Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/O4RSPDky4tGYBGI0uWLg3FGr9YY.cer
File:                     O4RSPDky4tGYBGI0uWLg3FGr9YY.cer (raw, json)
Hash identifier:          wczS8QWTss2yfXCG0SWcdTgWV3Pp/JE4MGu7carSfp8=
Subject key identifier:   3B:84:52:3C:39:32:E2:D1:98:04:62:34:B9:62:E0:DC:51:AB:F5:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019428243FA301E297D4676AF12ECB417F1E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c7/640a5e-ed52-47b0-bcff-bdf5c780742e/1/O4RSPDky4tGYBGI0uWLg3FGr9YY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c7/640a5e-ed52-47b0-bcff-bdf5c780742e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 17:50:51 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.201.204.0/22
                          IP: 2a04:c6c0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:3f:a3:01:e2:97:d4:67:6a:f1:2e:cb:41:7f:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 17:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b84523c3932e2d198046234b962e0dc51abf586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2f:fd:18:88:47:13:e0:b9:c7:39:6e:f3:d9:
                    a5:27:42:41:ae:7b:1c:b2:e6:e6:6c:d1:62:86:48:
                    3f:3d:a6:85:c7:f8:35:7c:9d:ac:63:a5:d4:e2:09:
                    97:d1:af:df:c4:34:5a:e3:ae:73:83:bd:c3:78:eb:
                    9d:b4:cd:ec:16:40:3c:ef:40:f5:64:d0:9d:ed:43:
                    77:a9:b6:b7:cf:fa:4d:de:8d:fc:39:1b:00:df:2b:
                    ce:49:ae:08:45:9e:44:c7:cb:99:f0:8c:25:1f:03:
                    83:48:fa:25:4f:71:62:92:7d:ca:36:8e:dd:dd:ce:
                    6e:b6:3b:4e:ac:dd:ac:7e:07:f1:22:7f:f8:3e:1a:
                    51:2a:25:71:d8:6a:1f:97:f7:d8:dc:68:b5:bf:b2:
                    70:7d:7c:0f:dc:a2:9f:bd:e6:b9:28:cd:61:ff:b9:
                    7e:1d:23:08:9d:c6:8c:66:63:2c:b5:91:8d:90:90:
                    36:f2:44:cc:31:c8:b3:ce:9d:5c:d9:11:31:36:cf:
                    d3:68:42:98:b2:48:e5:c4:60:cc:1d:c5:b7:94:0e:
                    08:56:3f:3d:51:7e:db:2a:28:08:55:da:63:07:d2:
                    a1:b4:75:ab:b7:60:48:f2:f0:be:02:79:3b:63:c6:
                    2e:2e:8f:6e:02:3b:6c:41:85:0b:6e:29:14:3c:83:
                    7a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:84:52:3C:39:32:E2:D1:98:04:62:34:B9:62:E0:DC:51:AB:F5:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/640a5e-ed52-47b0-bcff-bdf5c780742e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/640a5e-ed52-47b0-bcff-bdf5c780742e/1/O4RSPDky4tGYBGI0uWLg3FGr9YY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.204.0/22
                IPv6:
                  2a04:c6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:9a:6a:1b:15:43:5a:a3:10:96:6b:56:6d:ed:ad:23:14:dc:
         76:c7:e5:d1:c7:1e:96:d1:d9:12:de:af:09:97:f6:f5:36:7d:
         6e:a2:b0:ca:08:d0:f1:b2:12:fb:84:83:d7:9e:d1:86:06:16:
         86:1b:66:b2:3b:b8:40:41:d5:9f:69:07:7d:5d:bf:34:07:d9:
         bb:fc:0c:cb:51:55:df:aa:c6:97:94:74:f7:72:ad:96:a5:1f:
         96:ba:f8:90:e5:72:07:a0:6a:43:62:ab:43:42:63:0b:5f:96:
         8e:cf:bb:ab:72:1f:49:28:7e:a9:4c:d9:e5:03:3f:5f:bd:67:
         8f:f8:f8:ae:a6:4a:2d:b0:44:c9:75:74:e4:cc:fc:a9:b5:a6:
         b2:9f:5a:26:56:a8:25:48:4d:ee:5b:ef:28:64:b0:98:c5:30:
         25:60:d8:4d:64:63:17:2e:99:8c:f3:57:8c:b1:5a:a5:7d:05:
         14:ea:db:9b:4d:f3:e2:7e:f7:da:3e:a3:9a:83:a3:60:f1:cb:
         d7:d9:85:3b:a6:6b:92:fd:5e:65:63:82:ed:b3:74:8e:47:b6:
         86:88:9d:62:a0:62:7d:7c:ac:0d:a7:9a:d8:50:28:5a:57:0b:
         18:9e:87:98:3f:07:41:4a:d6:f6:71:7a:86:6e:5b:ba:05:04:
         c8:df:1c:65
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQoJD+jAeKX1Gdq8S7LQX8eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTc1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg0NTIzYzM5MzJlMmQxOTgwNDYyMzRiOTYyZTBkYzUxYWJmNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyi/9GIhHE+C5xzlu89mlJ0JBrnsc
submbNFihkg/PaaFx/g1fJ2sY6XU4gmX0a/fxDRa465zg73DeOudtM3sFkA870D1
ZNCd7UN3qba3z/pN3o38ORsA3yvOSa4IRZ5Ex8uZ8IwlHwODSPolT3Fikn3KNo7d
3c5utjtOrN2sfgfxIn/4PhpRKiVx2Gofl/fY3Gi1v7JwfXwP3KKfvea5KM1h/7l+
HSMIncaMZmMstZGNkJA28kTMMcizzp1c2RExNs/TaEKYskjlxGDMHcW3lA4IVj89
UX7bKigIVdpjB9KhtHWrt2BI8vC+Ank7Y8YuLo9uAjtsQYULbikUPIN67wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDuEUjw5MuLRmARiNLli4NxRq/WGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M3LzY0MGE1
ZS1lZDUyLTQ3YjAtYmNmZi1iZGY1Yzc4MDc0MmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzcvNjQwYTVl
LWVkNTItNDdiMC1iY2ZmLWJkZjVjNzgwNzQyZS8xL080UlNQRGt5NHRHWUJHSTB1
V0xnM0ZHcjlZWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCucnMMA0EAgACMAcDBQMqBMbAMA0GCSqGSIb3
DQEBCwUAA4IBAQCammobFUNaoxCWa1Zt7a0jFNx2x+XRxx6W0dkS3q8Jl/b1Nn1u
orDKCNDxshL7hIPXntGGBhaGG2ayO7hAQdWfaQd9Xb80B9m7/AzLUVXfqsaXlHT3
cq2WpR+WuviQ5XIHoGpDYqtDQmMLX5aOz7urch9JKH6pTNnlAz9fvWeP+Piupkot
sETJdXTkzPyptaayn1omVqglSE3uW+8oZLCYxTAlYNhNZGMXLpmM81eMsVqlfQUU
6tubTfPifvfaPqOag6Ng8cvX2YU7pmuS/V5lY4Lts3SOR7aGiJ1ioGJ9fKwNp5rY
UChaVwsYnoeYPwdBStb2cXqGblu6BQTI3xxl
-----END CERTIFICATE-----