Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.cer
File:                     O3eMfg5ZgyUnNHwuIR_EjFRxCM8.cer (raw, json)
Hash identifier:          0Wr7puCh8f8/U6kzsJ1l19SDzXkWKWDrFWY755X91RM=
Subject key identifier:   3B:77:8C:7E:0E:59:83:25:27:34:7C:2E:21:1F:C4:8C:54:71:08:CF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CF3A18D789F3DA00AC518F54C40813C15
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 10 Jan 2024 13:48:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.131.202.0/24
                          IP: 2a0b:5b00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:a1:8d:78:9f:3d:a0:0a:c5:18:f5:4c:40:81:3c:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 10 13:48:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b778c7e0e59832527347c2e211fc48c547108cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:77:7d:30:92:ed:73:90:08:5a:62:99:e5:8f:
                    cc:9e:a1:1f:54:3b:09:00:39:9d:b7:d7:7a:cc:db:
                    35:91:b2:b4:3b:01:97:d4:f4:58:b1:1c:f9:76:fe:
                    b9:ef:32:83:f4:51:8b:56:c3:ad:50:52:95:c0:f6:
                    19:83:e4:78:37:9f:06:8c:3b:8f:88:34:cf:f0:9c:
                    0b:2f:59:14:9b:3b:46:f8:4a:54:12:5f:82:b0:bc:
                    97:04:8f:74:b3:83:3f:ad:82:a8:27:72:fd:ce:34:
                    16:31:de:42:2f:e1:ff:0b:35:66:24:a5:e2:76:02:
                    93:f7:6d:fb:a7:9b:4f:21:a9:56:8c:fc:96:67:bf:
                    c5:9a:33:c6:3b:5c:48:53:48:49:e3:f9:5d:5a:0b:
                    37:07:5f:b8:ec:7b:0c:17:1f:d1:5c:c9:e3:8d:01:
                    a7:1b:d4:38:6f:41:f5:be:fb:79:b4:64:45:df:eb:
                    ea:cf:56:7a:aa:95:23:c0:3f:3b:b8:c9:85:ec:99:
                    f6:28:64:43:82:d6:7d:c5:0d:4a:bb:f9:e7:1a:86:
                    46:1b:2c:03:80:5b:1f:8b:68:1e:80:e0:80:8b:c4:
                    d6:a6:f0:c0:d6:8a:50:53:5f:ae:0c:54:3e:52:4d:
                    31:0c:a2:d0:51:65:72:36:61:bc:ad:96:a5:fe:c9:
                    46:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:77:8C:7E:0E:59:83:25:27:34:7C:2E:21:1F:C4:8C:54:71:08:CF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.202.0/24
                IPv6:
                  2a0b:5b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:36:85:87:81:3d:f2:1d:23:a0:cf:25:e6:22:c0:ff:ec:4b:
         21:7f:f9:da:69:1c:63:c1:85:e8:ef:0c:57:fa:39:a6:a1:6b:
         7b:f1:ad:03:5b:ef:fc:77:c9:eb:f6:99:6e:55:60:a2:cc:0a:
         24:96:e7:2d:4e:2e:38:38:0e:01:16:36:05:8a:9f:3b:00:c5:
         20:48:b1:7b:53:e0:8f:ed:ec:d7:20:bb:a2:d8:7a:01:d5:92:
         72:fc:fd:4a:1e:4e:15:10:56:ad:7f:df:d2:43:68:ee:70:fb:
         03:4f:83:5c:04:d7:87:f7:52:39:6c:4e:99:c0:53:5f:34:55:
         89:80:97:1f:85:ae:dd:fd:74:29:b0:15:03:40:32:7b:ca:93:
         c6:40:e5:02:33:25:08:06:14:62:ff:4d:f1:3a:2c:ce:01:77:
         75:ee:6a:0a:d3:f2:00:80:76:42:fb:19:5f:6b:ef:55:29:df:
         d0:12:d2:2a:b8:0d:70:24:92:cd:54:a3:c9:e6:f6:8c:e5:93:
         7a:45:43:fa:be:b3:2b:ad:c8:aa:1b:d8:d2:0c:ef:69:98:a5:
         7c:9e:d8:52:a8:b3:da:03:6d:d9:4a:aa:43:2b:a7:97:1f:46:
         b4:a5:ed:03:dc:26:0c:f6:fd:c1:49:48:20:f9:d7:9d:fd:06:
         37:76:3d:77
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzzoY14nz2gCsUY9UxAgTwVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTEwMTM0ODIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc3OGM3ZTBlNTk4MzI1MjczNDdjMmUyMTFmYzQ4YzU0NzEwOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXd9MJLtc5AIWmKZ5Y/MnqEfVDsJ
ADmdt9d6zNs1kbK0OwGX1PRYsRz5dv657zKD9FGLVsOtUFKVwPYZg+R4N58GjDuP
iDTP8JwLL1kUmztG+EpUEl+CsLyXBI90s4M/rYKoJ3L9zjQWMd5CL+H/CzVmJKXi
dgKT9237p5tPIalWjPyWZ7/FmjPGO1xIU0hJ4/ldWgs3B1+47HsMFx/RXMnjjQGn
G9Q4b0H1vvt5tGRF3+vqz1Z6qpUjwD87uMmF7Jn2KGRDgtZ9xQ1Ku/nnGoZGGywD
gFsfi2gegOCAi8TWpvDA1opQU1+uDFQ+Uk0xDKLQUWVyNmG8rZal/slGkwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDt3jH4OWYMlJzR8LiEfxIxUcQjPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhiLzA4NTE1
NS0zNGY4LTQxNjItYWQ2NC0wZGI3YzNmMmZhYTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvMDg1MTU1
LTM0ZjgtNDE2Mi1hZDY0LTBkYjdjM2YyZmFhOS8xL08zZU1mZzVaZ3lVbk5Id3VJ
Ul9FakZSeENNOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAuYPKMA0EAgACMAcDBQMqC1sAMA0GCSqGSIb3
DQEBCwUAA4IBAQB+NoWHgT3yHSOgzyXmIsD/7Eshf/naaRxjwYXo7wxX+jmmoWt7
8a0DW+/8d8nr9pluVWCizAokluctTi44OA4BFjYFip87AMUgSLF7U+CP7ezXILui
2HoB1ZJy/P1KHk4VEFatf9/SQ2jucPsDT4NcBNeH91I5bE6ZwFNfNFWJgJcfha7d
/XQpsBUDQDJ7ypPGQOUCMyUIBhRi/03xOizOAXd17moK0/IAgHZC+xlfa+9VKd/Q
EtIquA1wJJLNVKPJ5vaM5ZN6RUP6vrMrrciqG9jSDO9pmKV8nthSqLPaA23ZSqpD
K6eXH0a0pe0D3CYM9v3BSUgg+ded/QY3dj13
-----END CERTIFICATE-----