Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0LG-yY55Rx7A4Q0cNFIGcZbJHBI.cer
File:                     0LG-yY55Rx7A4Q0cNFIGcZbJHBI.cer (raw, json)
Hash identifier:          7WfoUsuN5xAk/pG0f1qIrnPpg04YG1iOlLDUXvgDSTA=
Subject key identifier:   D0:B1:BE:C9:8E:79:47:1E:C0:E1:0D:1C:34:52:06:71:96:C9:1C:12
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A0FEE6D45B6240FB222C76A5143B3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/54/c88514-fad0-4d06-a138-da585e1970ed/1/0LG-yY55Rx7A4Q0cNFIGcZbJHBI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/54/c88514-fad0-4d06-a138-da585e1970ed/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.142.64.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Apr 2024 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0f:ee:6d:45:b6:24:0f:b2:22:c7:6a:51:43:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0b1bec98e79471ec0e10d1c3452067196c91c12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fb:bc:42:a1:53:e0:60:7e:be:f2:50:e1:d4:
                    0c:60:6d:c6:58:59:de:9c:5d:ad:70:1a:2f:ab:3b:
                    06:83:eb:10:36:7a:be:7a:63:ca:43:81:6f:15:29:
                    c0:3f:0b:38:20:17:02:80:e6:dc:1a:52:5b:55:b7:
                    2e:23:23:b1:84:23:4e:34:ce:d7:f7:e1:4e:ca:bf:
                    52:bf:3c:e0:e3:53:b2:a8:eb:fe:25:b9:4c:15:be:
                    16:1c:05:dd:77:93:eb:17:86:ba:15:bf:82:b8:60:
                    04:87:a7:fb:36:d3:94:52:34:40:e7:fd:3b:68:1d:
                    c7:fd:b7:72:d5:e9:df:a9:83:ca:8f:b0:a4:e2:e2:
                    3f:8a:d4:c1:e9:bf:39:09:32:55:3d:1c:27:24:8e:
                    2c:ed:9b:d5:15:b1:b2:6b:c6:9f:4b:27:ae:4d:98:
                    d2:a0:76:81:4c:9e:98:d0:cd:21:f8:64:cc:da:ae:
                    a7:a0:a0:37:95:cb:9d:9a:f0:d0:2a:ac:28:80:64:
                    c8:b3:73:5c:11:b7:4e:ee:b2:5d:e8:9e:0f:4e:75:
                    2b:e4:f4:d7:9e:76:ee:ce:6d:31:8d:00:43:34:7e:
                    e9:c6:76:ca:d6:ea:11:cc:38:90:88:c4:79:11:17:
                    34:62:90:be:7b:59:c7:00:13:0c:18:02:7e:71:83:
                    02:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:B1:BE:C9:8E:79:47:1E:C0:E1:0D:1C:34:52:06:71:96:C9:1C:12
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c88514-fad0-4d06-a138-da585e1970ed/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c88514-fad0-4d06-a138-da585e1970ed/1/0LG-yY55Rx7A4Q0cNFIGcZbJHBI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:56:61:51:1d:f6:86:38:99:74:d6:da:e9:de:c1:16:98:ca:
         d2:5d:8e:21:ba:bb:fb:dd:20:64:c9:1a:ac:85:9f:e6:7f:4f:
         3d:f0:73:3c:8f:56:c5:59:fe:b9:be:7c:63:b3:a8:1b:de:be:
         19:7e:32:85:4c:71:45:cf:55:01:90:28:54:b3:cc:2d:f6:b2:
         3a:46:41:e9:fa:39:9a:de:7a:1f:0a:55:7d:24:1a:1c:72:e7:
         8d:de:a3:94:fc:90:75:ae:5f:a4:43:6a:ef:a8:af:45:18:c8:
         ba:3a:ad:93:ee:0e:e1:24:5a:cb:3e:89:dc:8f:a6:ea:4b:fa:
         d0:41:b8:16:4b:1a:d3:8d:94:e6:6a:10:21:61:a9:4f:34:ca:
         cd:e3:90:6b:b2:a3:d7:c5:2d:7c:20:33:42:47:d9:89:87:ad:
         f5:ae:c3:af:05:dc:ae:dc:b4:7c:0a:89:7f:e8:e8:dd:65:e5:
         4f:ab:bc:a5:9e:67:6f:81:52:10:e0:b5:e1:60:1d:69:26:0e:
         2c:4f:4b:17:79:26:23:e3:ef:c9:c1:99:13:69:45:d3:7a:7c:
         4d:3b:d9:3a:b3:88:ea:32:38:40:b5:35:a7:13:76:2b:0b:54:
         62:9b:7c:3f:54:50:45:e3:08:e6:52:77:d7:4d:76:98:0a:db:
         f9:11:41:7d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzKKg/ubUW2JA+yIsdqUUOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGIxYmVjOThlNzk0NzFlYzBlMTBkMWMzNDUyMDY3MTk2YzkxYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/u8QqFT4GB+vvJQ4dQMYG3GWFne
nF2tcBovqzsGg+sQNnq+emPKQ4FvFSnAPws4IBcCgObcGlJbVbcuIyOxhCNONM7X
9+FOyr9Svzzg41OyqOv+JblMFb4WHAXdd5PrF4a6Fb+CuGAEh6f7NtOUUjRA5/07
aB3H/bdy1enfqYPKj7Ck4uI/itTB6b85CTJVPRwnJI4s7ZvVFbGya8afSyeuTZjS
oHaBTJ6Y0M0h+GTM2q6noKA3lcudmvDQKqwogGTIs3NcEbdO7rJd6J4PTnUr5PTX
nnbuzm0xjQBDNH7pxnbK1uoRzDiQiMR5ERc0YpC+e1nHABMMGAJ+cYMCOQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNCxvsmOeUcewOENHDRSBnGWyRwSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU0L2M4ODUx
NC1mYWQwLTRkMDYtYTEzOC1kYTU4NWUxOTcwZWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvYzg4NTE0
LWZhZDAtNGQwNi1hMTM4LWRhNTg1ZTE5NzBlZC8xLzBMRy15WTU1Ung3QTRRMGNO
RklHY1piSkhCSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLY5AMA0GCSqGSIb3DQEBCwUAA4IBAQBUVmFR
HfaGOJl01trp3sEWmMrSXY4hurv73SBkyRqshZ/mf0898HM8j1bFWf65vnxjs6gb
3r4ZfjKFTHFFz1UBkChUs8wt9rI6RkHp+jma3nofClV9JBoccueN3qOU/JB1rl+k
Q2rvqK9FGMi6Oq2T7g7hJFrLPoncj6bqS/rQQbgWSxrTjZTmahAhYalPNMrN45Br
sqPXxS18IDNCR9mJh631rsOvBdyu3LR8Col/6OjdZeVPq7ylnmdvgVIQ4LXhYB1p
Jg4sT0sXeSYj4+/JwZkTaUXTenxNO9k6s4jqMjhAtTWnE3YrC1Rim3w/VFBF4wjm
UnfXTXaYCtv5EUF9
-----END CERTIFICATE-----