Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sPKzs38e_LAmDqK0tGdcgSKhQgA.cer
File:                     sPKzs38e_LAmDqK0tGdcgSKhQgA.cer (raw, json)
Hash identifier:          mOjvx0JYsZe/kTBlTXJMNaBLUBOBfnq+97CX3A33JFE=
Subject key identifier:   B0:F2:B3:B3:7F:1E:FC:B0:26:0E:A2:B4:B4:67:5C:81:22:A1:42:00
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B32AF5575C15590B7AFA26C311993
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/46/e8b81f-848a-42ad-a992-c74ab61c98ed/1/sPKzs38e_LAmDqK0tGdcgSKhQgA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/46/e8b81f-848a-42ad-a992-c74ab61c98ed/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 209735

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:32:af:55:75:c1:55:90:b7:af:a2:6c:31:19:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0f2b3b37f1efcb0260ea2b4b4675c8122a14200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d4:19:5e:a8:a6:10:06:bb:87:a3:83:5d:fa:
                    2e:cd:a9:2c:f2:4f:9e:e8:91:37:48:52:cf:9c:19:
                    cd:19:4e:e9:01:5a:e0:25:2f:cb:94:59:93:32:1c:
                    6a:db:d3:84:72:d5:89:ae:b5:8b:3d:68:65:5e:1f:
                    72:0c:b5:7f:40:57:9e:e2:99:5c:5a:bf:ed:9b:31:
                    be:8e:7f:85:1e:4b:49:89:e8:07:a0:f1:14:90:46:
                    d4:85:06:ad:0a:70:60:d6:34:2d:d8:23:56:a6:5d:
                    79:26:06:37:88:9f:31:7c:f9:3e:55:fb:a4:72:ae:
                    78:b7:8e:b9:f3:2a:ab:cc:8a:ad:34:71:b0:51:1d:
                    25:3a:d9:a2:b7:14:fb:41:8e:c1:9a:a0:68:44:04:
                    7f:b9:3b:e4:6d:85:bf:85:8a:d0:ea:a6:4f:d2:f4:
                    ac:cd:b4:17:f1:10:50:42:92:dd:49:a5:86:fc:db:
                    b2:55:e2:21:d2:b5:97:a5:27:07:1c:ba:a1:1c:5b:
                    e6:94:4f:4f:cd:99:b3:cd:d8:4c:9a:e8:3e:de:06:
                    2b:96:a5:2b:23:0a:ff:17:c7:8c:20:4f:20:99:db:
                    81:99:41:21:6f:6f:82:11:a9:77:65:91:9b:48:21:
                    42:76:ac:93:20:e7:24:a5:84:fe:56:9c:c5:ae:78:
                    ec:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F2:B3:B3:7F:1E:FC:B0:26:0E:A2:B4:B4:67:5C:81:22:A1:42:00
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/e8b81f-848a-42ad-a992-c74ab61c98ed/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/e8b81f-848a-42ad-a992-c74ab61c98ed/1/sPKzs38e_LAmDqK0tGdcgSKhQgA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209735

    Signature Algorithm: sha256WithRSAEncryption
         78:ad:ff:53:7e:74:bc:db:1e:cd:52:fa:08:82:68:28:ac:7f:
         c2:d5:0a:db:59:36:39:84:97:4c:ff:60:5d:f5:1b:4a:f0:03:
         43:d5:29:7d:23:02:97:ea:73:a7:e2:7d:7e:25:57:69:c0:78:
         13:71:c5:0e:ae:17:c0:34:b2:79:b1:c2:df:6a:c9:d5:16:f8:
         7e:93:ae:ff:cb:af:f0:e5:ed:e9:06:32:ae:9c:b5:90:27:c6:
         ad:c8:dd:e1:44:69:2b:1a:f3:26:e8:27:33:b0:3c:37:88:1b:
         41:b2:b1:98:53:9b:00:c3:cc:3a:d5:c9:17:b1:80:6f:4e:f4:
         2c:bb:2f:9a:bb:22:9c:a0:67:e0:69:82:4c:f4:b9:93:22:27:
         58:1b:40:f2:46:a7:90:04:97:82:5b:d4:80:f5:1b:75:38:f0:
         18:61:14:5a:9a:09:5c:37:5e:97:97:b7:73:f5:7d:a9:3b:42:
         f7:36:97:d7:fc:a8:27:a4:63:09:91:84:3f:6e:8d:17:7d:b4:
         62:51:f0:b3:4b:75:b9:7b:17:a0:8e:84:00:94:85:31:8a:12:
         8f:47:84:79:fe:c5:85:51:46:50:ac:99:6c:68:55:8e:b1:c8:
         57:93:f7:41:f6:52:85:f0:ab:3c:82:2a:8a:f3:3a:d9:b5:2b:
         c5:a9:f8:76
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzGSzKvVXXBVZC3r6JsMRmTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGYyYjNiMzdmMWVmY2IwMjYwZWEyYjRiNDY3NWM4MTIyYTE0MjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9QZXqimEAa7h6ODXfouzaks8k+e
6JE3SFLPnBnNGU7pAVrgJS/LlFmTMhxq29OEctWJrrWLPWhlXh9yDLV/QFee4plc
Wr/tmzG+jn+FHktJiegHoPEUkEbUhQatCnBg1jQt2CNWpl15JgY3iJ8xfPk+Vfuk
cq54t4658yqrzIqtNHGwUR0lOtmitxT7QY7BmqBoRAR/uTvkbYW/hYrQ6qZP0vSs
zbQX8RBQQpLdSaWG/NuyVeIh0rWXpScHHLqhHFvmlE9PzZmzzdhMmug+3gYrlqUr
Iwr/F8eMIE8gmduBmUEhb2+CEal3ZZGbSCFCdqyTIOckpYT+VpzFrnjsWwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFLDys7N/HvywJg6itLRnXIEioUIAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ2L2U4Yjgx
Zi04NDhhLTQyYWQtYTk5Mi1jNzRhYjYxYzk4ZWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYvZThiODFm
LTg0OGEtNDJhZC1hOTkyLWM3NGFiNjFjOThlZC8xL3NQS3pzMzhlX0xBbURxSzB0
R2RjZ1NLaFFnQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMzRzANBgkqhkiG9w0BAQsFAAOCAQEAeK3/U350vNse
zVL6CIJoKKx/wtUK21k2OYSXTP9gXfUbSvADQ9UpfSMCl+pzp+J9fiVXacB4E3HF
Dq4XwDSyebHC32rJ1Rb4fpOu/8uv8OXt6QYyrpy1kCfGrcjd4URpKxrzJugnM7A8
N4gbQbKxmFObAMPMOtXJF7GAb070LLsvmrsinKBn4GmCTPS5kyInWBtA8kankASX
glvUgPUbdTjwGGEUWpoJXDdel5e3c/V9qTtC9zaX1/yoJ6RjCZGEP26NF320YlHw
s0t1uXsXoI6EAJSFMYoSj0eEef7FhVFGUKyZbGhVjrHIV5P3QfZShfCrPIIqivM6
2bUrxan4dg==
-----END CERTIFICATE-----