Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vAB4on8QAyY8TFYbAlB2by9Sbn0.cer
File:                     vAB4on8QAyY8TFYbAlB2by9Sbn0.cer (raw, json)
Hash identifier:          YiM7aKOghZgsrfX07WNM3xSPv+iMyCdIFi6f2WEorOk=
Subject key identifier:   BC:00:78:A2:7F:10:03:26:3C:4C:56:1B:02:50:76:6F:2F:52:6E:7D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01916AC0B7B33E4F2C254389AAC8A6FB4B94
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/vAB4on8QAyY8TFYbAlB2by9Sbn0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 19 Aug 2024 13:08:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214359
                          IP: 2001:3680::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6a:c0:b7:b3:3e:4f:2c:25:43:89:aa:c8:a6:fb:4b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 19 13:08:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc0078a27f1003263c4c561b0250766f2f526e7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7d:4c:6b:1c:22:63:b8:02:4b:24:3c:fb:58:
                    56:e8:e4:a8:5b:46:45:45:53:f9:fc:55:48:d1:26:
                    8c:87:6c:ee:1c:03:0c:3b:75:57:21:a6:5c:aa:10:
                    80:99:a3:08:f0:35:3e:77:4f:ba:57:f6:fc:07:3b:
                    4d:e9:39:bc:33:d8:fb:dd:de:f1:12:80:68:45:44:
                    d5:2b:20:2a:e7:e1:40:18:a3:70:c1:93:de:92:83:
                    ea:c4:f9:a1:f1:27:36:dc:0d:24:a5:39:f9:3c:de:
                    60:a2:ce:09:2b:e2:f8:29:26:49:c1:e1:50:ad:2b:
                    37:98:6a:ff:ad:98:a9:8e:ea:c3:9d:a6:c3:4e:2a:
                    ec:a8:f5:d6:98:5c:e5:be:10:fe:05:39:14:52:90:
                    ac:dd:2f:dc:1c:15:d9:ae:96:37:39:c3:f8:39:1a:
                    68:38:a3:24:44:c1:c2:a5:47:e5:e0:9a:d1:a1:8d:
                    1e:28:f6:07:53:c9:c9:d3:17:b0:25:10:bf:c5:57:
                    74:42:d4:e6:c2:9a:68:12:9b:8e:7c:01:35:9d:dd:
                    ae:a5:0d:d1:0f:4d:17:03:53:f1:3d:5b:5c:3d:fe:
                    76:53:82:db:9d:d2:4a:4a:13:7e:9b:ab:a0:b0:ac:
                    d7:c3:78:1a:2e:17:3f:53:dd:64:3f:34:ca:13:6c:
                    bf:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:00:78:A2:7F:10:03:26:3C:4C:56:1B:02:50:76:6F:2F:52:6E:7D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/vAB4on8QAyY8TFYbAlB2by9Sbn0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3680::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214359

    Signature Algorithm: sha256WithRSAEncryption
         13:fe:16:41:14:92:62:2d:a3:65:f8:90:24:01:3d:6e:6c:b1:
         45:00:7b:d9:20:a5:60:8a:f4:59:71:e8:22:3d:9e:e5:56:e1:
         77:fe:82:57:98:9e:b3:28:d1:a6:b7:be:93:b9:f3:cc:b6:41:
         61:e2:e5:3c:6d:ed:3e:b5:a9:c1:c0:ec:40:66:1d:2c:7a:75:
         65:45:5f:65:0b:c3:e9:c1:f8:ab:84:1d:fd:8c:45:b1:5d:75:
         72:93:62:cf:22:61:b3:d9:93:71:0b:8e:a0:a6:0c:18:86:23:
         4f:e6:7b:c4:0c:81:e0:14:a4:4f:7e:82:ad:43:7c:cf:d4:b0:
         7f:6f:ba:37:bf:38:f5:05:15:3c:6d:c1:91:f7:35:4e:24:4a:
         be:a1:16:cf:26:60:f9:80:81:c0:b0:18:21:8b:f2:a6:08:d6:
         27:32:e8:3d:cb:37:fb:c4:f1:b9:70:cd:51:c4:d4:ca:28:4b:
         96:29:56:45:ef:22:1c:00:9c:b4:50:f8:b1:8f:71:82:00:76:
         0a:b8:84:b3:93:50:7d:7c:b3:9c:58:3a:84:8d:81:3c:d3:5e:
         70:1b:0f:fe:45:a7:08:8f:cb:94:3b:14:07:e3:b8:e5:f5:86:
         4c:83:ff:e6:63:ee:99:4c:14:bd:ec:75:ab:8a:4d:b8:e7:ac:
         45:ba:7b:9e
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZFqwLezPk8sJUOJqsim+0uUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODE5MTMwODIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzAwNzhhMjdmMTAwMzI2M2M0YzU2MWIwMjUwNzY2ZjJmNTI2ZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln1MaxwiY7gCSyQ8+1hW6OSoW0ZF
RVP5/FVI0SaMh2zuHAMMO3VXIaZcqhCAmaMI8DU+d0+6V/b8BztN6Tm8M9j73d7x
EoBoRUTVKyAq5+FAGKNwwZPekoPqxPmh8Sc23A0kpTn5PN5gos4JK+L4KSZJweFQ
rSs3mGr/rZipjurDnabDTirsqPXWmFzlvhD+BTkUUpCs3S/cHBXZrpY3OcP4ORpo
OKMkRMHCpUfl4JrRoY0eKPYHU8nJ0xewJRC/xVd0QtTmwppoEpuOfAE1nd2upQ3R
D00XA1PxPVtcPf52U4LbndJKShN+m6ugsKzXw3gaLhc/U91kPzTKE2y/SwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFLwAeKJ/EAMmPExWGwJQdm8vUm59MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVkL2MxNWJh
Ny1kODJmLTRkZGEtOTAzYy1jMTRhYWM0MWExYzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvYzE1YmE3
LWQ4MmYtNGRkYS05MDNjLWMxNGFhYzQxYTFjMi8xL3ZBQjRvbjhRQXlZOFRGWWJB
bEIyYnk5U2JuMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDIAE2gDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDRVcwDQYJKoZIhvcNAQELBQADggEBABP+FkEUkmIto2X4kCQBPW5ssUUAe9kg
pWCK9Flx6CI9nuVW4Xf+gleYnrMo0aa3vpO588y2QWHi5Txt7T61qcHA7EBmHSx6
dWVFX2ULw+nB+KuEHf2MRbFddXKTYs8iYbPZk3ELjqCmDBiGI0/me8QMgeAUpE9+
gq1DfM/UsH9vuje/OPUFFTxtwZH3NU4kSr6hFs8mYPmAgcCwGCGL8qYI1icy6D3L
N/vE8blwzVHE1MooS5YpVkXvIhwAnLRQ+LGPcYIAdgq4hLOTUH18s5xYOoSNgTzT
XnAbD/5FpwiPy5Q7FAfjuOX1hkyD/+Zj7plMFL3sdauKTbjnrEW6e54=
-----END CERTIFICATE-----