Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/w9a4Z_-YTcfF6szS2j-Szzxnfas.cer
File:                     w9a4Z_-YTcfF6szS2j-Szzxnfas.cer (raw, json)
Hash identifier:          Je9nJiY+++PkkJ76QbsOTaPXjs2Q0S8gTo87xetilfI=
Subject key identifier:   C3:D6:B8:67:FF:98:4D:C7:C5:EA:CC:D2:DA:3F:92:CF:3C:67:7D:AB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018F88D27D216521071D04D62B936571D552
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/c58479df-f5b7-4453-92bf-de1f61b3d4b0/0/C3D6B867FF984DC7C5EACCD2DA3F92CF3C677DAB.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/c58479df-f5b7-4453-92bf-de1f61b3d4b0/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 17 May 2024 23:10:47 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215126

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:88:d2:7d:21:65:21:07:1d:04:d6:2b:93:65:71:d5:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 17 23:10:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3d6b867ff984dc7c5eaccd2da3f92cf3c677dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:22:11:a7:5d:ac:9b:c4:f8:ae:5a:9a:dd:23:
                    c4:36:30:35:ea:c4:9c:4f:dd:97:7c:0b:24:0b:72:
                    81:ec:f5:f0:f7:49:31:6e:04:ca:04:a3:df:d1:90:
                    52:ef:2d:43:f9:75:1d:b6:03:7d:cc:b1:44:e9:5b:
                    c5:c4:0f:b2:dc:8d:21:97:58:ca:86:0d:2d:ff:cc:
                    23:60:78:be:45:8d:b6:5a:92:87:fd:6e:f7:4a:b3:
                    0a:20:45:fa:bb:53:b7:05:19:a7:be:8a:80:5d:c7:
                    d6:f3:91:29:78:5c:9e:f4:5c:cf:83:9d:9b:61:50:
                    76:f7:c5:1f:41:bd:b6:38:03:21:b6:f6:9d:b2:d3:
                    d2:3c:ef:d3:a8:4e:36:1a:d6:f8:0f:0f:0d:c5:39:
                    9c:f6:c7:a2:55:35:bd:5f:14:64:d1:99:cb:fb:61:
                    c0:3d:cc:f5:48:1a:82:d0:92:a4:ef:98:e9:dc:af:
                    f1:f8:0d:de:68:13:35:0b:53:25:e6:f8:9f:fe:e9:
                    3d:24:8d:77:ee:3b:3c:9a:f1:a6:71:20:bb:54:b6:
                    eb:15:81:59:d4:a1:b8:3b:df:cb:85:f3:bf:23:c9:
                    f6:74:0b:56:53:82:a2:85:17:33:91:22:26:06:0f:
                    15:90:98:9d:68:3a:77:de:c2:f1:22:bc:ee:74:e9:
                    bc:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D6:B8:67:FF:98:4D:C7:C5:EA:CC:D2:DA:3F:92:CF:3C:67:7D:AB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/c58479df-f5b7-4453-92bf-de1f61b3d4b0/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/c58479df-f5b7-4453-92bf-de1f61b3d4b0/0/C3D6B867FF984DC7C5EACCD2DA3F92CF3C677DAB.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215126

    Signature Algorithm: sha256WithRSAEncryption
         7c:73:12:a1:12:f4:4e:f1:b7:ef:6b:99:0e:d4:b4:ae:b5:db:
         b8:fd:bc:3c:ee:95:c9:05:12:83:d9:74:e3:20:91:ec:6c:f0:
         24:aa:21:bc:ff:55:21:89:0f:c8:be:06:b8:4f:8a:25:4c:10:
         d4:0e:7c:60:0b:88:86:9c:b3:0d:e1:eb:f9:bd:bc:eb:95:db:
         5e:28:37:23:0d:98:54:4f:b7:3b:19:3c:e8:28:28:0f:5f:69:
         f4:ce:1d:48:e0:02:95:67:58:13:87:3c:63:a0:e5:5c:27:0b:
         7e:72:08:34:1a:f3:e6:57:37:22:6e:03:f4:14:de:fd:28:ae:
         4e:0d:60:2a:fe:4c:22:a8:e7:ae:3c:7e:05:18:1a:b0:9d:39:
         bc:ed:19:db:aa:8b:de:60:95:10:5b:bb:c4:2f:fd:74:07:de:
         11:6b:61:c7:5d:39:06:54:ad:e7:6b:1e:1e:26:8b:d7:d1:0e:
         7b:f0:55:8a:1d:c4:66:a0:ba:5d:f3:18:0b:68:2a:7e:a1:39:
         20:cd:c0:11:06:24:17:d4:f0:b7:b1:1c:a6:bc:d4:ec:ee:b6:
         91:33:83:94:1b:db:e6:ef:7f:8c:11:cd:7d:12:45:ef:4f:33:
         00:fd:3f:fd:d9:c6:38:4a:6f:5e:a4:7e:d7:e9:24:4f:11:4b:
         90:69:67:d4
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAY+I0n0hZSEHHQTWK5NlcdVSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNTE3MjMxMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Q2Yjg2N2ZmOTg0ZGM3YzVlYWNjZDJkYTNmOTJjZjNjNjc3ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyIRp12sm8T4rlqa3SPENjA16sSc
T92XfAskC3KB7PXw90kxbgTKBKPf0ZBS7y1D+XUdtgN9zLFE6VvFxA+y3I0hl1jK
hg0t/8wjYHi+RY22WpKH/W73SrMKIEX6u1O3BRmnvoqAXcfW85EpeFye9FzPg52b
YVB298UfQb22OAMhtvadstPSPO/TqE42Gtb4Dw8NxTmc9seiVTW9XxRk0ZnL+2HA
Pcz1SBqC0JKk75jp3K/x+A3eaBM1C1Ml5vif/uk9JI137js8mvGmcSC7VLbrFYFZ
1KG4O9/LhfO/I8n2dAtWU4KihRczkSImBg8VkJidaDp33sLxIrzudOm8KwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFMPWuGf/mE3HxerM0to/ks88Z32rMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M1ODQ3
OWRmLWY1YjctNDQ1My05MmJmLWRlMWY2MWIzZDRiMC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzU4
NDc5ZGYtZjViNy00NDUzLTkyYmYtZGUxZjYxYjNkNGIwLzAvQzNENkI4NjdGRjk4
NERDN0M1RUFDQ0QyREEzRjkyQ0YzQzY3N0RBQi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDSFYw
DQYJKoZIhvcNAQELBQADggEBAHxzEqES9E7xt+9rmQ7UtK6127j9vDzulckFEoPZ
dOMgkexs8CSqIbz/VSGJD8i+BrhPiiVMENQOfGALiIacsw3h6/m9vOuV214oNyMN
mFRPtzsZPOgoKA9fafTOHUjgApVnWBOHPGOg5VwnC35yCDQa8+ZXNyJuA/QU3v0o
rk4NYCr+TCKo5648fgUYGrCdObztGduqi95glRBbu8Qv/XQH3hFrYcddOQZUredr
Hh4mi9fRDnvwVYodxGagul3zGAtoKn6hOSDNwBEGJBfU8LexHKa81OzutpEzg5Qb
2+bvf4wRzX0SRe9PMwD9P/3ZxjhKb16kftfpJE8RS5BpZ9Q=
-----END CERTIFICATE-----