Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/z2ASbNrG3tvrAMNC8Kdya2nooOo.cer
File:                     z2ASbNrG3tvrAMNC8Kdya2nooOo.cer (raw, json)
Hash identifier:          aXGdE5yr5CyV6pc+Nqw5aMyT+8cB9KfmENRGK90M6YU=
Subject key identifier:   CF:60:12:6C:DA:C6:DE:DB:EB:00:C3:42:F0:A7:72:6B:69:E8:A0:EA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC288AAF531C02B13CCC5A101FA4DDBFE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/16/CF60126CDAC6DEDBEB00C342F0A7726B69E8A0EA.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/16/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:59:45 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 203414

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:88:aa:f5:31:c0:2b:13:cc:c5:a1:01:fa:4d:db:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:59:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf60126cdac6dedbeb00c342f0a7726b69e8a0ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d3:83:76:dd:26:9f:0c:aa:90:b5:9a:df:e1:
                    1c:91:18:18:cc:0b:e1:d8:4d:9c:2b:35:75:71:f6:
                    11:bf:f6:6d:6e:a2:a8:c7:37:4e:13:84:7b:19:a7:
                    4d:9d:d3:70:11:fd:4b:6f:25:dd:87:8d:8b:75:fb:
                    42:64:6a:88:c0:04:55:34:9b:53:fa:98:07:90:e5:
                    9d:69:f5:66:ff:9c:56:2e:01:f3:f3:87:7a:67:e4:
                    cb:e2:e5:ad:f1:b3:f1:b9:84:c3:05:aa:eb:c9:d3:
                    9b:32:38:5a:e3:f5:2c:94:c4:5e:8f:5f:2b:63:54:
                    11:36:f8:3a:96:c3:77:97:0f:24:6c:c3:42:be:fe:
                    f5:ca:f5:c4:24:13:c6:cc:56:bf:fd:2a:14:bf:a2:
                    a4:3f:ad:f3:20:a7:d4:ad:2b:bb:f0:40:9f:3e:6d:
                    28:1e:5a:a3:0d:33:15:e7:9e:e1:f5:c0:90:c0:a7:
                    7e:0e:a1:e4:2a:9b:f6:f6:c5:3b:08:df:98:97:02:
                    dc:2a:b3:94:af:e5:b0:1d:71:ea:b7:23:7c:40:6c:
                    74:b2:82:23:3b:f9:e4:86:44:b3:d7:2f:af:1e:a7:
                    97:ea:8c:97:75:22:c6:4a:85:ba:17:a9:d4:77:b8:
                    58:80:e2:a2:4a:3a:6b:1c:8b:d6:39:ad:5e:60:50:
                    8b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:60:12:6C:DA:C6:DE:DB:EB:00:C3:42:F0:A7:72:6B:69:E8:A0:EA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/16/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/16/CF60126CDAC6DEDBEB00C342F0A7726B69E8A0EA.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203414

    Signature Algorithm: sha256WithRSAEncryption
         ae:18:5f:95:ba:14:e8:55:ad:98:cb:26:4a:e3:c9:22:92:77:
         ef:7e:cf:33:2e:e0:8f:cc:18:7d:19:f1:d8:3a:cf:f0:91:55:
         af:b0:e1:3e:ef:be:eb:0f:5c:22:c8:ce:b7:6d:b8:a9:7c:91:
         a1:17:d5:51:69:b4:7a:b8:74:4b:78:9d:25:22:2e:0f:d1:54:
         68:6d:e1:92:15:2c:8f:b6:fd:e2:71:e9:e6:aa:0a:85:59:1f:
         c9:b2:49:e9:bf:7e:5a:e0:5f:f6:cc:92:45:ed:a7:ce:ef:1c:
         76:5c:04:08:c7:0e:78:57:8b:0e:cf:16:89:a9:2d:f1:72:2d:
         c6:f7:39:98:d6:64:3f:db:5e:20:34:dc:cf:76:b3:b1:1a:2a:
         e3:88:5c:c8:a7:03:97:0c:7e:66:13:08:16:83:63:c2:4e:e8:
         d2:28:83:8f:06:98:d0:9c:e5:99:12:10:35:66:2f:d9:82:3a:
         2b:3e:c5:05:41:c9:8e:43:fe:51:6c:71:f2:ca:29:22:b7:b2:
         61:7d:d0:14:74:dd:d8:62:9b:87:f4:73:0d:0f:af:1a:15:e2:
         1f:4e:3e:e9:72:57:0a:1a:17:58:c9:01:60:e6:be:5e:da:51:
         a3:79:af:fb:4c:4f:ec:1f:08:79:be:52:fc:d7:b5:92:39:4f:
         48:6f:c4:8e
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAYzCiKr1McArE8zFoQH6Tdv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDA1OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjYwMTI2Y2RhYzZkZWRiZWIwMGMzNDJmMGE3NzI2YjY5ZThhMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdODdt0mnwyqkLWa3+EckRgYzAvh
2E2cKzV1cfYRv/ZtbqKoxzdOE4R7GadNndNwEf1LbyXdh42LdftCZGqIwARVNJtT
+pgHkOWdafVm/5xWLgHz84d6Z+TL4uWt8bPxuYTDBarrydObMjha4/UslMRej18r
Y1QRNvg6lsN3lw8kbMNCvv71yvXEJBPGzFa//SoUv6KkP63zIKfUrSu78ECfPm0o
HlqjDTMV557h9cCQwKd+DqHkKpv29sU7CN+YlwLcKrOUr+WwHXHqtyN8QGx0soIj
O/nkhkSz1y+vHqeX6oyXdSLGSoW6F6nUd7hYgOKiSjprHIvWOa1eYFCLAwIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFM9gEmzaxt7b6wDDQvCncmtp6KDqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggFCBggrBgEFBQcBCwSCATQwggEwMGAGCCsGAQUFBzAFhlRy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdiNTc1
ZWE3LTc4NmYtNGIyZC1hNDU1LTc5ZDdmYzQzZWNlZS8xNi8wgY0GCCsGAQUFBzAK
hoGAcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS83
YjU3NWVhNy03ODZmLTRiMmQtYTQ1NS03OWQ3ZmM0M2VjZWUvMTYvQ0Y2MDEyNkNE
QUM2REVEQkVCMDBDMzQyRjBBNzcyNkI2OUU4QTBFQS5tZnQwPAYIKwYBBQUHMA2G
MGh0dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnht
bDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMD
GpYwDQYJKoZIhvcNAQELBQADggEBAK4YX5W6FOhVrZjLJkrjySKSd+9+zzMu4I/M
GH0Z8dg6z/CRVa+w4T7vvusPXCLIzrdtuKl8kaEX1VFptHq4dEt4nSUiLg/RVGht
4ZIVLI+2/eJx6eaqCoVZH8mySem/flrgX/bMkkXtp87vHHZcBAjHDnhXiw7PFomp
LfFyLcb3OZjWZD/bXiA03M92s7EaKuOIXMinA5cMfmYTCBaDY8JO6NIog48GmNCc
5ZkSEDVmL9mCOis+xQVByY5D/lFscfLKKSK3smF90BR03dhim4f0cw0PrxoV4h9O
PulyVwoaF1jJAWDmvl7aUaN5r/tMT+wfCHm+UvzXtZI5T0hvxI4=
-----END CERTIFICATE-----