Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vln_z7TGm3nZrNy-apTbidUjYI4.cer
File:                     vln_z7TGm3nZrNy-apTbidUjYI4.cer (raw, json)
Hash identifier:          ZW6mF3PHT8YAnL0dQ00R8R34Zge3hjK2GwGlk6ro9aQ=
Subject key identifier:   BE:59:FF:CF:B4:C6:9B:79:D9:AC:DC:BE:6A:94:DB:89:D5:23:60:8E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC793E8A2F70D3020FEFCD7FA5DBDB16D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5e/1ccc69-986a-4bad-bd3a-9b6a0f369bcd/1/vln_z7TGm3nZrNy-apTbidUjYI4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5e/1ccc69-986a-4bad-bd3a-9b6a0f369bcd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198734

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:e8:a2:f7:0d:30:20:fe:fc:d7:fa:5d:bd:b1:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be59ffcfb4c69b79d9acdcbe6a94db89d523608e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7a:27:37:71:b9:b2:af:93:03:24:cc:e3:38:
                    e7:2a:f3:4c:2a:90:cc:87:1f:25:3a:fe:c8:57:92:
                    b0:86:9e:c8:2a:25:1f:69:2d:8f:19:3f:8a:ac:5e:
                    61:fa:b8:d7:5c:ed:e5:49:09:47:b1:87:68:ab:dc:
                    fb:8e:68:ed:ea:8e:5d:8b:19:00:b7:f7:d6:63:b5:
                    a8:2f:f9:b1:07:e5:22:c1:0b:48:65:27:a4:00:5e:
                    11:d9:f9:bc:d1:a7:02:0d:e8:8b:ec:bb:9f:e9:cf:
                    c8:ba:e9:3f:0c:0b:7a:10:b7:a8:5f:2c:71:38:2d:
                    53:b6:7b:27:6c:7a:32:16:54:00:87:96:7e:cb:3b:
                    1a:27:8c:66:43:9b:70:3a:3c:0a:00:7a:3c:99:75:
                    ef:30:c6:de:3d:37:ae:a3:d8:37:61:70:7c:b6:15:
                    50:b8:0b:6f:9c:d7:ea:24:ec:14:2a:df:37:56:40:
                    2b:d9:5a:90:a8:68:dc:54:a1:94:41:b8:10:18:89:
                    a7:bb:df:d0:e0:85:62:5c:6b:f1:73:19:fb:ec:d6:
                    78:25:76:d6:4b:1a:44:16:d1:b5:6d:9e:2b:63:40:
                    f8:de:08:17:05:fa:0e:cf:a1:ae:70:b8:52:18:50:
                    8f:a7:64:28:2e:d7:6a:c9:ef:2e:5a:cf:59:0f:c7:
                    bb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:59:FF:CF:B4:C6:9B:79:D9:AC:DC:BE:6A:94:DB:89:D5:23:60:8E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/1ccc69-986a-4bad-bd3a-9b6a0f369bcd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/1ccc69-986a-4bad-bd3a-9b6a0f369bcd/1/vln_z7TGm3nZrNy-apTbidUjYI4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198734

    Signature Algorithm: sha256WithRSAEncryption
         1f:60:cd:cc:51:cf:e3:1a:8a:dd:d2:98:76:ab:eb:f3:00:d7:
         8f:22:a4:aa:af:64:82:94:33:b0:f2:4f:f7:aa:68:f4:11:58:
         3e:b0:7a:6f:c9:70:e5:28:35:85:06:58:7d:67:cd:7a:ae:ba:
         36:6b:9e:0a:43:6f:74:f2:6f:4e:66:54:a0:ab:09:cc:79:e6:
         76:c2:ed:1b:45:3d:f6:12:0e:69:a6:92:52:58:b6:14:61:59:
         ec:9f:19:56:1c:dc:63:29:3a:33:9c:37:b4:58:34:52:66:c3:
         bf:63:c5:d7:90:a4:8d:8d:72:da:73:17:e2:7f:2d:20:30:72:
         e1:2d:a9:80:de:c7:d0:54:1d:d2:84:50:45:08:ec:7d:d4:28:
         97:f9:85:a6:eb:5f:62:01:6c:5c:87:17:e4:c3:71:89:3d:9e:
         e9:40:87:eb:5e:c2:34:22:12:04:f5:0a:79:e5:4c:58:d8:72:
         02:d9:2d:f3:cf:4e:fc:f6:bd:85:69:66:d5:83:2a:00:03:90:
         95:de:bd:57:c9:f4:be:8f:b2:d4:bf:d1:b1:00:33:c0:70:75:
         ac:b1:ce:09:e0:6c:db:e8:95:a0:a9:e0:55:7f:27:2a:9b:1d:
         9c:c5:10:92:15:31:f4:53:1a:95:da:74:ec:85:a3:ee:fe:72:
         f8:c4:44:80
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHk+ii9w0wIP781/pdvbFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTU5ZmZjZmI0YzY5Yjc5ZDlhY2RjYmU2YTk0ZGI4OWQ1MjM2MDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3onN3G5sq+TAyTM4zjnKvNMKpDM
hx8lOv7IV5Kwhp7IKiUfaS2PGT+KrF5h+rjXXO3lSQlHsYdoq9z7jmjt6o5dixkA
t/fWY7WoL/mxB+UiwQtIZSekAF4R2fm80acCDeiL7Luf6c/Iuuk/DAt6ELeoXyxx
OC1TtnsnbHoyFlQAh5Z+yzsaJ4xmQ5twOjwKAHo8mXXvMMbePTeuo9g3YXB8thVQ
uAtvnNfqJOwUKt83VkAr2VqQqGjcVKGUQbgQGImnu9/Q4IViXGvxcxn77NZ4JXbW
SxpEFtG1bZ4rY0D43ggXBfoOz6GucLhSGFCPp2QoLtdqye8uWs9ZD8e7CwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFL5Z/8+0xpt52azcvmqU24nVI2COMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVlLzFjY2M2
OS05ODZhLTRiYWQtYmQzYS05YjZhMGYzNjliY2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUvMWNjYzY5
LTk4NmEtNGJhZC1iZDNhLTliNmEwZjM2OWJjZC8xL3Zsbl96N1RHbTNuWnJOeS1h
cFRiaWRVallJNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMITjANBgkqhkiG9w0BAQsFAAOCAQEAH2DNzFHP4xqK
3dKYdqvr8wDXjyKkqq9kgpQzsPJP96po9BFYPrB6b8lw5Sg1hQZYfWfNeq66Nmue
CkNvdPJvTmZUoKsJzHnmdsLtG0U99hIOaaaSUli2FGFZ7J8ZVhzcYyk6M5w3tFg0
UmbDv2PF15CkjY1y2nMX4n8tIDBy4S2pgN7H0FQd0oRQRQjsfdQol/mFputfYgFs
XIcX5MNxiT2e6UCH617CNCISBPUKeeVMWNhyAtkt889O/Pa9hWlm1YMqAAOQld69
V8n0vo+y1L/RsQAzwHB1rLHOCeBs2+iVoKngVX8nKpsdnMUQkhUx9FMaldp07IWj
7v5y+MREgA==
-----END CERTIFICATE-----