Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0OhNbWqe7eaC7xtcePGz8KMxORE.cer
File:                     0OhNbWqe7eaC7xtcePGz8KMxORE.cer (raw, json)
Hash identifier:          D5NlWynEM/4xs1XsgruwawXZ8XoHv1/TkuDuKPDN0lQ=
Subject key identifier:   D0:E8:4D:6D:6A:9E:ED:E6:82:EF:1B:5C:78:F1:B3:F0:A3:31:39:11
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DCD95D0DFFB7FA762B1462553AB970
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/0OhNbWqe7eaC7xtcePGz8KMxORE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:30:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 13154
                          IP: 193.105.161.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d9:5d:0d:ff:b7:fa:76:2b:14:62:55:3a:b9:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0e84d6d6a9eede682ef1b5c78f1b3f0a3313911
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:3a:44:32:1b:aa:f3:a5:be:42:1c:d7:35:1c:
                    73:1a:93:58:93:30:f6:fc:fd:22:3d:e2:17:cb:87:
                    62:10:06:5a:a9:df:4a:6e:c8:ff:89:11:b3:04:3e:
                    1e:c0:93:65:ad:af:1b:75:24:db:d8:a7:bc:4a:56:
                    23:1f:b5:b4:86:10:37:bc:4e:c3:2e:58:9e:b9:c5:
                    da:9c:fa:b4:18:a0:f7:59:c8:6a:a6:28:df:2d:aa:
                    03:87:41:cb:9b:ae:78:7a:b0:0e:45:67:dd:d8:cc:
                    08:e4:16:50:08:80:f4:44:d3:64:19:c1:4b:52:ca:
                    77:af:c2:95:0d:e0:fa:f2:1e:8c:27:8e:3b:8e:fe:
                    08:e4:e4:69:15:d4:62:65:e8:52:17:06:3e:b4:02:
                    61:ec:04:8e:af:b6:c5:ae:4a:50:19:66:ea:0a:35:
                    92:ab:07:b9:93:63:29:bb:e7:3f:22:f4:dc:63:5c:
                    44:39:c9:a6:c8:c7:da:ba:85:e3:ab:70:e3:c0:45:
                    09:78:8e:1f:74:3e:dd:06:ca:2a:93:4c:bb:54:0f:
                    9b:22:91:93:bd:3c:b2:da:c6:40:3a:cd:94:a0:50:
                    22:2a:13:1e:be:71:ee:02:5e:73:18:f2:36:cf:25:
                    a7:a7:79:b7:4f:d0:62:77:8b:7d:62:4d:b0:eb:25:
                    d6:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E8:4D:6D:6A:9E:ED:E6:82:EF:1B:5C:78:F1:B3:F0:A3:31:39:11
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/0OhNbWqe7eaC7xtcePGz8KMxORE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.161.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  13154

    Signature Algorithm: sha256WithRSAEncryption
         48:66:ee:bb:63:17:df:a3:02:76:c4:48:79:9a:28:14:3d:48:
         0c:cf:23:c4:a2:f2:44:2d:b6:a1:2f:74:f0:be:6d:25:0f:10:
         56:0d:59:f7:2b:2f:4c:91:4c:4e:67:93:26:57:54:51:10:08:
         af:c7:c8:91:52:e4:8b:6c:64:b4:f5:d5:a1:fb:c3:39:31:f3:
         39:91:d0:65:7f:f3:c0:b2:3a:bb:f7:c8:72:9f:e2:4e:fd:8b:
         af:f4:22:8d:d3:d3:94:c8:37:7f:62:7f:a0:f2:39:98:5c:92:
         ff:f1:0c:0c:2e:ba:66:9e:84:bd:e0:a1:b0:95:c9:c3:8d:13:
         ab:02:ed:2f:18:26:5a:33:dd:4c:df:70:df:59:24:a6:e9:e3:
         db:fc:75:7c:00:5b:70:30:d3:3f:76:0a:f1:65:cf:78:da:e3:
         c2:fb:34:a6:b8:ea:d7:0d:29:af:5d:13:96:e6:cf:19:d9:24:
         47:1b:93:1a:9e:1e:69:c8:ea:d1:cc:e7:aa:b0:7e:ac:b6:ad:
         68:7b:b2:51:a4:14:a3:11:2b:4e:c0:c8:ff:d3:a6:bd:9b:da:
         39:3f:5e:3b:46:b2:5a:df:16:da:4f:1b:e9:fb:70:f0:2c:e7:
         90:51:d1:ce:2e:90:2c:79:85:0e:4a:77:3e:52:ae:10:a0:e9:
         db:be:e3:61
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzF3NldDf+3+nYrFGJVOrlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGU4NGQ2ZDZhOWVlZGU2ODJlZjFiNWM3OGYxYjNmMGEzMzEzOTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jpEMhuq86W+QhzXNRxzGpNYkzD2
/P0iPeIXy4diEAZaqd9Kbsj/iRGzBD4ewJNlra8bdSTb2Ke8SlYjH7W0hhA3vE7D
LlieucXanPq0GKD3WchqpijfLaoDh0HLm654erAORWfd2MwI5BZQCID0RNNkGcFL
Usp3r8KVDeD68h6MJ447jv4I5ORpFdRiZehSFwY+tAJh7ASOr7bFrkpQGWbqCjWS
qwe5k2Mpu+c/IvTcY1xEOcmmyMfauoXjq3DjwEUJeI4fdD7dBsoqk0y7VA+bIpGT
vTyy2sZAOs2UoFAiKhMevnHuAl5zGPI2zyWnp3m3T9Bid4t9Yk2w6yXWiwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFNDoTW1qnu3mgu8bXHjxs/CjMTkRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY1LzYyYjc3
NS03ODQxLTRhNjEtYjc4Yy1iN2JhMjgxNjVhNzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUvNjJiNzc1
LTc4NDEtNGE2MS1iNzhjLWI3YmEyODE2NWE3Ny8xLzBPaE5iV3FlN2VhQzd4dGNl
UEd6OEtNeE9SRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwWmhMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AjNiMA0GCSqGSIb3DQEBCwUAA4IBAQBIZu67YxffowJ2xEh5migUPUgMzyPEovJE
LbahL3Twvm0lDxBWDVn3Ky9MkUxOZ5MmV1RREAivx8iRUuSLbGS09dWh+8M5MfM5
kdBlf/PAsjq798hyn+JO/Yuv9CKN09OUyDd/Yn+g8jmYXJL/8QwMLrpmnoS94KGw
lcnDjROrAu0vGCZaM91M33DfWSSm6ePb/HV8AFtwMNM/dgrxZc942uPC+zSmuOrX
DSmvXROW5s8Z2SRHG5Manh5pyOrRzOeqsH6stq1oe7JRpBSjEStOwMj/06a9m9o5
P147RrJa3xbaTxvp+3DwLOeQUdHOLpAseYUOSnc+Uq4QoOnbvuNh
-----END CERTIFICATE-----