Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.cer
File:                     O3eMfg5ZgyUnNHwuIR_EjFRxCM8.cer (raw, json)
Hash identifier:          P6gCEyczacJXciLLQtCdwWoHJgvMGhxtjNZO0dK8KzQ=
Subject key identifier:   3B:77:8C:7E:0E:59:83:25:27:34:7C:2E:21:1F:C4:8C:54:71:08:CF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FDA95B2721024820098DFF3C0FE09B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:49:28 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.131.202.0/24
                          IP: 2a0b:5b00::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a9:5b:27:21:02:48:20:09:8d:ff:3c:0f:e0:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b778c7e0e59832527347c2e211fc48c547108cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:77:7d:30:92:ed:73:90:08:5a:62:99:e5:8f:
                    cc:9e:a1:1f:54:3b:09:00:39:9d:b7:d7:7a:cc:db:
                    35:91:b2:b4:3b:01:97:d4:f4:58:b1:1c:f9:76:fe:
                    b9:ef:32:83:f4:51:8b:56:c3:ad:50:52:95:c0:f6:
                    19:83:e4:78:37:9f:06:8c:3b:8f:88:34:cf:f0:9c:
                    0b:2f:59:14:9b:3b:46:f8:4a:54:12:5f:82:b0:bc:
                    97:04:8f:74:b3:83:3f:ad:82:a8:27:72:fd:ce:34:
                    16:31:de:42:2f:e1:ff:0b:35:66:24:a5:e2:76:02:
                    93:f7:6d:fb:a7:9b:4f:21:a9:56:8c:fc:96:67:bf:
                    c5:9a:33:c6:3b:5c:48:53:48:49:e3:f9:5d:5a:0b:
                    37:07:5f:b8:ec:7b:0c:17:1f:d1:5c:c9:e3:8d:01:
                    a7:1b:d4:38:6f:41:f5:be:fb:79:b4:64:45:df:eb:
                    ea:cf:56:7a:aa:95:23:c0:3f:3b:b8:c9:85:ec:99:
                    f6:28:64:43:82:d6:7d:c5:0d:4a:bb:f9:e7:1a:86:
                    46:1b:2c:03:80:5b:1f:8b:68:1e:80:e0:80:8b:c4:
                    d6:a6:f0:c0:d6:8a:50:53:5f:ae:0c:54:3e:52:4d:
                    31:0c:a2:d0:51:65:72:36:61:bc:ad:96:a5:fe:c9:
                    46:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:77:8C:7E:0E:59:83:25:27:34:7C:2E:21:1F:C4:8C:54:71:08:CF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.202.0/24
                IPv6:
                  2a0b:5b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:6b:03:50:38:51:3f:b9:64:98:71:60:56:b2:bf:e3:5f:6d:
         ee:7b:3f:00:1f:45:27:5c:38:bc:02:73:37:1c:be:a6:5f:83:
         fd:f1:46:22:98:cf:5f:b2:d9:a9:88:7e:cb:cd:42:f8:af:bb:
         5d:04:5a:93:67:8b:86:34:d8:2a:5a:24:9a:ad:1a:5e:e1:5e:
         f5:1d:a1:71:14:d3:a9:02:7c:83:b6:f2:9e:25:61:1f:5f:78:
         32:69:0c:bc:5b:45:2f:27:17:1b:a7:24:cc:1e:4d:8b:49:a6:
         57:94:af:12:9c:54:7b:ab:40:7a:e4:24:da:5a:d5:a0:77:21:
         b4:e1:bc:a1:8a:21:63:02:cb:d4:55:de:af:52:cb:e1:7e:25:
         d0:54:d9:a6:0f:f3:f5:9e:7d:dd:fa:90:a5:c9:b4:c6:24:f8:
         87:ee:4c:30:71:c1:09:aa:b4:06:54:0f:6c:5a:91:73:f8:34:
         d1:f6:e8:a4:35:ff:8c:82:ec:f3:2b:b4:da:4f:7b:80:65:10:
         78:5f:29:ea:29:f7:4d:28:f7:a1:7a:38:33:7d:27:00:c3:b0:
         a2:5c:44:cd:39:40:29:eb:7b:01:5f:e2:2e:50:e7:05:d5:5b:
         75:96:50:03:5a:25:4b:6f:01:4a:4f:29:09:86:c1:61:c8:60:
         39:0f:e4:98
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQl/albJyECSCAJjf88D+CbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc3OGM3ZTBlNTk4MzI1MjczNDdjMmUyMTFmYzQ4YzU0NzEwOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXd9MJLtc5AIWmKZ5Y/MnqEfVDsJ
ADmdt9d6zNs1kbK0OwGX1PRYsRz5dv657zKD9FGLVsOtUFKVwPYZg+R4N58GjDuP
iDTP8JwLL1kUmztG+EpUEl+CsLyXBI90s4M/rYKoJ3L9zjQWMd5CL+H/CzVmJKXi
dgKT9237p5tPIalWjPyWZ7/FmjPGO1xIU0hJ4/ldWgs3B1+47HsMFx/RXMnjjQGn
G9Q4b0H1vvt5tGRF3+vqz1Z6qpUjwD87uMmF7Jn2KGRDgtZ9xQ1Ku/nnGoZGGywD
gFsfi2gegOCAi8TWpvDA1opQU1+uDFQ+Uk0xDKLQUWVyNmG8rZal/slGkwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDt3jH4OWYMlJzR8LiEfxIxUcQjPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhiLzA4NTE1
NS0zNGY4LTQxNjItYWQ2NC0wZGI3YzNmMmZhYTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvMDg1MTU1
LTM0ZjgtNDE2Mi1hZDY0LTBkYjdjM2YyZmFhOS8xL08zZU1mZzVaZ3lVbk5Id3VJ
Ul9FakZSeENNOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAuYPKMA0EAgACMAcDBQMqC1sAMA0GCSqGSIb3
DQEBCwUAA4IBAQA4awNQOFE/uWSYcWBWsr/jX23uez8AH0UnXDi8AnM3HL6mX4P9
8UYimM9fstmpiH7LzUL4r7tdBFqTZ4uGNNgqWiSarRpe4V71HaFxFNOpAnyDtvKe
JWEfX3gyaQy8W0UvJxcbpyTMHk2LSaZXlK8SnFR7q0B65CTaWtWgdyG04byhiiFj
AsvUVd6vUsvhfiXQVNmmD/P1nn3d+pClybTGJPiH7kwwccEJqrQGVA9sWpFz+DTR
9uikNf+MguzzK7TaT3uAZRB4XynqKfdNKPehejgzfScAw7CiXETNOUAp63sBX+Iu
UOcF1Vt1llADWiVLbwFKTykJhsFhyGA5D+SY
-----END CERTIFICATE-----