D:98:B0:57:C2:4C:0F:08:B7:19:D4:A7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FD6E9D1B7A479E8F876C3B58ACA988
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/25/4869b6-9c67-492c-b15e-3744b48af1a8/1/sFJPZVujycpdmLBXwkwPCLcZ1Kc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/25/4869b6-9c67-492c-b15e-3744b48af1a8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:49:13 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215638
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:6e:9d:1b:7a:47:9e:8f:87:6c:3b:58:ac:a9:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0524f655ba3c9ca5d98b057c24c0f08b719d4a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:42:4a:90:3f:45:8e:0e:03:a4:b4:bd:a4:d4:
                    dd:41:35:16:29:d2:e4:8a:08:60:5f:dc:0b:23:8b:
                    a9:0f:f5:2b:4c:d5:e7:88:d6:4a:2c:22:81:8b:12:
                    5d:e2:6a:e0:c3:93:b5:d3:c8:8a:90:48:2d:77:c3:
                    cd:19:af:44:11:90:ca:86:11:de:de:f4:bc:df:17:
                    91:48:76:a0:76:a8:be:a0:78:71:b5:97:c6:eb:a1:
                    3a:47:4b:a8:a2:b4:33:83:9d:03:e9:81:6f:6d:0e:
                    55:91:3c:c6:b9:44:e8:6a:2f:27:ea:f6:75:13:18:
                    97:9e:24:19:40:69:a6:b0:29:a5:31:64:b7:b0:ee:
                    fc:c7:e2:7f:e1:a7:bd:b8:94:99:66:dd:51:8e:b9:
                    aa:a5:57:d3:44:d2:13:e1:ab:cf:47:48:86:78:13:
                    5c:52:63:9a:99:d2:16:9e:09:d2:4d:c3:ff:42:a4:
                    63:47:af:5a:3d:fe:01:f7:bb:93:a8:c4:d1:85:fa:
                    83:4f:80:b4:cd:a8:5b:f8:5a:cb:bf:e1:58:6b:83:
                    af:eb:b7:71:63:5b:ca:e0:6a:03:dd:70:33:6e:e0:
                    5e:1b:55:f1:f8:b3:8d:67:2b:e0:a2:24:11:00:79:
                    75:37:8b:3c:0d:46:18:a9:26:b5:c6:b0:19:d8:88:
                    f6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:52:4F:65:5B:A3:C9:CA:5D:98:B0:57:C2:4C:0F:08:B7:19:D4:A7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/4869b6-9c67-492c-b15e-3744b48af1a8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/4869b6-9c67-492c-b15e-3744b48af1a8/1/sFJPZVujycpdmLBXwkwPCLcZ1Kc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215638

    Signature Algorithm: sha256WithRSAEncryption
         48:ef:78:04:3f:6e:1c:d1:df:a6:14:89:56:dc:08:bd:9a:71:
         f3:a4:49:1b:85:59:57:36:9b:9d:50:ea:ea:33:28:90:28:43:
         96:6b:e1:74:2e:73:95:16:8a:b2:92:58:71:2a:9e:9e:38:de:
         d6:58:d3:b1:d8:f2:98:b3:68:32:6d:8b:4e:eb:8e:77:c2:36:
         00:15:30:fa:a9:d6:de:0d:f2:aa:55:89:39:6a:69:cc:37:8c:
         ec:7c:4d:74:b4:e2:5b:d3:23:85:dc:a2:f6:e1:2e:c0:69:9a:
         19:3a:32:97:d4:5d:00:c3:20:36:04:8f:9a:f7:85:3c:20:62:
         93:1a:12:b1:e3:21:b0:d1:e2:dd:ef:23:55:b8:a0:62:aa:bb:
         04:96:38:c4:87:78:98:cd:0f:43:7e:c5:ff:68:54:e4:1e:f8:
         07:82:96:74:3a:3e:ee:bc:10:f5:64:d9:69:f3:60:19:43:e8:
         eb:c9:10:02:8a:fc:64:f9:9d:80:63:46:82:56:16:b1:0f:bf:
         5c:8c:c8:df:66:84:05:e9:80:56:c0:0e:71:51:98:2e:64:93:
         58:e8:5b:0c:7a:7a:c8:18:ac:aa:f1:68:0c:fb:23:cc:70:8f:
         2b:2a:6b:6f:e5:78:fa:2e:70:01:7e:de:f3:c6:2f:43:36:fb:
         e9:db:0f:c9
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQl/W6dG3pHno+HbDtYrKmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDUyNGY2NTViYTNjOWNhNWQ5OGIwNTdjMjRjMGYwOGI3MTlkNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10JKkD9Fjg4DpLS9pNTdQTUWKdLk
ighgX9wLI4upD/UrTNXniNZKLCKBixJd4mrgw5O108iKkEgtd8PNGa9EEZDKhhHe
3vS83xeRSHagdqi+oHhxtZfG66E6R0uoorQzg50D6YFvbQ5VkTzGuUToai8n6vZ1
ExiXniQZQGmmsCmlMWS3sO78x+J/4ae9uJSZZt1RjrmqpVfTRNIT4avPR0iGeBNc
UmOamdIWngnSTcP/QqRjR69aPf4B97uTqMTRhfqDT4C0zahb+FrLv+FYa4Ov67dx
Y1vK4GoD3XAzbuBeG1Xx+LONZyvgoiQRAHl1N4s8DUYYqSa1xrAZ2Ij2TwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFLBST2Vbo8nKXZiwV8JMDwi3GdSnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI1LzQ4Njli
Ni05YzY3LTQ5MmMtYjE1ZS0zNzQ0YjQ4YWYxYTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUvNDg2OWI2
LTljNjctNDkyYy1iMTVlLTM3NDRiNDhhZjFhOC8xL3NGSlBaVnVqeWNwZG1MQlh3
a3dQQ0xjWjFLYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNKVjANBgkqhkiG9w0BAQsFAAOCAQEASO94BD9uHNHf
phSJVtwIvZpx86RJG4VZVzabnVDq6jMokChDlmvhdC5zlRaKspJYcSqenjje1ljT
sdjymLNoMm2LTuuOd8I2ABUw+qnW3g3yqlWJOWppzDeM7HxNdLTiW9Mjhdyi9uEu
wGmaGToyl9RdAMMgNgSPmveFPCBikxoSseMhsNHi3e8jVbigYqq7BJY4xId4mM0P
Q37F/2hU5B74B4KWdDo+7rwQ9WTZafNgGUPo68kQAor8ZPmdgGNGglYWsQ+/XIzI
32aEBemAVsAOcVGYLmSTWOhbDHp6yBisqvFoDPsjzHCPKyprb+V4+i5wAX7e88Yv
Qzb76dsPyQ==
-----END CERTIFICATE-----