Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vcY3kA_h-N55paT6sxohLD4awpQ.cer
File:                     vcY3kA_h-N55paT6sxohLD4awpQ.cer (raw, json)
Hash identifier:          y8+CRhrOFs5BWqZZgsgNV6B9gsb/8LSIczmFUACKN+M=
Subject key identifier:   BD:C6:37:90:0F:E1:F8:DE:79:A5:A4:FA:B3:1A:21:2C:3E:1A:C2:94
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F16DD6FDFBA29925484CB45627DC0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/53/6363a1-aac6-46cf-8d35-aa8733ff5be1/1/vcY3kA_h-N55paT6sxohLD4awpQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/53/6363a1-aac6-46cf-8d35-aa8733ff5be1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:29:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 58051

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:16:dd:6f:df:ba:29:92:54:84:cb:45:62:7d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdc637900fe1f8de79a5a4fab31a212c3e1ac294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3c:6b:49:68:18:0b:55:a0:8c:8d:ce:18:0f:
                    c5:f3:97:b5:e7:1f:28:d7:79:3f:73:12:66:93:9d:
                    44:b7:38:0d:22:7d:78:0c:ff:e2:8d:1e:4a:49:74:
                    90:30:69:48:64:cf:c6:f7:1a:21:18:12:2e:21:d8:
                    25:a3:2c:b1:d8:90:f2:f6:03:fc:d8:b4:51:90:86:
                    9d:ed:b8:e7:1f:c3:ef:b8:4c:91:83:b6:56:48:ee:
                    ae:7f:22:9a:94:55:a2:b8:45:40:0c:69:3f:b6:50:
                    26:92:c1:cc:e5:bc:48:ae:fe:c0:94:fa:44:9d:54:
                    1a:c4:0f:5f:a3:fc:e9:97:c5:e3:aa:2d:a3:50:cb:
                    03:21:16:3e:b9:e1:15:0f:4d:1e:ef:d7:d0:05:c3:
                    8d:d1:9d:47:09:5a:a3:fa:fc:54:ae:37:74:55:96:
                    01:71:8c:20:28:f4:38:cf:27:60:21:fa:7a:0f:cf:
                    f1:f4:27:3b:09:99:15:86:fa:2d:94:da:f9:3a:44:
                    e6:70:9d:c9:cd:48:f4:14:ec:91:eb:9b:90:cd:bf:
                    93:e9:c1:95:44:80:dd:71:53:09:46:81:45:7a:63:
                    5a:8d:6c:ab:a7:88:d1:28:82:f0:7f:39:5b:d4:02:
                    df:61:c9:8a:ea:f1:75:fe:c6:23:83:32:c8:2d:74:
                    59:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C6:37:90:0F:E1:F8:DE:79:A5:A4:FA:B3:1A:21:2C:3E:1A:C2:94
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/6363a1-aac6-46cf-8d35-aa8733ff5be1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/6363a1-aac6-46cf-8d35-aa8733ff5be1/1/vcY3kA_h-N55paT6sxohLD4awpQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  58051

    Signature Algorithm: sha256WithRSAEncryption
         50:7e:00:e3:61:14:ba:7f:80:b3:d5:f7:3d:9b:e8:ae:02:80:
         22:50:7b:f3:cd:f7:e7:3f:fb:7b:bb:1d:ac:b0:99:e7:00:a9:
         5f:17:66:85:b5:47:63:9c:3a:c3:fc:dd:71:7e:3b:89:1e:0a:
         a0:94:f2:c4:a3:5f:76:7c:44:51:b6:14:64:fd:d9:93:d2:ea:
         29:1d:06:38:b5:1c:74:b7:9a:9b:e4:94:d1:30:3e:f5:18:15:
         53:eb:d0:fe:15:c2:53:ae:0c:c6:c5:3f:ca:dc:d8:0a:fe:96:
         15:55:eb:46:b0:97:d0:a0:55:6e:ee:ed:6f:61:de:bd:f2:f8:
         02:d5:46:42:83:57:df:98:92:a4:03:75:b1:9e:d6:39:bc:52:
         42:c6:a2:fb:9c:a2:8d:95:62:da:94:d0:0d:3a:d9:d4:17:30:
         af:6f:00:1d:a2:df:da:16:f1:43:c6:5d:af:14:83:eb:94:be:
         17:b2:01:21:f3:d5:6c:06:9f:a2:0d:7c:6a:4d:d8:43:f1:3d:
         6f:81:dd:c9:9d:45:61:c1:a1:6d:68:32:96:c2:ea:b2:24:14:
         16:e1:c9:fb:04:12:7e:96:b6:ee:b9:65:75:d9:b5:b6:66:6a:
         74:6c:43:1b:93:1c:12:c4:44:2b:31:fb:9c:49:77:1a:2d:e7:
         4c:cd:85:ec
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIbxbdb9+6KZJUhMtFYn3AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGM2Mzc5MDBmZTFmOGRlNzlhNWE0ZmFiMzFhMjEyYzNlMWFjMjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjxrSWgYC1WgjI3OGA/F85e15x8o
13k/cxJmk51EtzgNIn14DP/ijR5KSXSQMGlIZM/G9xohGBIuIdgloyyx2JDy9gP8
2LRRkIad7bjnH8PvuEyRg7ZWSO6ufyKalFWiuEVADGk/tlAmksHM5bxIrv7AlPpE
nVQaxA9fo/zpl8Xjqi2jUMsDIRY+ueEVD00e79fQBcON0Z1HCVqj+vxUrjd0VZYB
cYwgKPQ4zydgIfp6D8/x9Cc7CZkVhvotlNr5OkTmcJ3JzUj0FOyR65uQzb+T6cGV
RIDdcVMJRoFFemNajWyrp4jRKILwfzlb1ALfYcmK6vF1/sYjgzLILXRZ2wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFL3GN5AP4fjeeaWk+rMaISw+GsKUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUzLzYzNjNh
MS1hYWM2LTQ2Y2YtOGQzNS1hYTg3MzNmZjViZTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTMvNjM2M2Ex
LWFhYzYtNDZjZi04ZDM1LWFhODczM2ZmNWJlMS8xL3ZjWTNrQV9oLU41NXBhVDZz
eG9oTEQ0YXdwUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDiwzANBgkqhkiG9w0BAQsFAAOCAQEAUH4A42EUun+A
s9X3PZvorgKAIlB788335z/7e7sdrLCZ5wCpXxdmhbVHY5w6w/zdcX47iR4KoJTy
xKNfdnxEUbYUZP3Zk9LqKR0GOLUcdLeam+SU0TA+9RgVU+vQ/hXCU64MxsU/ytzY
Cv6WFVXrRrCX0KBVbu7tb2HevfL4AtVGQoNX35iSpAN1sZ7WObxSQsai+5yijZVi
2pTQDTrZ1Bcwr28AHaLf2hbxQ8ZdrxSD65S+F7IBIfPVbAafog18ak3YQ/E9b4Hd
yZ1FYcGhbWgylsLqsiQUFuHJ+wQSfpa27rllddm1tmZqdGxDG5McEsREKzH7nEl3
Gi3nTM2F7A==
-----END CERTIFICATE-----