Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9OcXTG90-poisK3uJRqNZDEjE_I.cer
File:                     9OcXTG90-poisK3uJRqNZDEjE_I.cer (raw, json)
Hash identifier:          wrwglsCOLPDf8PtIsQ2zVWuGfmxSCKMYnK6XJkw5lFg=
Subject key identifier:   F4:E7:17:4C:6F:74:FA:9A:22:B0:AD:EE:25:1A:8D:64:31:23:13:F2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942747F38D24799E30DCF0165AE1C685BC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/9OcXTG90-poisK3uJRqNZDEjE_I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:50:14 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.233.52.0/23
                          IP: 2001:67c:2a70::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f3:8d:24:79:9e:30:dc:f0:16:5a:e1:c6:85:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:50:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4e7174c6f74fa9a22b0adee251a8d64312313f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1c:5a:5e:31:db:61:e6:6b:a2:7d:9d:af:04:
                    4d:ff:7e:ca:d0:fe:15:62:2e:ca:8c:e9:0a:1c:1f:
                    91:6e:d6:3f:0d:73:2a:23:5d:47:57:3a:1d:f0:27:
                    db:64:a2:ac:89:f1:89:27:7f:31:d0:e8:64:00:56:
                    47:32:8f:63:b9:36:f2:90:86:9d:5e:92:cd:5d:d5:
                    e2:03:ed:cb:72:fb:d3:99:a4:f8:98:96:5c:a4:21:
                    a9:de:ad:37:4d:29:46:30:09:c4:52:5a:ff:80:15:
                    99:b3:d1:a8:67:d7:61:10:25:a2:75:4f:d7:47:9b:
                    80:16:63:5c:03:75:93:89:54:87:b1:b9:50:85:28:
                    cc:5e:f3:d2:13:1f:54:f6:6d:1a:9c:78:c6:7b:da:
                    86:67:e2:81:58:68:88:d3:f5:2a:53:d9:c7:48:89:
                    16:05:81:58:06:c0:a7:8b:2a:00:4d:b7:71:a4:2d:
                    dc:95:49:0f:61:53:60:7e:41:6a:da:85:fa:1c:63:
                    e6:53:50:85:c0:c9:38:de:43:06:fa:a7:d6:03:f2:
                    06:10:2d:6f:47:5a:f9:21:cc:ef:46:0e:15:e3:c0:
                    34:6e:f6:74:37:59:b6:83:66:0a:b2:49:da:b1:c1:
                    16:2b:b6:87:91:0f:a8:59:b2:4a:3e:0d:5c:3d:17:
                    4c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:E7:17:4C:6F:74:FA:9A:22:B0:AD:EE:25:1A:8D:64:31:23:13:F2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/9OcXTG90-poisK3uJRqNZDEjE_I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.52.0/23
                IPv6:
                  2001:67c:2a70::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:d1:59:4d:38:2a:80:24:9d:58:d3:4e:6f:8d:45:32:2f:14:
         df:ae:f7:e8:07:45:e8:be:b3:95:b2:36:a8:c7:65:af:23:41:
         3d:c2:6d:c5:8f:df:fc:21:c2:5c:39:2f:4b:f6:84:93:ed:92:
         94:20:2a:b6:5e:ea:9d:18:03:aa:ba:39:7b:6b:72:d3:71:d4:
         3d:a4:2b:30:2e:d7:1a:fc:4e:13:8e:78:06:8f:c1:75:34:20:
         1c:eb:9c:d8:07:32:63:fd:26:a9:2d:b4:d5:2f:98:26:16:64:
         3b:a2:ad:e9:34:ea:40:f0:9f:fd:e9:a6:e2:33:47:85:13:f7:
         23:eb:51:b5:14:df:02:1b:3b:9e:e1:0b:60:b4:ac:10:c4:62:
         b1:7c:9d:3b:b5:53:de:a9:35:a7:d9:99:38:44:a2:54:38:75:
         68:e6:b6:6c:f1:0c:32:62:2e:80:dc:91:4a:30:60:9c:2c:85:
         38:bf:32:1c:af:df:57:ff:0f:6e:cc:ba:01:0f:04:e7:13:6d:
         e2:f4:73:9f:e9:f5:c0:ac:47:ac:57:ff:91:f7:36:f2:22:3a:
         ab:c2:05:59:b9:cd:d3:5a:62:fc:8e:34:75:ce:0e:79:18:99:
         64:02:ae:1f:81:96:a1:8c:63:56:ff:3e:da:06:49:45:3a:3b:
         61:e6:39:dc
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZQnR/ONJHmeMNzwFlrhxoW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGU3MTc0YzZmNzRmYTlhMjJiMGFkZWUyNTFhOGQ2NDMxMjMxM2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBxaXjHbYeZron2drwRN/37K0P4V
Yi7KjOkKHB+RbtY/DXMqI11HVzod8CfbZKKsifGJJ38x0OhkAFZHMo9juTbykIad
XpLNXdXiA+3LcvvTmaT4mJZcpCGp3q03TSlGMAnEUlr/gBWZs9GoZ9dhECWidU/X
R5uAFmNcA3WTiVSHsblQhSjMXvPSEx9U9m0anHjGe9qGZ+KBWGiI0/UqU9nHSIkW
BYFYBsCniyoATbdxpC3clUkPYVNgfkFq2oX6HGPmU1CFwMk43kMG+qfWA/IGEC1v
R1r5IczvRg4V48A0bvZ0N1m2g2YKsknascEWK7aHkQ+oWbJKPg1cPRdM2wIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFPTnF0xvdPqaIrCt7iUajWQxIxPyMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M2Lzg2ZWZi
My1lZjFlLTQ2OWMtYWViNC0yODk3OGMzYzdlYzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzYvODZlZmIz
LWVmMWUtNDY5Yy1hZWI0LTI4OTc4YzNjN2VjNS8xLzlPY1hURzkwLXBvaXNLM3VK
UnFOWkRFakVfSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQBW+k0MA8EAgACMAkDBwAgAQZ8KnAwDQYJKoZI
hvcNAQELBQADggEBACHRWU04KoAknVjTTm+NRTIvFN+u9+gHRei+s5WyNqjHZa8j
QT3CbcWP3/whwlw5L0v2hJPtkpQgKrZe6p0YA6q6OXtrctNx1D2kKzAu1xr8ThOO
eAaPwXU0IBzrnNgHMmP9JqkttNUvmCYWZDuirek06kDwn/3ppuIzR4UT9yPrUbUU
3wIbO57hC2C0rBDEYrF8nTu1U96pNafZmThEolQ4dWjmtmzxDDJiLoDckUowYJws
hTi/Mhyv31f/D27MugEPBOcTbeL0c5/p9cCsR6xX/5H3NvIiOqvCBVm5zdNaYvyO
NHXODnkYmWQCrh+BlqGMY1b/PtoGSUU6O2HmOdw=
-----END CERTIFICATE-----