Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vfSGpExRBdeBNXKUVhzMPROk1nE.cer
File:                     vfSGpExRBdeBNXKUVhzMPROk1nE.cer (raw, json)
Hash identifier:          CVzjdWhQtTAwpXiL4JZ3YcNfwF/L288R9AmG9eWZj/g=
Subject key identifier:   BD:F4:86:A4:4C:51:05:D7:81:35:72:94:56:1C:CC:3D:13:A4:D6:71
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC725B3C9488602DF84345E879243DA5C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:29:46 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198552

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b3:c9:48:86:02:df:84:34:5e:87:92:43:da:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdf486a44c5105d781357294561ccc3d13a4d671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5d:19:36:8f:ac:cf:74:62:7d:88:02:a3:c3:
                    d5:e7:e3:0d:fd:47:e1:7c:76:6c:ec:8b:8b:c6:19:
                    33:88:fc:56:2a:67:b1:b5:59:4a:dc:10:0d:9b:95:
                    ce:a0:e6:dd:00:1e:7b:ab:55:36:f5:31:52:7a:f0:
                    54:fe:6e:b1:63:0f:1b:03:11:ff:18:c5:61:62:27:
                    0c:dc:25:11:f5:c1:f2:cd:0b:14:78:c0:23:de:49:
                    92:3c:0f:50:33:34:40:35:12:fe:92:53:ab:60:c9:
                    90:d8:11:6e:16:38:ef:2c:93:1a:6d:63:07:86:21:
                    20:15:28:77:97:3e:69:5b:24:87:9e:71:f4:87:e8:
                    af:e9:26:31:c2:de:f9:15:b1:ec:8a:cd:8e:6d:47:
                    11:ea:ae:02:24:6b:e0:34:2f:9c:8b:c8:6e:8b:6f:
                    4f:4f:ba:f3:76:d3:76:a3:4c:f9:d6:da:b0:3b:49:
                    ce:e9:31:25:06:77:81:45:9b:29:fc:47:6a:1c:55:
                    73:f3:b4:ee:8a:94:ae:47:8a:2d:73:d7:a2:fe:6b:
                    90:1f:5d:e9:27:59:68:68:eb:6c:b5:2a:78:ce:2e:
                    6f:91:df:7b:a3:85:4a:6b:d0:c0:70:ef:60:e6:ed:
                    20:2a:32:ee:54:41:58:95:da:0f:1f:c0:eb:69:07:
                    78:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F4:86:A4:4C:51:05:D7:81:35:72:94:56:1C:CC:3D:13:A4:D6:71
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198552

    Signature Algorithm: sha256WithRSAEncryption
         49:06:9e:8c:01:fe:cf:c6:10:ec:27:67:65:fe:02:a8:74:6b:
         6a:5d:fe:57:93:d6:e1:5c:b6:e9:ef:2c:2d:5d:af:92:78:30:
         f6:95:22:e5:d3:a2:65:98:14:a2:4c:84:f3:ef:8c:ca:64:24:
         94:8a:18:31:75:c2:9d:61:b7:23:8f:e2:ed:68:14:69:6a:3a:
         f1:4b:d2:59:44:7e:4f:ca:12:dd:7b:62:46:45:8c:d2:cb:66:
         6f:68:d5:bd:4f:5a:27:52:da:31:41:09:d2:71:78:df:38:8d:
         38:b1:ac:75:7a:09:67:b1:11:c2:ff:d8:0e:0e:d5:92:dd:94:
         6b:9f:34:44:46:73:43:e6:6e:f2:2f:ac:8f:d1:2e:f6:9d:b1:
         c3:6d:83:7e:e1:18:20:ff:4e:f1:31:a9:26:f3:b5:4a:37:0d:
         7b:69:98:3e:c9:be:92:3b:40:9c:d5:1c:17:53:37:1c:9c:54:
         56:6e:64:9b:f2:03:82:b5:a6:4d:96:e0:ba:5c:ba:e9:c8:9e:
         73:49:b8:0d:20:a2:4a:1a:7d:69:31:c9:b7:c7:d1:fc:01:4e:
         53:ab:f7:82:21:fd:5b:99:bf:46:00:d7:4a:68:f8:a4:4c:f0:
         90:40:57:e5:d7:3c:a1:c3:dd:a4:2f:46:dd:49:d2:7a:9f:7d:
         ea:3e:94:a7
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHJbPJSIYC34Q0XoeSQ9pcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGY0ODZhNDRjNTEwNWQ3ODEzNTcyOTQ1NjFjY2MzZDEzYTRkNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF0ZNo+sz3RifYgCo8PV5+MN/Ufh
fHZs7IuLxhkziPxWKmextVlK3BANm5XOoObdAB57q1U29TFSevBU/m6xYw8bAxH/
GMVhYicM3CUR9cHyzQsUeMAj3kmSPA9QMzRANRL+klOrYMmQ2BFuFjjvLJMabWMH
hiEgFSh3lz5pWySHnnH0h+iv6SYxwt75FbHsis2ObUcR6q4CJGvgNC+ci8hui29P
T7rzdtN2o0z51tqwO0nO6TElBneBRZsp/EdqHFVz87TuipSuR4otc9ei/muQH13p
J1loaOtstSp4zi5vkd97o4VKa9DAcO9g5u0gKjLuVEFYldoPH8DraQd4IwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFL30hqRMUQXXgTVylFYczD0TpNZxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliL2I4YjI3
OC1mOWJkLTQwZTEtODAzYS1mNjkxZjY0NzU4YWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvYjhiMjc4
LWY5YmQtNDBlMS04MDNhLWY2OTFmNjQ3NThhYy8xL3ZmU0dwRXhSQmRlQk5YS1VW
aHpNUFJPazFuRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMHmDANBgkqhkiG9w0BAQsFAAOCAQEASQaejAH+z8YQ
7CdnZf4CqHRral3+V5PW4Vy26e8sLV2vkngw9pUi5dOiZZgUokyE8++MymQklIoY
MXXCnWG3I4/i7WgUaWo68UvSWUR+T8oS3XtiRkWM0stmb2jVvU9aJ1LaMUEJ0nF4
3ziNOLGsdXoJZ7ERwv/YDg7Vkt2Ua580REZzQ+Zu8i+sj9Eu9p2xw22DfuEYIP9O
8TGpJvO1SjcNe2mYPsm+kjtAnNUcF1M3HJxUVm5km/IDgrWmTZbguly66ciec0m4
DSCiShp9aTHJt8fR/AFOU6v3giH9W5m/RgDXSmj4pEzwkEBX5dc8ocPdpC9G3UnS
ep996j6Upw==
-----END CERTIFICATE-----