Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wsej20o9La--GGqmhfRzbqfQjDg.cer
File:                     wsej20o9La--GGqmhfRzbqfQjDg.cer (raw, json)
Hash identifier:          /JubLD6i9fEATrPze3CF52H3bdJ/+TqngGDbl3j8c7s=
Subject key identifier:   C2:C7:A3:DB:4A:3D:2D:AF:BE:18:6A:A6:85:F4:73:6E:A7:D0:8C:38
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FDA0BD7DFE58C61D80241648CE714B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3f/652bef-6f4e-4997-bb3a-4c9e49239624/1/wsej20o9La--GGqmhfRzbqfQjDg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3f/652bef-6f4e-4997-bb3a-4c9e49239624/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:49:26 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 42993
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a0:bd:7d:fe:58:c6:1d:80:24:16:48:ce:71:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2c7a3db4a3d2dafbe186aa685f4736ea7d08c38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:fd:ab:bc:ad:7c:fe:1c:26:12:43:d6:90:
                    bd:4e:b1:71:d8:d7:76:ec:64:62:9b:f3:58:c5:6c:
                    6a:ef:5d:b8:a4:06:1d:28:15:74:e3:74:16:d5:3a:
                    01:67:3e:4f:6d:15:39:e5:2d:50:dd:1d:9b:56:3b:
                    8a:57:fc:61:f6:58:48:b6:7f:46:c4:6c:46:c5:ce:
                    2d:22:41:82:a5:61:65:98:30:b1:d7:3a:b6:5d:74:
                    8d:ea:66:13:52:5d:b0:8f:c5:00:db:7b:46:57:e8:
                    28:d2:a4:e9:5b:c8:de:18:9f:2a:94:1c:59:17:98:
                    5a:fd:61:ed:2e:5e:b6:a3:a6:3f:f9:1f:69:43:5b:
                    eb:2c:71:4c:be:93:38:f4:20:e0:e9:bc:e3:28:27:
                    30:58:b3:fc:1c:d4:52:5f:0e:99:72:10:c4:d6:08:
                    f8:2c:45:44:ce:56:cd:26:82:50:63:ee:91:3a:f0:
                    ae:17:e9:f9:f1:9e:f6:be:8e:d7:9a:0b:79:fd:f9:
                    dc:30:9e:5d:19:5a:73:93:8d:a5:10:6a:af:b3:30:
                    cc:ea:15:8c:a8:dc:91:03:99:ff:27:78:7a:e4:dc:
                    20:e6:74:58:3d:36:89:72:9f:43:e3:72:e1:76:ec:
                    5d:9c:25:a1:c3:d3:9d:fe:f1:34:33:32:85:d5:d0:
                    6b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C7:A3:DB:4A:3D:2D:AF:BE:18:6A:A6:85:F4:73:6E:A7:D0:8C:38
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/652bef-6f4e-4997-bb3a-4c9e49239624/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/652bef-6f4e-4997-bb3a-4c9e49239624/1/wsej20o9La--GGqmhfRzbqfQjDg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42993

    Signature Algorithm: sha256WithRSAEncryption
         37:80:01:d6:5a:a3:7f:69:53:54:e0:ad:4f:3e:d8:27:46:ac:
         37:df:d4:ba:77:b7:bc:ba:7d:ec:5a:60:44:40:f2:14:09:7b:
         57:47:76:ab:ad:74:1b:be:54:49:d7:8f:ec:7e:7a:55:90:1c:
         44:05:06:c3:ec:ce:db:90:c4:f0:8c:5b:47:6d:db:95:12:85:
         4b:ec:69:44:49:ca:6a:43:2a:00:ac:55:40:0e:95:58:22:0a:
         60:cb:28:4d:cc:18:11:3f:5f:4a:31:a9:38:3f:e6:ca:ec:eb:
         3c:fb:ec:cd:65:74:6b:1c:a8:08:70:fb:8b:39:13:3a:3c:29:
         a6:20:43:32:35:fc:89:80:27:9b:9a:6f:0e:54:f2:19:7d:d3:
         b3:88:94:51:17:bf:3e:41:89:8d:44:3f:6f:28:4d:4e:94:72:
         c1:c0:23:59:72:7b:9f:e1:f6:ba:5d:0b:cd:67:15:e5:42:42:
         2c:86:a8:3e:73:e2:04:c5:21:65:d7:b5:bf:51:4d:2b:e9:58:
         1a:4b:85:1d:e1:81:37:8d:fb:c6:3d:fb:e2:1d:ee:f2:58:67:
         ed:01:a3:8e:2a:f7:fc:ee:9e:f5:3c:4e:4b:cb:7f:b3:23:fe:
         34:df:c7:6d:49:b3:e9:96:29:3a:22:a1:9c:0d:97:d1:43:1a:
         bd:49:07:fc
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQl/aC9ff5Yxh2AJBZIznFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmM3YTNkYjRhM2QyZGFmYmUxODZhYTY4NWY0NzM2ZWE3ZDA4YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwn9q7ytfP4cJhJD1pC9TrFx2Nd2
7GRim/NYxWxq7124pAYdKBV043QW1ToBZz5PbRU55S1Q3R2bVjuKV/xh9lhItn9G
xGxGxc4tIkGCpWFlmDCx1zq2XXSN6mYTUl2wj8UA23tGV+go0qTpW8jeGJ8qlBxZ
F5ha/WHtLl62o6Y/+R9pQ1vrLHFMvpM49CDg6bzjKCcwWLP8HNRSXw6ZchDE1gj4
LEVEzlbNJoJQY+6ROvCuF+n58Z72vo7Xmgt5/fncMJ5dGVpzk42lEGqvszDM6hWM
qNyRA5n/J3h65Nwg5nRYPTaJcp9D43LhduxdnCWhw9Od/vE0MzKF1dBrBwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFMLHo9tKPS2vvhhqpoX0c26n0Iw4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNmLzY1MmJl
Zi02ZjRlLTQ5OTctYmIzYS00YzllNDkyMzk2MjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2YvNjUyYmVm
LTZmNGUtNDk5Ny1iYjNhLTRjOWU0OTIzOTYyNC8xL3dzZWoyMG85TGEtLUdHcW1o
ZlJ6YnFmUWpEZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCn8TANBgkqhkiG9w0BAQsFAAOCAQEAN4AB1lqjf2lT
VOCtTz7YJ0asN9/Uune3vLp97FpgREDyFAl7V0d2q610G75USdeP7H56VZAcRAUG
w+zO25DE8IxbR23blRKFS+xpREnKakMqAKxVQA6VWCIKYMsoTcwYET9fSjGpOD/m
yuzrPPvszWV0axyoCHD7izkTOjwppiBDMjX8iYAnm5pvDlTyGX3Ts4iUURe/PkGJ
jUQ/byhNTpRywcAjWXJ7n+H2ul0LzWcV5UJCLIaoPnPiBMUhZde1v1FNK+lYGkuF
HeGBN437xj374h3u8lhn7QGjjir3/O6e9TxOS8t/syP+NN/HbUmz6ZYpOiKhnA2X
0UMavUkH/A==
-----END CERTIFICATE-----