Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zkyVbVLdh2NjwhME-cAl8H1fJjE.cer
File:                     zkyVbVLdh2NjwhME-cAl8H1fJjE.cer (raw, json)
Hash identifier:          U7s2I/IYCG0i7XVhWa0pnbBoMLfE1oZtXXvqE5BI8UU=
Subject key identifier:   CE:4C:95:6D:52:DD:87:63:63:C2:13:04:F9:C0:25:F0:7D:5F:26:31
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018DB7BF772661D058994BF20CE99B2B65EC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/aa/03a52d-f9b5-4f71-b428-2d90001570e1/1/zkyVbVLdh2NjwhME-cAl8H1fJjE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/aa/03a52d-f9b5-4f71-b428-2d90001570e1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 17 Feb 2024 15:46:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215500

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b7:bf:77:26:61:d0:58:99:4b:f2:0c:e9:9b:2b:65:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 17 15:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce4c956d52dd876363c21304f9c025f07d5f2631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f3:fa:b4:84:2d:82:7f:01:ae:07:6c:6b:2a:
                    36:b3:23:fa:4d:3a:22:9c:4e:55:7d:11:7a:c6:83:
                    c5:0f:2c:80:b4:ce:47:87:13:1a:f1:0d:07:a1:03:
                    08:a6:4c:55:82:74:5b:af:d1:06:b7:dd:15:73:3d:
                    a2:1a:a1:ac:a1:04:2c:b7:a9:42:b0:73:8f:3d:16:
                    2b:1d:84:80:71:ee:ad:3d:8f:f3:b1:a3:5d:26:6a:
                    c1:5c:a4:56:f9:cb:1d:4d:a0:5c:aa:fb:a7:29:49:
                    58:c2:2f:f8:25:bf:e8:bf:e8:c1:c4:a1:3f:f6:2b:
                    89:c1:ff:34:82:ba:e5:67:41:2b:8a:24:68:72:f2:
                    f3:2a:71:a2:fc:cb:31:d5:d0:4a:cb:76:d6:29:05:
                    1b:2d:b9:99:e8:ba:4b:3c:72:6d:c2:ee:c1:f9:88:
                    1f:02:18:b3:fe:d5:35:92:00:3b:88:3e:15:45:c6:
                    c4:77:dd:f1:f5:a8:86:6f:e9:42:d0:40:b5:3c:a2:
                    58:ab:6b:88:6c:7a:77:8b:07:37:84:dc:fc:8d:da:
                    a7:09:6e:d6:4f:d2:61:c5:6a:7f:f0:45:c6:a5:f8:
                    2a:79:ea:f1:3a:46:71:ce:24:35:86:9b:c9:72:4a:
                    7a:36:81:cb:14:2a:8e:14:b9:90:d1:49:7d:d3:11:
                    b2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:4C:95:6D:52:DD:87:63:63:C2:13:04:F9:C0:25:F0:7D:5F:26:31
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/03a52d-f9b5-4f71-b428-2d90001570e1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/03a52d-f9b5-4f71-b428-2d90001570e1/1/zkyVbVLdh2NjwhME-cAl8H1fJjE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215500

    Signature Algorithm: sha256WithRSAEncryption
         47:06:e6:84:21:69:e3:e3:18:88:b6:7f:86:20:13:1c:9f:3b:
         b6:7c:a7:9a:0c:2f:99:05:5c:78:cf:b2:fc:86:9e:61:5d:e1:
         c5:63:b9:c4:65:bf:b2:d5:60:3d:37:ab:53:58:a8:60:bf:9e:
         4a:14:96:04:8c:35:5b:9d:b9:3b:5f:d2:40:91:07:cd:50:64:
         d8:23:f2:17:aa:5d:52:56:08:3b:dc:ed:ef:85:0f:b7:2f:32:
         ae:e8:20:bc:d7:46:db:46:13:45:e9:2d:ee:49:2f:97:2c:64:
         97:2f:78:9e:bb:0e:3a:50:07:ad:a7:a1:ab:98:28:28:5f:39:
         e2:8d:6c:a0:c8:1e:22:8d:49:42:a5:a7:ed:9c:4c:f3:62:a0:
         6f:e1:2d:2b:1d:96:eb:e4:14:9b:e0:0d:5a:da:62:2f:bc:92:
         cc:d4:f0:41:fe:59:34:38:07:03:93:7d:13:21:10:c3:0d:21:
         9c:45:2b:61:9a:79:72:19:85:84:a1:ed:3b:1f:ef:c4:d4:ea:
         bb:d7:a6:1a:d1:eb:09:9c:9a:98:64:76:bf:d2:59:07:13:f2:
         84:ed:96:e0:71:02:7e:ae:5f:7d:14:97:c5:2c:55:21:8f:9a:
         a0:ad:de:02:fc:7e:a0:35:b9:99:4d:4b:4f:83:78:2c:e4:05:
         41:72:31:50
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY23v3cmYdBYmUvyDOmbK2XsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjE3MTU0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTRjOTU2ZDUyZGQ4NzYzNjNjMjEzMDRmOWMwMjVmMDdkNWYyNjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPP6tIQtgn8Brgdsayo2syP6TToi
nE5VfRF6xoPFDyyAtM5HhxMa8Q0HoQMIpkxVgnRbr9EGt90Vcz2iGqGsoQQst6lC
sHOPPRYrHYSAce6tPY/zsaNdJmrBXKRW+csdTaBcqvunKUlYwi/4Jb/ov+jBxKE/
9iuJwf80grrlZ0EriiRocvLzKnGi/Msx1dBKy3bWKQUbLbmZ6LpLPHJtwu7B+Ygf
Ahiz/tU1kgA7iD4VRcbEd93x9aiGb+lC0EC1PKJYq2uIbHp3iwc3hNz8jdqnCW7W
T9JhxWp/8EXGpfgqeerxOkZxziQ1hpvJckp6NoHLFCqOFLmQ0Ul90xGy3wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFM5MlW1S3YdjY8ITBPnAJfB9XyYxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FhLzAzYTUy
ZC1mOWI1LTRmNzEtYjQyOC0yZDkwMDAxNTcwZTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEvMDNhNTJk
LWY5YjUtNGY3MS1iNDI4LTJkOTAwMDE1NzBlMS8xL3preVZiVkxkaDJOandoTUUt
Y0FsOEgxZkpqRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNJzDANBgkqhkiG9w0BAQsFAAOCAQEARwbmhCFp4+MY
iLZ/hiATHJ87tnynmgwvmQVceM+y/IaeYV3hxWO5xGW/stVgPTerU1ioYL+eShSW
BIw1W525O1/SQJEHzVBk2CPyF6pdUlYIO9zt74UPty8yruggvNdG20YTRekt7kkv
lyxkly94nrsOOlAHraehq5goKF854o1soMgeIo1JQqWn7ZxM82Kgb+EtKx2W6+QU
m+ANWtpiL7ySzNTwQf5ZNDgHA5N9EyEQww0hnEUrYZp5chmFhKHtOx/vxNTqu9em
GtHrCZyamGR2v9JZBxPyhO2W4HECfq5ffRSXxSxVIY+aoK3eAvx+oDW5mU1LT4N4
LOQFQXIxUA==
-----END CERTIFICATE-----