Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/IOagEH1ompNwtiKVGkSWRsw4tZA.cer
File:                     IOagEH1ompNwtiKVGkSWRsw4tZA.cer (raw, json)
Hash identifier:          b+xpzsBm4mk6FgtoBWliixbIGHyD1WTqnqSWBERnN7k=
Subject key identifier:   20:E6:A0:10:7D:68:9A:93:70:B6:22:95:1A:44:96:46:CC:38:B5:90
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC80142FDA434CC96788F907F179182B8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/73/e84e8f-8bb2-4054-b495-125eedf8d9f1/1/IOagEH1ompNwtiKVGkSWRsw4tZA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/73/e84e8f-8bb2-4054-b495-125eedf8d9f1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198677
                          IP: 91.238.122.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:42:fd:a4:34:cc:96:78:8f:90:7f:17:91:82:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20e6a0107d689a9370b622951a449646cc38b590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:73:52:3f:93:39:0c:c7:cd:83:54:d4:29:e6:
                    db:af:cb:ce:c5:af:d7:70:d3:4e:75:85:cf:92:6b:
                    8d:07:45:ae:76:3d:08:37:a6:4c:3e:90:ee:ab:e9:
                    bb:35:21:f0:89:2b:24:a6:06:4f:b3:8a:17:5c:f7:
                    47:af:8e:16:c8:84:bd:a1:a2:9c:a8:dc:2a:0f:45:
                    b1:6b:a4:5d:f1:01:4d:24:46:09:39:94:f1:5d:38:
                    bf:e5:3b:37:b1:ae:75:f7:ec:ec:39:d5:af:78:2c:
                    2a:8c:a9:a9:4e:e2:8b:e8:8a:a3:ab:ce:70:01:fe:
                    3c:da:07:e5:ac:29:c9:04:78:37:19:7c:aa:2a:a2:
                    d8:a3:44:cf:54:9f:15:05:b1:6c:99:1d:96:21:1f:
                    f1:20:a0:23:16:68:5f:1a:42:d5:6c:56:e8:96:b1:
                    70:40:7d:22:0b:61:09:e7:ad:3e:71:20:bd:82:45:
                    41:9f:33:3d:b0:78:d7:3b:e4:83:7e:7b:45:e9:8a:
                    d2:07:7e:22:2b:2f:99:2e:a4:56:7d:d1:68:21:e6:
                    e1:87:8e:12:d2:5b:f0:12:f0:42:59:94:c5:85:c0:
                    71:5c:d3:ab:2f:5c:5e:00:f3:f1:6d:a4:62:30:45:
                    f2:7c:32:4e:b2:8a:e7:4b:67:0f:bf:99:01:fa:c8:
                    44:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:E6:A0:10:7D:68:9A:93:70:B6:22:95:1A:44:96:46:CC:38:B5:90
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/e84e8f-8bb2-4054-b495-125eedf8d9f1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/e84e8f-8bb2-4054-b495-125eedf8d9f1/1/IOagEH1ompNwtiKVGkSWRsw4tZA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.122.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198677

    Signature Algorithm: sha256WithRSAEncryption
         a4:e7:b5:aa:b6:d5:98:00:f3:35:50:f7:93:8e:70:f8:63:13:
         67:41:15:5b:f6:8b:71:66:c6:aa:1d:2a:92:80:97:4a:59:33:
         56:c8:11:43:3f:ed:3a:bf:d4:96:4f:4b:43:91:d0:7e:0a:b7:
         81:5c:8b:98:39:46:eb:10:6c:58:f3:26:99:26:87:8a:61:ee:
         28:a2:b6:44:cb:37:d9:7f:f5:c1:6a:ff:be:91:cc:de:39:df:
         30:f5:91:ab:09:ed:34:a7:a9:4c:eb:dc:d7:bc:42:76:e8:f0:
         d0:2f:28:cc:78:5b:44:1e:9e:04:6e:88:6d:6e:79:84:a4:8b:
         8f:93:dc:ad:25:86:48:c1:47:db:30:aa:63:66:f4:d5:82:a5:
         de:2d:2a:d5:e2:00:d5:bf:fe:fe:cd:32:1a:e2:e2:5c:a5:44:
         3c:24:f6:63:e1:c5:97:21:6d:c3:e2:b4:9c:18:a6:43:b3:28:
         f7:f3:0e:d9:2a:41:64:e9:5c:90:9c:db:f2:d4:f2:80:55:97:
         3c:4a:83:d1:92:c8:d9:61:91:f4:fd:15:94:84:3a:b2:e6:9b:
         5c:46:53:01:fb:ea:ea:2e:d2:fe:e4:88:a3:42:5a:24:ab:38:
         b8:0f:c2:d8:3b:e9:63:24:5b:50:9a:87:6a:cd:e4:61:e5:1a:
         6c:0c:9e:ad
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIAUL9pDTMlniPkH8XkYK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGU2YTAxMDdkNjg5YTkzNzBiNjIyOTUxYTQ0OTY0NmNjMzhiNTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHNSP5M5DMfNg1TUKebbr8vOxa/X
cNNOdYXPkmuNB0Wudj0IN6ZMPpDuq+m7NSHwiSskpgZPs4oXXPdHr44WyIS9oaKc
qNwqD0Wxa6Rd8QFNJEYJOZTxXTi/5Ts3sa519+zsOdWveCwqjKmpTuKL6Iqjq85w
Af482gflrCnJBHg3GXyqKqLYo0TPVJ8VBbFsmR2WIR/xIKAjFmhfGkLVbFbolrFw
QH0iC2EJ560+cSC9gkVBnzM9sHjXO+SDfntF6YrSB34iKy+ZLqRWfdFoIebhh44S
0lvwEvBCWZTFhcBxXNOrL1xeAPPxbaRiMEXyfDJOsornS2cPv5kB+shEkQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCDmoBB9aJqTcLYilRpElkbMOLWQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzczL2U4NGU4
Zi04YmIyLTQwNTQtYjQ5NS0xMjVlZWRmOGQ5ZjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzMvZTg0ZThm
LThiYjItNDA1NC1iNDk1LTEyNWVlZGY4ZDlmMS8xL0lPYWdFSDFvbXBOd3RpS1ZH
a1NXUnN3NHRaQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+56MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMIFTANBgkqhkiG9w0BAQsFAAOCAQEApOe1qrbVmADzNVD3k45w+GMTZ0EVW/aL
cWbGqh0qkoCXSlkzVsgRQz/tOr/Ulk9LQ5HQfgq3gVyLmDlG6xBsWPMmmSaHimHu
KKK2RMs32X/1wWr/vpHM3jnfMPWRqwntNKepTOvc17xCdujw0C8ozHhbRB6eBG6I
bW55hKSLj5PcrSWGSMFH2zCqY2b01YKl3i0q1eIA1b/+/s0yGuLiXKVEPCT2Y+HF
lyFtw+K0nBimQ7Mo9/MO2SpBZOlckJzb8tTygFWXPEqD0ZLI2WGR9P0VlIQ6suab
XEZTAfvq6i7S/uSIo0JaJKs4uA/C2DvpYyRbUJqHas3kYeUabAyerQ==
-----END CERTIFICATE-----