Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ziLsmUVCynrKrdWHJ-RgarRJAEA.cer
File:                     ziLsmUVCynrKrdWHJ-RgarRJAEA.cer (raw, json)
Hash identifier:          5dN3zYACvM1v6Dby1yEgS1rhiOW9kW5QerQuacF22GM=
Subject key identifier:   CE:22:EC:99:45:42:CA:7A:CA:AD:D5:87:27:E4:60:6A:B4:49:00:40
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7258A7A2FED412E13DE7E6395BB6901
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/17/6d95f5-ceb5-4ae3-a943-b74a056dcbe3/1/ziLsmUVCynrKrdWHJ-RgarRJAEA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/17/6d95f5-ceb5-4ae3-a943-b74a056dcbe3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:29:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210840

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:8a:7a:2f:ed:41:2e:13:de:7e:63:95:bb:69:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce22ec994542ca7acaadd58727e4606ab4490040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a0:c0:cb:8f:c8:ab:69:1d:ad:4f:78:b0:45:
                    30:c1:8b:fe:d6:3b:69:56:7d:e6:f4:ac:2e:61:a5:
                    28:30:67:22:30:52:6d:16:c0:88:4b:8e:18:fc:c5:
                    eb:11:dd:1d:79:a5:2e:50:49:3f:d2:b1:66:cc:54:
                    d9:e0:ba:53:d4:23:6d:b9:4e:93:d3:f6:5d:f5:be:
                    47:90:e9:cc:e1:d6:48:0b:eb:d7:25:29:c0:b0:58:
                    ad:7c:70:1d:8d:25:79:0d:37:1e:4d:e4:91:9a:26:
                    0d:fa:7b:58:47:6a:b4:e2:1a:06:ff:11:a1:fa:9f:
                    9f:64:b4:77:ae:8d:b0:a5:72:ec:dd:61:e6:67:2c:
                    da:05:cc:4b:f1:f7:14:7a:7a:cf:66:19:d4:7b:f5:
                    d3:df:6e:0d:b7:fc:f9:8c:02:69:85:67:ea:ef:af:
                    30:b3:4c:27:0a:8f:87:7e:b5:dd:58:a0:fa:e4:a6:
                    31:d7:3b:3b:d1:07:b3:88:54:d1:75:dd:7a:52:ed:
                    e8:dd:82:f0:cf:15:c5:c4:d6:3f:39:40:1c:25:71:
                    7d:56:a3:e0:01:0e:ad:ee:13:44:4c:6b:d9:3f:c4:
                    13:ed:2a:58:b4:62:f4:12:3e:69:9c:5c:ce:77:98:
                    7e:be:5e:90:5f:06:b6:20:dd:62:5f:22:74:6e:aa:
                    92:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:22:EC:99:45:42:CA:7A:CA:AD:D5:87:27:E4:60:6A:B4:49:00:40
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/6d95f5-ceb5-4ae3-a943-b74a056dcbe3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/6d95f5-ceb5-4ae3-a943-b74a056dcbe3/1/ziLsmUVCynrKrdWHJ-RgarRJAEA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210840

    Signature Algorithm: sha256WithRSAEncryption
         51:d7:67:96:fd:11:cd:0e:2f:10:2e:b2:76:7c:e2:53:e4:3e:
         d5:b5:46:2d:68:2e:b0:cb:4e:6a:81:58:7f:88:ec:14:63:03:
         0d:96:b0:ef:4d:09:f8:da:21:93:80:58:6a:eb:07:6f:76:21:
         df:de:70:8b:b0:2b:79:ac:99:eb:23:24:a6:b4:18:47:1e:1c:
         f9:7f:5a:6c:01:91:f0:89:ff:be:76:8e:e5:23:d8:ca:ec:ac:
         1d:63:f7:c9:f2:05:08:99:d2:44:9b:18:0c:cf:23:10:86:43:
         34:d3:e0:31:dc:20:a7:92:15:63:09:38:26:10:3c:60:af:9d:
         32:8d:aa:d1:f9:7e:82:38:43:77:53:ab:11:bc:80:4c:16:87:
         08:17:58:2a:b7:8e:66:19:8d:19:fd:9b:8d:b3:70:7b:81:91:
         4c:6b:52:0d:4c:fd:0f:6a:a6:4a:b5:e7:2b:ee:ac:2f:b0:bf:
         f0:5d:89:dc:c2:15:13:b1:b7:7a:a8:cd:5b:a1:63:ae:c8:eb:
         cc:a6:c6:fe:9e:9e:db:f6:c9:be:00:a2:ed:7c:b6:8f:5c:f3:
         35:1f:9b:44:bd:1c:f8:a9:6e:4d:35:6b:c3:b3:97:0a:9d:dd:
         2d:7c:48:47:51:39:08:17:c5:cb:12:66:28:2a:28:8d:ab:e9:
         2f:82:a8:b1
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHJYp6L+1BLhPefmOVu2kBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTIyZWM5OTQ1NDJjYTdhY2FhZGQ1ODcyN2U0NjA2YWI0NDkwMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKDAy4/Iq2kdrU94sEUwwYv+1jtp
Vn3m9KwuYaUoMGciMFJtFsCIS44Y/MXrEd0deaUuUEk/0rFmzFTZ4LpT1CNtuU6T
0/Zd9b5HkOnM4dZIC+vXJSnAsFitfHAdjSV5DTceTeSRmiYN+ntYR2q04hoG/xGh
+p+fZLR3ro2wpXLs3WHmZyzaBcxL8fcUenrPZhnUe/XT324Nt/z5jAJphWfq768w
s0wnCo+HfrXdWKD65KYx1zs70QeziFTRdd16Uu3o3YLwzxXFxNY/OUAcJXF9VqPg
AQ6t7hNETGvZP8QT7SpYtGL0Ej5pnFzOd5h+vl6QXwa2IN1iXyJ0bqqSjQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFM4i7JlFQsp6yq3VhyfkYGq0SQBAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE3LzZkOTVm
NS1jZWI1LTRhZTMtYTk0My1iNzRhMDU2ZGNiZTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcvNmQ5NWY1
LWNlYjUtNGFlMy1hOTQzLWI3NGEwNTZkY2JlMy8xL3ppTHNtVVZDeW5yS3JkV0hK
LVJnYXJSSkFFQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM3mDANBgkqhkiG9w0BAQsFAAOCAQEAUddnlv0RzQ4v
EC6ydnziU+Q+1bVGLWgusMtOaoFYf4jsFGMDDZaw700J+Nohk4BYausHb3Yh395w
i7AreayZ6yMkprQYRx4c+X9abAGR8In/vnaO5SPYyuysHWP3yfIFCJnSRJsYDM8j
EIZDNNPgMdwgp5IVYwk4JhA8YK+dMo2q0fl+gjhDd1OrEbyATBaHCBdYKreOZhmN
Gf2bjbNwe4GRTGtSDUz9D2qmSrXnK+6sL7C/8F2J3MIVE7G3eqjNW6FjrsjrzKbG
/p6e2/bJvgCi7Xy2j1zzNR+bRL0c+KluTTVrw7OXCp3dLXxIR1E5CBfFyxJmKCoo
javpL4KosQ==
-----END CERTIFICATE-----