Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0OhNbWqe7eaC7xtcePGz8KMxORE.cer
File:                     0OhNbWqe7eaC7xtcePGz8KMxORE.cer (raw, json)
Hash identifier:          j5bhsFPLkVGT6QyFgIqCIHc5sSVLIpdABZbtsDc2B8Q=
Subject key identifier:   D0:E8:4D:6D:6A:9E:ED:E6:82:EF:1B:5C:78:F1:B3:F0:A3:31:39:11
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FDD02DBA4D76D164FA5803C64811F9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/0OhNbWqe7eaC7xtcePGz8KMxORE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:49:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 13154
                          IP: 193.105.161.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 14:19:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d0:2d:ba:4d:76:d1:64:fa:58:03:c6:48:11:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0e84d6d6a9eede682ef1b5c78f1b3f0a3313911
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:3a:44:32:1b:aa:f3:a5:be:42:1c:d7:35:1c:
                    73:1a:93:58:93:30:f6:fc:fd:22:3d:e2:17:cb:87:
                    62:10:06:5a:a9:df:4a:6e:c8:ff:89:11:b3:04:3e:
                    1e:c0:93:65:ad:af:1b:75:24:db:d8:a7:bc:4a:56:
                    23:1f:b5:b4:86:10:37:bc:4e:c3:2e:58:9e:b9:c5:
                    da:9c:fa:b4:18:a0:f7:59:c8:6a:a6:28:df:2d:aa:
                    03:87:41:cb:9b:ae:78:7a:b0:0e:45:67:dd:d8:cc:
                    08:e4:16:50:08:80:f4:44:d3:64:19:c1:4b:52:ca:
                    77:af:c2:95:0d:e0:fa:f2:1e:8c:27:8e:3b:8e:fe:
                    08:e4:e4:69:15:d4:62:65:e8:52:17:06:3e:b4:02:
                    61:ec:04:8e:af:b6:c5:ae:4a:50:19:66:ea:0a:35:
                    92:ab:07:b9:93:63:29:bb:e7:3f:22:f4:dc:63:5c:
                    44:39:c9:a6:c8:c7:da:ba:85:e3:ab:70:e3:c0:45:
                    09:78:8e:1f:74:3e:dd:06:ca:2a:93:4c:bb:54:0f:
                    9b:22:91:93:bd:3c:b2:da:c6:40:3a:cd:94:a0:50:
                    22:2a:13:1e:be:71:ee:02:5e:73:18:f2:36:cf:25:
                    a7:a7:79:b7:4f:d0:62:77:8b:7d:62:4d:b0:eb:25:
                    d6:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E8:4D:6D:6A:9E:ED:E6:82:EF:1B:5C:78:F1:B3:F0:A3:31:39:11
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/0OhNbWqe7eaC7xtcePGz8KMxORE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.161.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  13154

    Signature Algorithm: sha256WithRSAEncryption
         16:29:03:8c:47:88:88:5d:5f:a1:97:44:ca:44:f3:e5:ce:9c:
         86:ac:ce:80:70:90:63:20:de:d7:10:e2:99:49:b2:31:1f:ea:
         3d:72:0c:73:cf:fd:fa:d5:b8:f0:79:23:40:57:2f:22:af:f1:
         a6:d3:19:3f:27:e0:97:91:b6:6d:f1:2d:ca:82:77:8c:6c:54:
         ae:72:96:dd:72:29:93:f8:0f:19:16:8d:a9:d0:f6:42:32:25:
         96:d3:73:c7:a6:1e:63:65:f7:fb:aa:db:c2:b6:cb:f6:b9:3f:
         ab:e6:03:b4:5c:fd:69:74:d4:ed:be:58:d0:e7:91:af:bb:43:
         96:59:a5:7c:cf:2f:bf:3d:ce:c4:a3:f6:fd:73:38:f8:af:06:
         42:c7:f2:56:9f:26:80:a7:58:ae:59:c3:17:80:31:ca:8b:52:
         68:e5:71:3e:9e:25:96:6b:5c:13:24:b4:d4:8d:7e:0f:92:39:
         9e:fa:15:25:0e:53:78:59:39:92:2c:c5:64:f2:e0:42:65:dd:
         8e:86:a0:b5:76:f0:2a:31:76:ed:a1:62:d5:95:ee:11:6d:5e:
         75:f2:66:9c:c1:6f:13:8a:60:77:a1:7e:f3:f9:10:e8:33:2d:
         e6:ce:06:c4:47:1c:c9:44:ad:2c:ca:f1:dc:55:a1:75:08:4c:
         b3:be:25:3a
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQl/dAtuk120WT6WAPGSBH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGU4NGQ2ZDZhOWVlZGU2ODJlZjFiNWM3OGYxYjNmMGEzMzEzOTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jpEMhuq86W+QhzXNRxzGpNYkzD2
/P0iPeIXy4diEAZaqd9Kbsj/iRGzBD4ewJNlra8bdSTb2Ke8SlYjH7W0hhA3vE7D
LlieucXanPq0GKD3WchqpijfLaoDh0HLm654erAORWfd2MwI5BZQCID0RNNkGcFL
Usp3r8KVDeD68h6MJ447jv4I5ORpFdRiZehSFwY+tAJh7ASOr7bFrkpQGWbqCjWS
qwe5k2Mpu+c/IvTcY1xEOcmmyMfauoXjq3DjwEUJeI4fdD7dBsoqk0y7VA+bIpGT
vTyy2sZAOs2UoFAiKhMevnHuAl5zGPI2zyWnp3m3T9Bid4t9Yk2w6yXWiwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFNDoTW1qnu3mgu8bXHjxs/CjMTkRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY1LzYyYjc3
NS03ODQxLTRhNjEtYjc4Yy1iN2JhMjgxNjVhNzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUvNjJiNzc1
LTc4NDEtNGE2MS1iNzhjLWI3YmEyODE2NWE3Ny8xLzBPaE5iV3FlN2VhQzd4dGNl
UEd6OEtNeE9SRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwWmhMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AjNiMA0GCSqGSIb3DQEBCwUAA4IBAQAWKQOMR4iIXV+hl0TKRPPlzpyGrM6AcJBj
IN7XEOKZSbIxH+o9cgxzz/361bjweSNAVy8ir/Gm0xk/J+CXkbZt8S3KgneMbFSu
cpbdcimT+A8ZFo2p0PZCMiWW03PHph5jZff7qtvCtsv2uT+r5gO0XP1pdNTtvljQ
55Gvu0OWWaV8zy+/Pc7Eo/b9czj4rwZCx/JWnyaAp1iuWcMXgDHKi1Jo5XE+niWW
a1wTJLTUjX4Pkjme+hUlDlN4WTmSLMVk8uBCZd2OhqC1dvAqMXbtoWLVle4RbV51
8macwW8TimB3oX7z+RDoMy3mzgbERxzJRK0syvHcVaF1CEyzviU6
-----END CERTIFICATE-----