Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/z8Jqbe8uL_HrzBCphxR4uKi_OQg.cer
File:                     z8Jqbe8uL_HrzBCphxR4uKi_OQg.cer (raw, json)
Hash identifier:          25JK3/99ryKz9u0aBiO+u8B/az2NrE8SiUqqU7uAGSo=
Subject key identifier:   CF:C2:6A:6D:EF:2E:2F:F1:EB:CC:10:A9:87:14:78:B8:A8:BF:39:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0191DBD3095B3A564895722FE35A89DF3EFA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/CFC26A6DEF2E2FF1EBCC10A9871478B8A8BF3908.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Tue 10 Sep 2024 12:05:26 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 59993

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:db:d3:09:5b:3a:56:48:95:72:2f:e3:5a:89:df:3e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 10 12:05:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfc26a6def2e2ff1ebcc10a9871478b8a8bf3908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bc:77:3b:ec:7c:b1:bc:62:1a:18:5e:7d:ee:
                    e0:b5:d6:07:14:3e:af:85:ed:3f:2e:9a:2a:fd:94:
                    2e:7f:a4:ea:e6:ef:fe:b5:91:a7:c9:14:c2:4a:bc:
                    b0:ef:da:1d:f6:e4:90:33:3d:90:11:74:1a:88:f0:
                    47:e3:29:d4:96:55:60:84:73:c0:ff:d3:0a:ad:64:
                    4b:89:fe:72:cf:60:f3:d2:d4:f6:a4:41:a8:27:78:
                    03:8a:21:f3:26:31:cc:4d:dd:54:b2:08:37:4f:00:
                    18:b0:7e:73:f5:58:31:02:6d:d7:10:ca:a1:11:84:
                    6a:b7:b8:46:bb:bb:5e:2e:67:a1:04:93:d2:d0:3f:
                    fb:32:39:60:3a:5e:c9:50:ac:49:68:06:4b:5c:70:
                    c4:e1:4a:5e:4f:6e:ae:b4:f3:e0:0f:ff:8b:f1:2f:
                    43:a3:de:f9:fc:f3:e1:65:74:ee:07:dc:36:8a:e0:
                    f6:4a:cc:6b:85:8e:d5:73:b7:ab:8a:5b:d2:55:44:
                    38:f4:e0:63:06:9e:bc:88:24:5d:96:07:97:97:9c:
                    50:15:bc:46:57:75:ed:4e:b6:28:6f:a1:a1:b4:36:
                    8e:e5:c7:05:73:22:c4:66:a0:7f:f5:33:e9:97:53:
                    36:78:51:d5:1a:fb:aa:46:e3:28:4c:61:b1:4d:48:
                    de:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C2:6A:6D:EF:2E:2F:F1:EB:CC:10:A9:87:14:78:B8:A8:BF:39:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/CFC26A6DEF2E2FF1EBCC10A9871478B8A8BF3908.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  59993

    Signature Algorithm: sha256WithRSAEncryption
         2d:43:e6:e9:6d:1b:d0:c7:b4:b6:8f:f9:49:de:8b:1c:18:91:
         e8:6c:e1:5b:3e:6c:9f:13:9c:57:fd:f2:50:08:24:42:59:66:
         d1:f6:78:b8:e7:4a:80:78:ac:8d:aa:7d:8e:79:e0:79:3e:8c:
         cb:11:ad:20:de:1c:5c:a8:0c:c6:7e:f5:e0:4e:c2:fa:94:da:
         0a:3e:12:4c:cb:0a:37:47:7b:d4:da:cf:36:ef:de:c3:2f:03:
         97:9a:9b:b3:98:c2:28:2e:bd:7f:a9:01:ac:44:56:4a:71:bd:
         94:79:fb:84:1e:b2:ed:bf:03:2f:7a:e3:86:7e:db:31:03:57:
         d3:f8:b8:35:41:9c:7e:75:c4:43:ce:0e:d6:28:eb:b7:11:84:
         f4:d9:52:14:90:a2:36:69:63:e8:cf:19:2f:ac:14:fd:cd:3e:
         a0:8b:45:73:67:25:09:1a:5e:f5:a0:52:31:f1:c1:32:6d:51:
         b4:84:33:69:97:93:35:a2:d7:1a:c9:17:4d:da:5a:b7:90:d6:
         18:e2:92:55:2f:d6:22:d6:89:8f:72:19:3d:05:55:02:95:f3:
         85:b4:19:9a:da:da:fa:f5:63:a6:4f:b7:be:57:07:70:4e:5f:
         73:be:37:6f:72:1c:b9:41:1d:19:df:5b:74:8d:32:2e:29:36:
         26:88:9f:ce
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZHb0wlbOlZIlXIv41qJ3z76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTEwMTIwNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmMyNmE2ZGVmMmUyZmYxZWJjYzEwYTk4NzE0NzhiOGE4YmYzOTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbx3O+x8sbxiGhhefe7gtdYHFD6v
he0/Lpoq/ZQuf6Tq5u/+tZGnyRTCSryw79od9uSQMz2QEXQaiPBH4ynUllVghHPA
/9MKrWRLif5yz2Dz0tT2pEGoJ3gDiiHzJjHMTd1Usgg3TwAYsH5z9VgxAm3XEMqh
EYRqt7hGu7teLmehBJPS0D/7MjlgOl7JUKxJaAZLXHDE4UpeT26utPPgD/+L8S9D
o975/PPhZXTuB9w2iuD2SsxrhY7Vc7erilvSVUQ49OBjBp68iCRdlgeXl5xQFbxG
V3XtTrYob6GhtDaO5ccFcyLEZqB/9TPpl1M2eFHVGvuqRuMoTGGxTUjeqwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFM/Cam3vLi/x68wQqYcUeLiovzkIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2FlNmVk
ZWVjLTA4YmEtNGNkZS04OTc5LTRmYWVhNGIxYmMxMi85LzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWU2
ZWRlZWMtMDhiYS00Y2RlLTg5NzktNGZhZWE0YjFiYzEyLzkvQ0ZDMjZBNkRFRjJF
MkZGMUVCQ0MxMEE5ODcxNDc4QjhBOEJGMzkwOC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMA6lkw
DQYJKoZIhvcNAQELBQADggEBAC1D5ultG9DHtLaP+UneixwYkehs4Vs+bJ8TnFf9
8lAIJEJZZtH2eLjnSoB4rI2qfY554Hk+jMsRrSDeHFyoDMZ+9eBOwvqU2go+EkzL
CjdHe9Tazzbv3sMvA5eam7OYwiguvX+pAaxEVkpxvZR5+4Qesu2/Ay9644Z+2zED
V9P4uDVBnH51xEPODtYo67cRhPTZUhSQojZpY+jPGS+sFP3NPqCLRXNnJQkaXvWg
UjHxwTJtUbSEM2mXkzWi1xrJF03aWreQ1hjiklUv1iLWiY9yGT0FVQKV84W0GZra
2vr1Y6ZPt75XB3BOX3O+N29yHLlBHRnfW3SNMi4pNiaIn84=
-----END CERTIFICATE-----