Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/soTN8FB0Q-FuUJ1XoinpFPc1ZqQ.cer
File:                     soTN8FB0Q-FuUJ1XoinpFPc1ZqQ.cer (raw, json)
Hash identifier:          iBtrF49jNoToCXOfIuEDAWSENX9kOlYmThCwkofyMew=
Subject key identifier:   B2:84:CD:F0:50:74:43:E1:6E:50:9D:57:A2:29:E9:14:F7:35:66:A4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC349099B8F0396412BABC109C189B430
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0e/a3828d-0f51-4da0-8433-df56a241098f/1/soTN8FB0Q-FuUJ1XoinpFPc1ZqQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0e/a3828d-0f51-4da0-8433-df56a241098f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:52 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213073

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:09:9b:8f:03:96:41:2b:ab:c1:09:c1:89:b4:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b284cdf0507443e16e509d57a229e914f73566a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:af:3a:72:05:1f:3c:7f:f4:ee:11:22:a2:6c:
                    e6:ff:6a:72:b7:53:a2:f4:80:25:f3:f2:1b:0d:59:
                    87:87:cd:d0:2b:00:fa:40:5b:0b:5b:ce:d2:41:cc:
                    e7:35:13:cb:fe:62:e8:62:09:a4:06:9e:8c:97:59:
                    7b:70:ab:a3:5b:df:6e:94:91:99:b5:03:f5:19:bd:
                    f7:10:4b:5e:22:66:5d:90:ee:47:a5:33:04:1c:d3:
                    78:b8:c8:b8:95:cf:d4:84:02:f7:1a:b1:b4:67:59:
                    46:93:8f:d4:3e:f6:59:2d:ca:2a:6a:ac:5b:e3:5a:
                    bf:dc:f5:e2:51:c9:bc:6e:4e:0e:f1:6a:69:4e:f9:
                    51:5b:4d:c6:7e:3e:f2:1e:ca:76:16:66:04:95:20:
                    2d:b6:db:db:fe:3b:64:54:a7:d9:0a:33:7e:17:56:
                    c9:33:a6:2d:b1:58:6c:18:c1:ee:9c:2a:3d:02:aa:
                    78:e5:e1:16:be:17:b1:3c:cb:7d:9f:5d:88:9e:b2:
                    e0:cd:d4:d4:d9:e3:f9:cc:4f:1a:e7:8d:97:e1:a2:
                    2d:c4:34:4c:0f:16:83:be:1b:f5:a9:be:44:b1:73:
                    d2:a1:c9:c1:f2:77:06:d4:73:2f:e2:0e:90:0d:b6:
                    3a:b6:35:97:56:0c:eb:49:8b:f8:aa:c8:fd:d8:eb:
                    5b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:84:CD:F0:50:74:43:E1:6E:50:9D:57:A2:29:E9:14:F7:35:66:A4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a3828d-0f51-4da0-8433-df56a241098f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a3828d-0f51-4da0-8433-df56a241098f/1/soTN8FB0Q-FuUJ1XoinpFPc1ZqQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213073

    Signature Algorithm: sha256WithRSAEncryption
         23:2a:4c:75:29:bf:4e:c8:77:5b:11:86:f4:33:08:51:10:45:
         61:00:e7:eb:df:95:8a:b5:7f:94:98:91:dd:f2:7f:29:8c:93:
         7f:16:5f:7f:d3:cd:e9:b1:d3:91:1b:2a:e4:68:7d:66:06:ef:
         00:16:a7:51:7a:d9:df:d6:78:90:10:ea:c8:8e:15:dd:1d:0a:
         8f:7a:4a:9a:5b:09:02:f4:d3:14:20:d9:cf:db:91:14:d0:a1:
         b2:7d:c5:eb:d3:2e:d1:32:cb:5e:94:03:7b:f4:55:d6:ef:5c:
         c9:57:da:c4:2d:af:be:5e:41:5c:0b:2b:17:db:13:2a:81:e9:
         6c:56:0a:5a:b1:39:cd:0e:0b:1d:22:8b:3d:af:1b:2f:b1:c6:
         08:4d:e9:25:a8:58:3e:6e:86:a7:51:e5:b8:06:fd:d7:d9:bd:
         f7:c6:91:b8:1a:c4:02:3b:dc:e5:79:31:2b:f3:ed:b8:40:42:
         78:46:13:d5:fb:d1:2d:85:1c:ee:2f:ae:87:d3:07:4f:fa:7e:
         39:53:89:bd:f7:89:34:cd:48:75:c4:8a:fb:3c:fb:97:88:1f:
         55:71:49:fc:ab:46:5c:4f:75:7b:db:7a:15:2f:e0:f1:a2:86:
         9a:33:7b:48:40:71:6d:50:a5:34:b9:81:3a:40:bb:7a:6f:cd:
         b4:59:52:41
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzDSQmbjwOWQSurwQnBibQwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjg0Y2RmMDUwNzQ0M2UxNmU1MDlkNTdhMjI5ZTkxNGY3MzU2NmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2K86cgUfPH/07hEiomzm/2pyt1Oi
9IAl8/IbDVmHh83QKwD6QFsLW87SQcznNRPL/mLoYgmkBp6Ml1l7cKujW99ulJGZ
tQP1Gb33EEteImZdkO5HpTMEHNN4uMi4lc/UhAL3GrG0Z1lGk4/UPvZZLcoqaqxb
41q/3PXiUcm8bk4O8WppTvlRW03Gfj7yHsp2FmYElSAtttvb/jtkVKfZCjN+F1bJ
M6YtsVhsGMHunCo9Aqp45eEWvhexPMt9n12InrLgzdTU2eP5zE8a542X4aItxDRM
DxaDvhv1qb5EsXPSocnB8ncG1HMv4g6QDbY6tjWXVgzrSYv4qsj92OtbWwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFLKEzfBQdEPhblCdV6Ip6RT3NWakMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBlL2EzODI4
ZC0wZjUxLTRkYTAtODQzMy1kZjU2YTI0MTA5OGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGUvYTM4Mjhk
LTBmNTEtNGRhMC04NDMzLWRmNTZhMjQxMDk4Zi8xL3NvVE44RkIwUS1GdVVKMVhv
aW5wRlBjMVpxUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNAUTANBgkqhkiG9w0BAQsFAAOCAQEAIypMdSm/Tsh3
WxGG9DMIURBFYQDn69+VirV/lJiR3fJ/KYyTfxZff9PN6bHTkRsq5Gh9ZgbvABan
UXrZ39Z4kBDqyI4V3R0Kj3pKmlsJAvTTFCDZz9uRFNChsn3F69Mu0TLLXpQDe/RV
1u9cyVfaxC2vvl5BXAsrF9sTKoHpbFYKWrE5zQ4LHSKLPa8bL7HGCE3pJahYPm6G
p1HluAb919m998aRuBrEAjvc5XkxK/PtuEBCeEYT1fvRLYUc7i+uh9MHT/p+OVOJ
vfeJNM1IdcSK+zz7l4gfVXFJ/KtGXE91e9t6FS/g8aKGmjN7SEBxbVClNLmBOkC7
em/NtFlSQQ==
-----END CERTIFICATE-----