Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GOpnw4PtVjUhqilbw393Sks5QG0.cer
File:                     GOpnw4PtVjUhqilbw393Sks5QG0.cer (raw, json)
Hash identifier:          k5wrubT3+2S53P1o/R4BtduwUODpgP10U53SkRQgeLY=
Subject key identifier:   18:EA:67:C3:83:ED:56:35:21:AA:29:5B:C3:7F:77:4A:4B:39:40:6D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0191F6190AC3C1044616D617BE2C1CDB1E8F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/2/18EA67C383ED563521AA295BC37F774A4B39406D.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/2/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sun 15 Sep 2024 14:32:01 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198480

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f6:19:0a:c3:c1:04:46:16:d6:17:be:2c:1c:db:1e:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 15 14:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18ea67c383ed563521aa295bc37f774a4b39406d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:74:cc:9a:4e:16:37:d1:5e:be:f0:5f:8d:ea:
                    10:46:fa:88:43:d4:ab:bb:73:2e:30:0e:a3:e3:04:
                    df:5d:65:d8:56:16:5f:c3:af:2b:08:fa:73:0c:4b:
                    d7:ef:32:80:15:b2:f8:cd:e5:4a:37:0d:87:a4:b8:
                    0b:8c:d1:ab:1b:8c:ac:f1:5c:6a:07:1d:bc:d6:2f:
                    87:af:d2:4d:fd:ad:25:d0:16:47:1e:0f:cb:41:6a:
                    d5:6d:79:1c:09:60:e3:80:c3:0d:a5:5f:31:9f:6e:
                    f4:86:a6:ba:b5:4a:ed:e8:b3:3d:0b:8e:58:22:6b:
                    0d:b6:59:6f:6e:e1:06:42:b7:e7:6c:5f:17:27:b5:
                    d6:c9:7d:bc:c6:1f:66:bc:cc:8b:8e:85:be:a3:89:
                    2b:00:b9:ab:36:a2:f5:bd:dd:70:fc:ec:a0:a1:af:
                    d2:c1:96:b4:51:8d:c2:f0:fc:e2:45:f9:af:0b:8e:
                    2f:95:2d:b1:03:56:59:de:b9:66:3d:85:f8:08:96:
                    87:58:e4:da:39:62:ed:6b:6f:8c:52:eb:42:60:3c:
                    a9:1d:31:d6:d5:7a:c6:fe:47:0e:14:60:a4:f3:cc:
                    b9:0d:8b:2d:24:1a:16:b8:9a:61:5a:d7:49:31:22:
                    27:56:28:d2:62:df:0c:0c:68:f0:8a:26:f0:a7:a8:
                    2e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:EA:67:C3:83:ED:56:35:21:AA:29:5B:C3:7F:77:4A:4B:39:40:6D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/2/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/2/18EA67C383ED563521AA295BC37F774A4B39406D.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198480

    Signature Algorithm: sha256WithRSAEncryption
         33:d8:c8:3c:a5:d1:96:e2:9f:df:c9:15:21:9c:0a:a4:bf:40:
         ce:00:c8:1c:86:56:66:92:c8:84:81:ca:1e:51:e9:7a:7b:c4:
         db:2b:e3:a5:a1:8b:62:51:af:44:2e:02:d5:1c:1a:4f:ae:fa:
         79:cd:0f:d0:0d:66:f7:86:68:6a:a8:5b:3d:ac:cb:f9:79:d9:
         29:15:9f:f0:92:25:10:ac:fa:a1:96:76:25:91:fb:24:fe:37:
         3b:48:44:29:bd:08:e7:15:aa:1d:4d:ec:36:ce:18:f7:96:74:
         b0:35:2f:b7:4b:f5:e4:ce:b5:e3:91:76:3b:2c:89:9a:cf:c3:
         d6:30:1a:78:c2:57:f7:8a:f6:d9:ee:94:30:bf:8a:84:d7:e7:
         6b:50:bc:1d:77:68:81:43:dd:16:9c:98:18:47:8b:cd:9c:90:
         bf:ae:6d:ce:5d:87:eb:18:21:17:ca:7c:ff:f6:9d:d0:80:d5:
         1a:7b:6a:62:a0:56:79:06:02:a5:1a:ed:17:70:c6:83:ac:8d:
         44:37:47:f0:b2:52:32:ff:33:ba:4c:a6:96:e7:de:3a:11:c5:
         e2:2d:5c:fc:f8:0f:4d:f7:14:b6:11:21:8c:79:9b:52:66:f9:
         06:ef:d4:8f:b4:43:1b:d6:73:18:9e:70:7d:1a:cd:ef:86:88:
         27:df:d4:c0
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZH2GQrDwQRGFtYXviwc2x6PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTE1MTQzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGVhNjdjMzgzZWQ1NjM1MjFhYTI5NWJjMzdmNzc0YTRiMzk0MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3TMmk4WN9FevvBfjeoQRvqIQ9Sr
u3MuMA6j4wTfXWXYVhZfw68rCPpzDEvX7zKAFbL4zeVKNw2HpLgLjNGrG4ys8Vxq
Bx281i+Hr9JN/a0l0BZHHg/LQWrVbXkcCWDjgMMNpV8xn270hqa6tUrt6LM9C45Y
ImsNtllvbuEGQrfnbF8XJ7XWyX28xh9mvMyLjoW+o4krALmrNqL1vd1w/Oygoa/S
wZa0UY3C8PziRfmvC44vlS2xA1ZZ3rlmPYX4CJaHWOTaOWLta2+MUutCYDypHTHW
1XrG/kcOFGCk88y5DYstJBoWuJphWtdJMSInVijSYt8MDGjwiibwp6guBwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFBjqZ8OD7VY1IaopW8N/d0pLOUBtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzJhZjcz
YTljLTIwNTgtNDNiYi05YWM2LTVhYjQyZGZiZjQwOS8yLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmFm
NzNhOWMtMjA1OC00M2JiLTlhYzYtNWFiNDJkZmJmNDA5LzIvMThFQTY3QzM4M0VE
NTYzNTIxQUEyOTVCQzM3Rjc3NEE0QjM5NDA2RC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDB1Aw
DQYJKoZIhvcNAQELBQADggEBADPYyDyl0Zbin9/JFSGcCqS/QM4AyByGVmaSyISB
yh5R6Xp7xNsr46Whi2JRr0QuAtUcGk+u+nnND9ANZveGaGqoWz2sy/l52SkVn/CS
JRCs+qGWdiWR+yT+NztIRCm9COcVqh1N7DbOGPeWdLA1L7dL9eTOteORdjssiZrP
w9YwGnjCV/eK9tnulDC/ioTX52tQvB13aIFD3RacmBhHi82ckL+ubc5dh+sYIRfK
fP/2ndCA1Rp7amKgVnkGAqUa7RdwxoOsjUQ3R/CyUjL/M7pMppbn3joRxeItXPz4
D033FLYRIYx5m1Jm+Qbv1I+0QxvWcxiecH0aze+GiCff1MA=
-----END CERTIFICATE-----