Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1OcWO-4eGkF8rWZYK05ygTCR-Ts.cer
File:                     1OcWO-4eGkF8rWZYK05ygTCR-Ts.cer (raw, json)
Hash identifier:          RXf4XQul5ZXhne1GwAj8AKVdfebloXsT3HQdqeBTZjY=
Subject key identifier:   D4:E7:16:3B:EE:1E:1A:41:7C:AD:66:58:2B:4E:72:81:30:91:F9:3B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EEC029D53B2F65CAF5853C8CDA1DF63FB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/3/D4E7163BEE1E1A417CAD66582B4E72813091F93B.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/3/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 17 Apr 2024 12:22:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215086

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ec:02:9d:53:b2:f6:5c:af:58:53:c8:cd:a1:df:63:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 17 12:22:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4e7163bee1e1a417cad66582b4e72813091f93b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:28:83:5a:49:5e:cf:f7:c7:f9:39:7d:96:d7:
                    28:1e:71:fd:de:f4:3d:d4:b5:3c:d7:0b:4c:2f:09:
                    c4:33:33:ed:c9:19:7c:a5:2a:35:74:d3:91:a6:26:
                    f7:5c:66:c1:41:b1:b6:d1:8d:e8:5c:ed:89:c3:56:
                    68:f9:a3:24:3b:2a:d1:d0:17:5d:4e:25:57:f3:36:
                    32:6e:80:80:aa:78:02:f7:2e:f0:44:e7:72:66:fa:
                    b0:7b:fb:2c:2b:0b:de:f4:00:6f:3e:ee:12:16:91:
                    72:76:29:cd:32:c5:0b:f5:be:f4:7d:56:a9:80:4e:
                    1a:ee:85:36:87:2c:5e:ff:22:d4:7d:64:2f:3b:82:
                    87:22:cb:47:e8:26:88:9e:21:03:04:da:af:40:ac:
                    b1:49:1b:72:77:06:a0:98:ac:90:4b:56:45:36:4d:
                    40:e7:c2:05:74:1c:ac:54:4c:35:ec:95:96:19:2f:
                    d6:94:f1:3e:21:a2:24:a7:83:5d:70:c8:ab:c2:02:
                    7c:ef:57:04:a5:59:4d:0a:26:18:b7:30:e2:c0:12:
                    07:d3:f6:10:a9:8e:d5:be:bb:e8:88:74:bc:a9:cb:
                    f6:c6:aa:59:33:e4:69:ca:f3:d6:fa:79:56:01:4d:
                    45:c6:99:51:de:fb:b5:c6:24:45:99:a4:62:4c:fe:
                    21:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:E7:16:3B:EE:1E:1A:41:7C:AD:66:58:2B:4E:72:81:30:91:F9:3B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/3/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/3/D4E7163BEE1E1A417CAD66582B4E72813091F93B.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215086

    Signature Algorithm: sha256WithRSAEncryption
         30:dc:d4:23:34:44:3c:47:fe:e4:7a:a6:c4:af:dd:f5:86:b5:
         b1:58:54:e6:66:72:5c:e6:1e:09:79:e0:6e:02:fc:e5:07:12:
         e1:1a:57:28:74:d5:79:db:3d:e2:2e:03:ad:8c:49:de:5c:b5:
         6b:a8:22:29:64:a1:37:88:f6:e6:c4:8b:b3:74:b7:49:9a:77:
         46:ed:7b:bc:e7:4c:9b:ae:ed:2c:a0:d2:bb:81:64:e1:2f:de:
         cf:13:0f:fc:6b:df:47:75:f5:fe:b6:17:26:c1:6a:35:cc:8d:
         96:8b:41:29:1a:50:5c:9e:00:71:98:ed:1a:55:43:56:d0:ab:
         a7:29:06:d7:25:d1:ff:68:39:4d:e9:bd:ca:40:ce:26:9c:53:
         d6:d2:50:f1:fd:07:39:7a:10:fa:4c:8e:59:07:95:8a:ab:7b:
         f4:d4:4e:07:da:a4:24:6f:52:38:a1:c5:71:9e:7c:82:c2:35:
         3c:16:79:57:98:8f:cc:2b:63:35:c3:d9:71:1c:2d:c4:69:08:
         07:50:7f:18:8f:c4:54:a9:dc:42:82:a8:3d:f7:91:46:c4:82:
         2c:3b:24:d5:6f:7f:d4:f0:13:81:2d:1c:18:2b:bc:c0:8e:bc:
         82:d0:de:ff:e2:02:33:47:0e:5a:db:d2:3d:59:23:f2:42:8e:
         83:8b:46:05
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAY7sAp1TsvZcr1hTyM2h32P7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDE3MTIyMjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGU3MTYzYmVlMWUxYTQxN2NhZDY2NTgyYjRlNzI4MTMwOTFmOTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCiDWklez/fH+Tl9ltcoHnH93vQ9
1LU81wtMLwnEMzPtyRl8pSo1dNORpib3XGbBQbG20Y3oXO2Jw1Zo+aMkOyrR0Bdd
TiVX8zYyboCAqngC9y7wROdyZvqwe/ssKwve9ABvPu4SFpFydinNMsUL9b70fVap
gE4a7oU2hyxe/yLUfWQvO4KHIstH6CaIniEDBNqvQKyxSRtydwagmKyQS1ZFNk1A
58IFdBysVEw17JWWGS/WlPE+IaIkp4NdcMirwgJ871cEpVlNCiYYtzDiwBIH0/YQ
qY7VvrvoiHS8qcv2xqpZM+RpyvPW+nlWAU1FxplR3vu1xiRFmaRiTP4hrQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFNTnFjvuHhpBfK1mWCtOcoEwkfk7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzQ5MWE0
M2JjLTc2ZWMtNGFiZS1iYTdkLWU3M2U5MGQ2NjJjYi8zLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDkx
YTQzYmMtNzZlYy00YWJlLWJhN2QtZTczZTkwZDY2MmNiLzMvRDRFNzE2M0JFRTFF
MUE0MTdDQUQ2NjU4MkI0RTcyODEzMDkxRjkzQi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDSC4w
DQYJKoZIhvcNAQELBQADggEBADDc1CM0RDxH/uR6psSv3fWGtbFYVOZmclzmHgl5
4G4C/OUHEuEaVyh01XnbPeIuA62MSd5ctWuoIilkoTeI9ubEi7N0t0mad0bte7zn
TJuu7Syg0ruBZOEv3s8TD/xr30d19f62FybBajXMjZaLQSkaUFyeAHGY7RpVQ1bQ
q6cpBtcl0f9oOU3pvcpAziacU9bSUPH9Bzl6EPpMjlkHlYqre/TUTgfapCRvUjih
xXGefILCNTwWeVeYj8wrYzXD2XEcLcRpCAdQfxiPxFSp3EKCqD33kUbEgiw7JNVv
f9TwE4EtHBgrvMCOvILQ3v/iAjNHDlrb0j1ZI/JCjoOLRgU=
-----END CERTIFICATE-----