Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0RY47gjO487SSRm9VBLnRSiUA44.cer
File:                     0RY47gjO487SSRm9VBLnRSiUA44.cer (raw, json)
Hash identifier:          SAtY/UeHByhw5PYQJdmT74KUZbd6Nda3B78GM4EM/KE=
Subject key identifier:   D1:16:38:EE:08:CE:E3:CE:D2:49:19:BD:54:12:E7:45:28:94:03:8E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EF09CDB091F11C3293D84B9674FAD2D24
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/14/f72893-07f7-4950-b829-e05ddc661e66/1/0RY47gjO487SSRm9VBLnRSiUA44.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/14/f72893-07f7-4950-b829-e05ddc661e66/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 18 Apr 2024 09:49:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 212.46.38.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:9c:db:09:1f:11:c3:29:3d:84:b9:67:4f:ad:2d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 18 09:49:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d11638ee08cee3ced24919bd5412e7452894038e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:68:15:a6:71:32:97:8c:6b:05:56:fb:6b:ef:
                    a9:14:e5:43:1d:59:41:b3:1b:de:ec:56:f1:03:4e:
                    89:a0:86:b9:cc:33:8a:d6:22:66:8e:58:47:e6:06:
                    6e:b6:0f:83:1e:79:9c:27:ee:96:2f:26:ca:47:59:
                    5c:4d:35:65:3a:e7:ed:89:fc:ad:ef:26:7d:c8:1d:
                    4b:94:d9:c9:1b:1a:4a:6c:13:7f:9c:09:be:a2:c4:
                    b5:51:f0:5b:2a:f4:e9:8a:4f:40:15:30:be:bf:30:
                    b1:e6:ce:36:8e:22:bd:2b:63:b0:db:85:e5:e7:5c:
                    fa:4a:b8:6e:f0:c6:e3:a1:91:53:01:fc:ef:9d:d4:
                    11:24:38:41:d2:c5:4a:a4:b6:37:b4:26:2d:6d:46:
                    9d:9f:46:aa:1b:2e:e9:78:f6:c0:da:9a:20:8b:19:
                    8c:cb:d9:fb:82:5c:01:72:84:b7:02:9f:53:bf:ca:
                    d0:e4:18:30:db:36:ba:ba:d8:1f:39:bf:dd:5c:d6:
                    99:a1:57:96:41:93:6d:72:7f:09:bc:84:11:18:f4:
                    66:1a:83:a2:19:b3:9a:5c:22:9c:9e:0d:32:4d:5e:
                    54:39:f1:bd:33:cb:1c:35:53:34:19:ef:24:9b:2a:
                    f3:8a:2d:87:8e:9a:55:5c:7d:3c:e1:e3:96:2c:76:
                    83:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:16:38:EE:08:CE:E3:CE:D2:49:19:BD:54:12:E7:45:28:94:03:8E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/f72893-07f7-4950-b829-e05ddc661e66/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/f72893-07f7-4950-b829-e05ddc661e66/1/0RY47gjO487SSRm9VBLnRSiUA44.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:89:09:a0:d7:b3:f3:c0:d0:5d:db:8f:b3:c9:f9:fa:34:84:
         b5:83:07:a1:16:4e:40:6e:05:cc:a0:48:b5:ff:9c:3a:ef:ec:
         a0:b5:b0:d5:34:f5:57:2b:3e:61:47:8c:91:0c:b2:a6:92:0d:
         e1:9f:e0:55:04:19:02:9e:98:a2:36:a9:9b:f4:20:45:07:eb:
         81:48:68:1c:25:3c:90:58:a1:f0:05:6f:95:af:2a:5f:64:9e:
         a0:98:c6:0a:44:e2:cb:52:35:6b:0b:ab:17:2c:33:56:55:a4:
         89:3c:5a:a2:0d:51:7e:ed:59:b9:ba:5e:8a:7c:0f:0d:8d:7e:
         fd:70:a3:81:41:39:f7:32:ae:fd:5e:ee:69:ef:04:c9:ea:79:
         91:e1:a7:49:43:03:42:e9:8e:76:ad:4a:d2:a4:90:e4:b7:e1:
         83:0d:8b:03:91:50:63:1e:68:18:74:d3:56:98:9f:44:3b:ff:
         24:64:1c:30:75:aa:c0:2b:ca:b9:fc:99:b4:10:74:de:e8:4c:
         d1:09:2f:ef:c7:36:f1:e0:84:df:ba:2b:d4:cc:35:28:2b:00:
         60:5b:8e:05:a9:f6:d8:53:b1:a5:f5:e4:b4:01:6b:ec:f7:99:
         0c:51:d8:25:e4:40:95:5e:43:47:ac:93:4a:52:6c:24:aa:ec:
         d2:2e:76:d4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY7wnNsJHxHDKT2EuWdPrS0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDE4MDk0OTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTE2MzhlZTA4Y2VlM2NlZDI0OTE5YmQ1NDEyZTc0NTI4OTQwMzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWgVpnEyl4xrBVb7a++pFOVDHVlB
sxve7FbxA06JoIa5zDOK1iJmjlhH5gZutg+DHnmcJ+6WLybKR1lcTTVlOuftifyt
7yZ9yB1LlNnJGxpKbBN/nAm+osS1UfBbKvTpik9AFTC+vzCx5s42jiK9K2Ow24Xl
51z6Srhu8MbjoZFTAfzvndQRJDhB0sVKpLY3tCYtbUadn0aqGy7pePbA2pogixmM
y9n7glwBcoS3Ap9Tv8rQ5Bgw2za6utgfOb/dXNaZoVeWQZNtcn8JvIQRGPRmGoOi
GbOaXCKcng0yTV5UOfG9M8scNVM0Ge8kmyrzii2HjppVXH084eOWLHaDxQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNEWOO4IzuPO0kkZvVQS50UolAOOMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE0L2Y3Mjg5
My0wN2Y3LTQ5NTAtYjgyOS1lMDVkZGM2NjFlNjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQvZjcyODkz
LTA3ZjctNDk1MC1iODI5LWUwNWRkYzY2MWU2Ni8xLzBSWTQ3Z2pPNDg3U1NSbTlW
QkxuUlNpVUE0NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQA1C4mMA0GCSqGSIb3DQEBCwUAA4IBAQAqiQmg
17PzwNBd24+zyfn6NIS1gwehFk5AbgXMoEi1/5w67+ygtbDVNPVXKz5hR4yRDLKm
kg3hn+BVBBkCnpiiNqmb9CBFB+uBSGgcJTyQWKHwBW+VrypfZJ6gmMYKROLLUjVr
C6sXLDNWVaSJPFqiDVF+7Vm5ul6KfA8NjX79cKOBQTn3Mq79Xu5p7wTJ6nmR4adJ
QwNC6Y52rUrSpJDkt+GDDYsDkVBjHmgYdNNWmJ9EO/8kZBwwdarAK8q5/Jm0EHTe
6EzRCS/vxzbx4ITfuivUzDUoKwBgW44FqfbYU7Gl9eS0AWvs95kMUdgl5ECVXkNH
rJNKUmwkquzSLnbU
-----END CERTIFICATE-----