Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/z8Jqbe8uL_HrzBCphxR4uKi_OQg.cer
File:                     z8Jqbe8uL_HrzBCphxR4uKi_OQg.cer (raw, json)
Hash identifier:          4LCe8NfzqQWrlV8Ut+O2FV7nPtCLWNEFSOjL4VevPQs=
Subject key identifier:   CF:C2:6A:6D:EF:2E:2F:F1:EB:CC:10:A9:87:14:78:B8:A8:BF:39:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D613C6AC4FD8AC7BC000EF88F332C3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/CFC26A6DEF2E2FF1EBCC10A9871478B8A8BF3908.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:08 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 59993
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:13:c6:ac:4f:d8:ac:7b:c0:00:ef:88:f3:32:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfc26a6def2e2ff1ebcc10a9871478b8a8bf3908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bc:77:3b:ec:7c:b1:bc:62:1a:18:5e:7d:ee:
                    e0:b5:d6:07:14:3e:af:85:ed:3f:2e:9a:2a:fd:94:
                    2e:7f:a4:ea:e6:ef:fe:b5:91:a7:c9:14:c2:4a:bc:
                    b0:ef:da:1d:f6:e4:90:33:3d:90:11:74:1a:88:f0:
                    47:e3:29:d4:96:55:60:84:73:c0:ff:d3:0a:ad:64:
                    4b:89:fe:72:cf:60:f3:d2:d4:f6:a4:41:a8:27:78:
                    03:8a:21:f3:26:31:cc:4d:dd:54:b2:08:37:4f:00:
                    18:b0:7e:73:f5:58:31:02:6d:d7:10:ca:a1:11:84:
                    6a:b7:b8:46:bb:bb:5e:2e:67:a1:04:93:d2:d0:3f:
                    fb:32:39:60:3a:5e:c9:50:ac:49:68:06:4b:5c:70:
                    c4:e1:4a:5e:4f:6e:ae:b4:f3:e0:0f:ff:8b:f1:2f:
                    43:a3:de:f9:fc:f3:e1:65:74:ee:07:dc:36:8a:e0:
                    f6:4a:cc:6b:85:8e:d5:73:b7:ab:8a:5b:d2:55:44:
                    38:f4:e0:63:06:9e:bc:88:24:5d:96:07:97:97:9c:
                    50:15:bc:46:57:75:ed:4e:b6:28:6f:a1:a1:b4:36:
                    8e:e5:c7:05:73:22:c4:66:a0:7f:f5:33:e9:97:53:
                    36:78:51:d5:1a:fb:aa:46:e3:28:4c:61:b1:4d:48:
                    de:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C2:6A:6D:EF:2E:2F:F1:EB:CC:10:A9:87:14:78:B8:A8:BF:39:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/9/CFC26A6DEF2E2FF1EBCC10A9871478B8A8BF3908.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  59993

    Signature Algorithm: sha256WithRSAEncryption
         6e:35:73:da:2e:fe:5a:47:ad:65:bf:62:9c:92:7c:ff:65:5b:
         7a:c2:39:4f:ba:d6:60:ca:92:6b:79:06:ae:b3:22:14:61:e3:
         39:d9:ce:71:cf:16:0d:9a:aa:e8:21:a0:88:87:ed:16:49:f7:
         db:2a:8c:20:88:99:cb:cb:56:2a:1e:bc:28:08:55:0d:10:c8:
         17:f6:d0:6f:c6:9e:ff:49:42:07:c6:85:79:8c:43:6a:81:cf:
         e9:80:3e:21:ab:ff:34:ca:ed:c9:9a:36:09:c0:11:8f:41:31:
         74:8a:e9:55:1f:fa:52:1f:d1:a2:25:56:75:b2:1d:a8:db:de:
         34:96:84:15:6a:e5:e9:eb:88:10:11:f5:27:f0:18:0d:af:21:
         7d:72:fa:b2:95:12:b0:43:e6:80:5b:49:e6:17:3b:e0:dc:87:
         b9:79:84:83:38:fc:e2:ea:25:d9:1a:40:31:8d:03:92:a8:03:
         91:fe:17:04:96:b0:a3:18:05:03:4b:0c:68:f0:46:13:13:13:
         27:64:95:09:14:de:9d:a6:f2:01:43:44:88:76:07:0f:9b:ea:
         5d:c7:58:a1:34:80:c6:e8:8a:70:d2:d8:8c:41:45:52:2a:3d:
         2a:b3:f9:e1:70:5d:d1:04:ff:09:af:43:59:d8:24:fa:7f:8c:
         11:b4:2d:c3
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZQg1hPGrE/YrHvAAO+I8zLDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmMyNmE2ZGVmMmUyZmYxZWJjYzEwYTk4NzE0NzhiOGE4YmYzOTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbx3O+x8sbxiGhhefe7gtdYHFD6v
he0/Lpoq/ZQuf6Tq5u/+tZGnyRTCSryw79od9uSQMz2QEXQaiPBH4ynUllVghHPA
/9MKrWRLif5yz2Dz0tT2pEGoJ3gDiiHzJjHMTd1Usgg3TwAYsH5z9VgxAm3XEMqh
EYRqt7hGu7teLmehBJPS0D/7MjlgOl7JUKxJaAZLXHDE4UpeT26utPPgD/+L8S9D
o975/PPhZXTuB9w2iuD2SsxrhY7Vc7erilvSVUQ49OBjBp68iCRdlgeXl5xQFbxG
V3XtTrYob6GhtDaO5ccFcyLEZqB/9TPpl1M2eFHVGvuqRuMoTGGxTUjeqwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFM/Cam3vLi/x68wQqYcUeLiovzkIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2FlNmVk
ZWVjLTA4YmEtNGNkZS04OTc5LTRmYWVhNGIxYmMxMi85LzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWU2
ZWRlZWMtMDhiYS00Y2RlLTg5NzktNGZhZWE0YjFiYzEyLzkvQ0ZDMjZBNkRFRjJF
MkZGMUVCQ0MxMEE5ODcxNDc4QjhBOEJGMzkwOC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMA6lkw
DQYJKoZIhvcNAQELBQADggEBAG41c9ou/lpHrWW/YpySfP9lW3rCOU+61mDKkmt5
Bq6zIhRh4znZznHPFg2aqughoIiH7RZJ99sqjCCImcvLVioevCgIVQ0QyBf20G/G
nv9JQgfGhXmMQ2qBz+mAPiGr/zTK7cmaNgnAEY9BMXSK6VUf+lIf0aIlVnWyHajb
3jSWhBVq5enriBAR9SfwGA2vIX1y+rKVErBD5oBbSeYXO+Dch7l5hIM4/OLqJdka
QDGNA5KoA5H+FwSWsKMYBQNLDGjwRhMTEydklQkU3p2m8gFDRIh2Bw+b6l3HWKE0
gMboinDS2IxBRVIqPSqz+eFwXdEE/wmvQ1nYJPp/jBG0LcM=
-----END CERTIFICATE-----