Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/z8Jqbe8uL_HrzBCphxR4uKi_OQg.cer
File:                     z8Jqbe8uL_HrzBCphxR4uKi_OQg.cer (raw, json)
Hash identifier:          yRt9RDELYM2vyBFUFMnwybaEz+XP2SJhrTnVj5dm0Bo=
Subject key identifier:   CF:C2:6A:6D:EF:2E:2F:F1:EB:CC:10:A9:87:14:78:B8:A8:BF:39:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3C1F301D53BFA51BF9D3D945B86B756
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/CFC26A6DEF2E2FF1EBCC10A9871478B8A8BF3908.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:41:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 59993

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:c1:f3:01:d5:3b:fa:51:bf:9d:3d:94:5b:86:b7:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:41:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfc26a6def2e2ff1ebcc10a9871478b8a8bf3908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bc:77:3b:ec:7c:b1:bc:62:1a:18:5e:7d:ee:
                    e0:b5:d6:07:14:3e:af:85:ed:3f:2e:9a:2a:fd:94:
                    2e:7f:a4:ea:e6:ef:fe:b5:91:a7:c9:14:c2:4a:bc:
                    b0:ef:da:1d:f6:e4:90:33:3d:90:11:74:1a:88:f0:
                    47:e3:29:d4:96:55:60:84:73:c0:ff:d3:0a:ad:64:
                    4b:89:fe:72:cf:60:f3:d2:d4:f6:a4:41:a8:27:78:
                    03:8a:21:f3:26:31:cc:4d:dd:54:b2:08:37:4f:00:
                    18:b0:7e:73:f5:58:31:02:6d:d7:10:ca:a1:11:84:
                    6a:b7:b8:46:bb:bb:5e:2e:67:a1:04:93:d2:d0:3f:
                    fb:32:39:60:3a:5e:c9:50:ac:49:68:06:4b:5c:70:
                    c4:e1:4a:5e:4f:6e:ae:b4:f3:e0:0f:ff:8b:f1:2f:
                    43:a3:de:f9:fc:f3:e1:65:74:ee:07:dc:36:8a:e0:
                    f6:4a:cc:6b:85:8e:d5:73:b7:ab:8a:5b:d2:55:44:
                    38:f4:e0:63:06:9e:bc:88:24:5d:96:07:97:97:9c:
                    50:15:bc:46:57:75:ed:4e:b6:28:6f:a1:a1:b4:36:
                    8e:e5:c7:05:73:22:c4:66:a0:7f:f5:33:e9:97:53:
                    36:78:51:d5:1a:fb:aa:46:e3:28:4c:61:b1:4d:48:
                    de:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C2:6A:6D:EF:2E:2F:F1:EB:CC:10:A9:87:14:78:B8:A8:BF:39:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/CFC26A6DEF2E2FF1EBCC10A9871478B8A8BF3908.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  59993

    Signature Algorithm: sha256WithRSAEncryption
         23:14:12:d3:64:0b:cf:9a:3c:61:cf:e5:3f:43:8c:d3:0c:0d:
         0e:81:db:ee:e8:63:93:f4:cf:cc:be:3d:c5:4b:88:21:e9:b7:
         32:0c:00:c0:75:29:79:0a:b1:94:a6:7f:14:5f:e9:3e:27:09:
         22:97:bc:f1:63:ac:e2:80:21:49:7c:c6:f9:bc:6d:85:18:3f:
         1c:93:31:c5:6f:6c:fd:bb:2b:7e:62:c7:fd:0d:26:9d:53:98:
         87:a5:07:aa:f4:e8:c0:7c:64:a1:b2:ee:1c:cf:7f:1a:ad:43:
         bb:84:4b:01:6b:e5:b1:9e:16:c4:25:50:e3:b1:d9:e0:d7:0a:
         ad:69:5a:c8:c8:3a:40:aa:9a:8f:ff:d4:ff:fc:53:c0:d0:d3:
         c4:30:e8:87:9a:c0:44:6c:4c:71:0b:df:4c:b4:83:ad:8d:32:
         39:3c:b8:bc:8a:38:ab:25:39:0a:8d:c2:db:03:d9:4b:4d:da:
         41:c5:ab:b4:6f:08:68:05:b3:1f:e9:03:2c:ad:9a:3a:fb:b4:
         55:ec:3a:82:48:00:75:79:e9:41:5e:8e:cb:cf:74:d5:a0:fc:
         c2:36:4b:0d:3c:10:e4:79:bf:6b:7d:16:62:8b:33:46:ce:a9:
         27:f4:64:b2:1b:47:2d:b8:b0:1c:56:ad:f1:80:d9:7f:70:6e:
         b1:46:69:8c
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYzDwfMB1Tv6Ub+dPZRbhrdWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDY0MTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmMyNmE2ZGVmMmUyZmYxZWJjYzEwYTk4NzE0NzhiOGE4YmYzOTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbx3O+x8sbxiGhhefe7gtdYHFD6v
he0/Lpoq/ZQuf6Tq5u/+tZGnyRTCSryw79od9uSQMz2QEXQaiPBH4ynUllVghHPA
/9MKrWRLif5yz2Dz0tT2pEGoJ3gDiiHzJjHMTd1Usgg3TwAYsH5z9VgxAm3XEMqh
EYRqt7hGu7teLmehBJPS0D/7MjlgOl7JUKxJaAZLXHDE4UpeT26utPPgD/+L8S9D
o975/PPhZXTuB9w2iuD2SsxrhY7Vc7erilvSVUQ49OBjBp68iCRdlgeXl5xQFbxG
V3XtTrYob6GhtDaO5ccFcyLEZqB/9TPpl1M2eFHVGvuqRuMoTGGxTUjeqwIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFM/Cam3vLi/x68wQqYcUeLiovzkIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE+BggrBgEFBQcBCwSCATAwggEsMF4GCCsGAQUFBzAFhlJy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2FlNmVk
ZWVjLTA4YmEtNGNkZS04OTc5LTRmYWVhNGIxYmMxMi85MIGLBggrBgEFBQcwCoZ/
cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9hZTZl
ZGVlYy0wOGJhLTRjZGUtODk3OS00ZmFlYTRiMWJjMTIvOS9DRkMyNkE2REVGMkUy
RkYxRUJDQzEwQTk4NzE0NzhCOEE4QkYzOTA4Lm1mdDA8BggrBgEFBQcwDYYwaHR0
cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3RpZmljYXRpb24ueG1sMFkG
A1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwDqWTAN
BgkqhkiG9w0BAQsFAAOCAQEAIxQS02QLz5o8Yc/lP0OM0wwNDoHb7uhjk/TPzL49
xUuIIem3MgwAwHUpeQqxlKZ/FF/pPicJIpe88WOs4oAhSXzG+bxthRg/HJMxxW9s
/bsrfmLH/Q0mnVOYh6UHqvTowHxkobLuHM9/Gq1Du4RLAWvlsZ4WxCVQ47HZ4NcK
rWlayMg6QKqaj//U//xTwNDTxDDoh5rARGxMcQvfTLSDrY0yOTy4vIo4qyU5Co3C
2wPZS03aQcWrtG8IaAWzH+kDLK2aOvu0Vew6gkgAdXnpQV6Oy8901aD8wjZLDTwQ
5Hm/a30WYoszRs6pJ/RkshtHLbiwHFat8YDZf3BusUZpjA==
-----END CERTIFICATE-----