Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vTvLhii9vq2xlKI1rEuMi3EeN9E.cer
File:                     vTvLhii9vq2xlKI1rEuMi3EeN9E.cer (raw, json)
Hash identifier:          I4BWlvIpvUEorBHLO4nSCO+vMPzIMvZwVnXXbToSJ4E=
Subject key identifier:   BD:3B:CB:86:28:BD:BE:AD:B1:94:A2:35:AC:4B:8C:8B:71:1E:37:D1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801BABF63990DEC872D16D128066A82
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/vTvLhii9vq2xlKI1rEuMi3EeN9E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 62309
                          IP: 2001:67c:af0::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ba:bf:63:99:0d:ec:87:2d:16:d1:28:06:6a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd3bcb8628bdbeadb194a235ac4b8c8b711e37d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:99:17:46:8c:ba:25:7a:93:7a:98:5f:ce:1a:
                    a5:b8:9f:97:5a:47:33:52:f2:e0:7f:b9:0e:15:d1:
                    5b:67:06:be:92:7e:49:c7:dd:a6:a8:8f:34:99:09:
                    cb:71:67:4c:3f:1a:b4:e7:32:82:cb:05:be:82:6e:
                    dc:8c:54:69:fc:43:26:80:69:99:64:01:f4:ce:d6:
                    94:47:d0:8a:67:e0:e4:4a:b6:60:79:17:bb:fd:ed:
                    1c:e1:5c:8b:4c:90:46:bd:4b:ef:d6:1c:c8:04:a6:
                    df:66:bf:ba:52:d8:0f:07:13:6b:ae:ea:c4:53:cf:
                    d0:5f:ca:5c:2a:69:82:3f:87:34:09:75:33:87:19:
                    40:6e:6e:ff:f6:86:42:1a:d2:ad:e1:1e:56:27:4a:
                    a4:19:00:96:9c:9e:79:8b:17:fc:3a:b3:d6:46:64:
                    a4:22:fb:89:e1:d2:49:3b:79:89:b4:f1:ed:fe:a2:
                    45:2a:5d:f0:52:db:e7:12:30:9f:5a:2b:b9:ab:e2:
                    a3:2a:6a:46:9d:65:c2:ab:74:05:9f:2f:2c:cc:57:
                    f7:a8:38:95:2a:42:64:19:32:3b:e6:c4:3c:fd:f6:
                    3f:ee:2c:80:36:b8:ce:01:fd:7b:95:75:10:bc:1b:
                    72:1b:26:4d:7d:70:a8:90:3b:94:37:9a:ec:22:33:
                    d5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:3B:CB:86:28:BD:BE:AD:B1:94:A2:35:AC:4B:8C:8B:71:1E:37:D1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/vTvLhii9vq2xlKI1rEuMi3EeN9E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:af0::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  62309

    Signature Algorithm: sha256WithRSAEncryption
         06:5b:93:02:15:b4:35:42:0d:6f:45:aa:f7:75:12:88:54:90:
         b9:ef:bc:73:7d:3c:7b:70:73:f1:5d:96:26:4f:1f:8c:68:c5:
         7b:d7:ea:ed:9c:2a:e6:fd:1c:1e:e0:3c:88:db:ec:80:d3:c6:
         c3:de:b1:11:72:18:89:b6:36:0f:0c:3d:bd:99:1e:df:3f:b9:
         88:07:c8:83:6f:c5:23:f1:eb:a4:d5:87:b5:d1:b7:6a:01:72:
         96:fe:8c:a7:7e:51:b6:de:8f:23:b9:22:c1:fd:d0:65:64:5a:
         67:3a:b2:a2:85:54:6a:0f:53:85:44:fe:37:86:d2:07:1e:83:
         88:f0:ad:e2:eb:66:a7:73:fa:24:99:aa:3b:5f:4a:55:7c:69:
         2b:4c:a8:6a:da:0c:fa:dc:a5:e9:f3:55:12:55:04:a2:63:1d:
         d1:b7:0a:9b:0b:67:c4:a7:1b:fb:28:6f:97:82:46:ef:8f:9e:
         67:2e:2f:bd:a9:8a:c7:28:e8:4a:95:b6:ff:86:2e:2c:56:fb:
         40:11:b0:03:01:28:25:12:be:0a:8f:f1:cb:e3:52:15:07:f4:
         00:bb:38:ea:73:b6:bd:8a:84:68:81:e8:59:57:d9:ca:46:e3:
         48:1d:d8:78:61:27:8c:ee:b3:58:79:d1:64:78:50:82:5f:ab:
         3d:22:ce:97
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzIAbq/Y5kN7IctFtEoBmqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDNiY2I4NjI4YmRiZWFkYjE5NGEyMzVhYzRiOGM4YjcxMWUzN2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5kXRoy6JXqTephfzhqluJ+XWkcz
UvLgf7kOFdFbZwa+kn5Jx92mqI80mQnLcWdMPxq05zKCywW+gm7cjFRp/EMmgGmZ
ZAH0ztaUR9CKZ+DkSrZgeRe7/e0c4VyLTJBGvUvv1hzIBKbfZr+6UtgPBxNrrurE
U8/QX8pcKmmCP4c0CXUzhxlAbm7/9oZCGtKt4R5WJ0qkGQCWnJ55ixf8OrPWRmSk
IvuJ4dJJO3mJtPHt/qJFKl3wUtvnEjCfWiu5q+KjKmpGnWXCq3QFny8szFf3qDiV
KkJkGTI75sQ8/fY/7iyANrjOAf17lXUQvBtyGyZNfXCokDuUN5rsIjPVZQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFL07y4Yovb6tsZSiNaxLjItxHjfRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U4LzI4YzJi
Ny02NjdlLTRkZWYtYjQxNS03YjRhZGViN2E0YjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTgvMjhjMmI3
LTY2N2UtNGRlZi1iNDE1LTdiNGFkZWI3YTRiNS8xL3ZUdkxoaWk5dnEyeGxLSTFy
RXVNaTNFZU45RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArwMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwDzZTANBgkqhkiG9w0BAQsFAAOCAQEABluTAhW0NUINb0Wq93USiFSQue+8
c308e3Bz8V2WJk8fjGjFe9fq7Zwq5v0cHuA8iNvsgNPGw96xEXIYibY2Dww9vZke
3z+5iAfIg2/FI/HrpNWHtdG3agFylv6Mp35Rtt6PI7kiwf3QZWRaZzqyooVUag9T
hUT+N4bSBx6DiPCt4utmp3P6JJmqO19KVXxpK0yoatoM+tyl6fNVElUEomMd0bcK
mwtnxKcb+yhvl4JG74+eZy4vvamKxyjoSpW2/4YuLFb7QBGwAwEoJRK+Co/xy+NS
FQf0ALs46nO2vYqEaIHoWVfZykbjSB3YeGEnjO6zWHnRZHhQgl+rPSLOlw==
-----END CERTIFICATE-----