Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tNkMTfZ2phH1alrtWAmwV-msV5E.cer
File:                     tNkMTfZ2phH1alrtWAmwV-msV5E.cer (raw, json)
Hash identifier:          Dv+ZhaaXe31uLOAp83K6Jas+mFdzGoNyY0xfbx1ZoJE=
Subject key identifier:   B4:D9:0C:4D:F6:76:A6:11:F5:6A:5A:ED:58:09:B0:57:E9:AC:57:91
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC44AB13670A0C7D21AC8101266CBC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/tNkMTfZ2phH1alrtWAmwV-msV5E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199964

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:44:ab:13:67:0a:0c:7d:21:ac:81:01:26:6c:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4d90c4df676a611f56a5aed5809b057e9ac5791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:12:67:e1:b4:ce:ee:cd:23:0f:19:56:a3:2f:
                    95:e2:8f:42:28:9f:b1:fe:4d:79:cd:18:a6:aa:95:
                    33:17:9f:fb:cc:81:7c:4b:a3:da:f4:ea:70:a8:aa:
                    d7:b4:ab:b6:3a:34:3e:1c:f7:d4:fd:b0:48:fa:ee:
                    71:7a:96:44:56:1a:22:c8:4f:0a:78:3a:50:bb:17:
                    2c:52:ff:57:0c:2f:6c:ce:00:62:9e:4c:91:59:c5:
                    60:4c:a8:af:02:e4:3f:5e:06:5c:48:b8:97:ab:dc:
                    70:6e:20:a2:c5:53:4b:bb:25:b6:c3:c3:b2:96:2d:
                    1f:43:1f:39:96:30:cb:60:53:7a:af:0a:10:e5:77:
                    98:54:aa:78:cb:da:31:8a:14:bc:35:b1:cf:e7:2c:
                    b6:7a:37:21:5e:16:d6:f0:6f:18:ba:14:71:8b:1a:
                    b7:48:df:2e:57:b5:a6:c9:b9:00:e4:c0:f0:c5:bd:
                    ac:12:a7:07:41:59:84:c1:a0:a6:b8:68:19:51:49:
                    06:d9:7d:a9:94:86:52:ba:e3:69:5c:5a:ef:a8:68:
                    48:80:b6:56:48:6a:c6:4d:01:20:08:d2:a9:50:23:
                    07:c9:1a:49:72:d2:1a:2c:68:47:bd:58:44:56:be:
                    98:85:d3:2f:ed:cb:7e:7e:f0:56:f5:36:f9:0a:40:
                    ce:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D9:0C:4D:F6:76:A6:11:F5:6A:5A:ED:58:09:B0:57:E9:AC:57:91
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/tNkMTfZ2phH1alrtWAmwV-msV5E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199964

    Signature Algorithm: sha256WithRSAEncryption
         3c:23:c8:ad:10:a0:51:3d:32:30:53:c8:04:8c:8d:8a:a1:02:
         5f:4d:ad:76:cb:d4:f2:3b:cd:b2:bc:5d:a5:f6:2e:ac:c1:75:
         87:a0:56:eb:41:ac:b7:6d:ac:88:a0:86:6c:45:5d:61:96:ea:
         06:74:9d:ed:b8:85:fe:be:23:c0:8f:62:18:9a:de:de:7a:ce:
         ed:3c:58:6d:61:a6:33:e5:f1:b2:77:94:3a:78:8a:32:13:1a:
         83:af:09:6f:a1:2b:6e:d4:1d:e3:d4:99:e4:18:74:56:76:42:
         bc:e8:db:29:7a:b7:1c:ac:4d:c5:73:25:25:01:33:05:18:37:
         90:b6:03:47:76:9e:b9:38:ff:88:63:5f:57:4c:27:9f:44:0e:
         9c:fd:b3:2a:12:55:b7:02:59:35:53:b8:f5:2b:23:88:ca:89:
         2d:89:28:61:cb:97:5c:6d:7c:37:b6:2e:5f:32:dd:aa:6a:76:
         27:00:0f:cf:80:ae:65:fb:86:01:8d:77:41:ae:95:7a:40:1d:
         34:9e:49:ac:fe:fb:17:a9:9d:52:d0:bf:02:44:b7:2e:41:51:
         2e:dc:a5:98:d6:be:97:dc:7e:3d:c9:7b:a9:44:19:7e:14:7d:
         79:92:b7:c7:95:7f:87:10:18:25:9e:3f:57:bd:a1:46:d0:01:
         66:fc:9d:31
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzF3ESrE2cKDH0hrIEBJmy8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQ5MGM0ZGY2NzZhNjExZjU2YTVhZWQ1ODA5YjA1N2U5YWM1NzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBJn4bTO7s0jDxlWoy+V4o9CKJ+x
/k15zRimqpUzF5/7zIF8S6Pa9OpwqKrXtKu2OjQ+HPfU/bBI+u5xepZEVhoiyE8K
eDpQuxcsUv9XDC9szgBinkyRWcVgTKivAuQ/XgZcSLiXq9xwbiCixVNLuyW2w8Oy
li0fQx85ljDLYFN6rwoQ5XeYVKp4y9oxihS8NbHP5yy2ejchXhbW8G8YuhRxixq3
SN8uV7WmybkA5MDwxb2sEqcHQVmEwaCmuGgZUUkG2X2plIZSuuNpXFrvqGhIgLZW
SGrGTQEgCNKpUCMHyRpJctIaLGhHvVhEVr6YhdMv7ct+fvBW9Tb5CkDOXwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFLTZDE32dqYR9Wpa7VgJsFfprFeRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYwLzJhYWY0
YS1lMDNmLTRkNjEtYjY1Mi00MzVlNTdmY2NkYzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAvMmFhZjRh
LWUwM2YtNGQ2MS1iNjUyLTQzNWU1N2ZjY2RjOS8xL3ROa01UZloycGhIMWFscnRX
QW13Vi1tc1Y1RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMNHDANBgkqhkiG9w0BAQsFAAOCAQEAPCPIrRCgUT0y
MFPIBIyNiqECX02tdsvU8jvNsrxdpfYurMF1h6BW60Gst22siKCGbEVdYZbqBnSd
7biF/r4jwI9iGJre3nrO7TxYbWGmM+XxsneUOniKMhMag68Jb6ErbtQd49SZ5Bh0
VnZCvOjbKXq3HKxNxXMlJQEzBRg3kLYDR3aeuTj/iGNfV0wnn0QOnP2zKhJVtwJZ
NVO49SsjiMqJLYkoYcuXXG18N7YuXzLdqmp2JwAPz4CuZfuGAY13Qa6VekAdNJ5J
rP77F6mdUtC/AkS3LkFRLtylmNa+l9x+Pcl7qUQZfhR9eZK3x5V/hxAYJZ4/V72h
RtABZvydMQ==
-----END CERTIFICATE-----