Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/O4RSPDky4tGYBGI0uWLg3FGr9YY.cer
File:                     O4RSPDky4tGYBGI0uWLg3FGr9YY.cer (raw, json)
Hash identifier:          JntZfgoSzIcPB0/lnCwuX2YlFkXkpYK2Hn7sN4mx1E0=
Subject key identifier:   3B:84:52:3C:39:32:E2:D1:98:04:62:34:B9:62:E0:DC:51:AB:F5:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAFB5789B2714F1C5EAC64152FD46B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c7/640a5e-ed52-47b0-bcff-bdf5c780742e/1/O4RSPDky4tGYBGI0uWLg3FGr9YY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c7/640a5e-ed52-47b0-bcff-bdf5c780742e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:40 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.201.204.0/22
                          IP: 2a04:c6c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fb:57:89:b2:71:4f:1c:5e:ac:64:15:2f:d4:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b84523c3932e2d198046234b962e0dc51abf586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2f:fd:18:88:47:13:e0:b9:c7:39:6e:f3:d9:
                    a5:27:42:41:ae:7b:1c:b2:e6:e6:6c:d1:62:86:48:
                    3f:3d:a6:85:c7:f8:35:7c:9d:ac:63:a5:d4:e2:09:
                    97:d1:af:df:c4:34:5a:e3:ae:73:83:bd:c3:78:eb:
                    9d:b4:cd:ec:16:40:3c:ef:40:f5:64:d0:9d:ed:43:
                    77:a9:b6:b7:cf:fa:4d:de:8d:fc:39:1b:00:df:2b:
                    ce:49:ae:08:45:9e:44:c7:cb:99:f0:8c:25:1f:03:
                    83:48:fa:25:4f:71:62:92:7d:ca:36:8e:dd:dd:ce:
                    6e:b6:3b:4e:ac:dd:ac:7e:07:f1:22:7f:f8:3e:1a:
                    51:2a:25:71:d8:6a:1f:97:f7:d8:dc:68:b5:bf:b2:
                    70:7d:7c:0f:dc:a2:9f:bd:e6:b9:28:cd:61:ff:b9:
                    7e:1d:23:08:9d:c6:8c:66:63:2c:b5:91:8d:90:90:
                    36:f2:44:cc:31:c8:b3:ce:9d:5c:d9:11:31:36:cf:
                    d3:68:42:98:b2:48:e5:c4:60:cc:1d:c5:b7:94:0e:
                    08:56:3f:3d:51:7e:db:2a:28:08:55:da:63:07:d2:
                    a1:b4:75:ab:b7:60:48:f2:f0:be:02:79:3b:63:c6:
                    2e:2e:8f:6e:02:3b:6c:41:85:0b:6e:29:14:3c:83:
                    7a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:84:52:3C:39:32:E2:D1:98:04:62:34:B9:62:E0:DC:51:AB:F5:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/640a5e-ed52-47b0-bcff-bdf5c780742e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/640a5e-ed52-47b0-bcff-bdf5c780742e/1/O4RSPDky4tGYBGI0uWLg3FGr9YY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.204.0/22
                IPv6:
                  2a04:c6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:fd:c1:28:05:28:cf:fb:69:06:69:89:9d:91:c7:a8:bc:28:
         04:00:70:ca:d9:57:ef:a0:03:d1:c8:db:49:1f:e1:6b:71:e3:
         6a:6a:b4:40:2b:01:15:34:aa:6e:8a:74:75:59:8e:09:3b:81:
         27:48:88:7b:3e:f3:d0:d6:ec:6e:96:e9:35:41:29:17:7d:f6:
         f5:0d:46:8e:9b:61:b6:55:ce:98:0b:6d:83:15:5a:93:86:f7:
         fd:e1:72:22:fc:03:b8:22:64:af:cb:93:a9:84:3b:9a:90:10:
         e7:e1:3e:66:06:07:46:e7:9a:e1:2f:92:fe:db:d5:5a:50:97:
         40:56:5f:9d:08:be:2c:01:a2:16:2f:23:d9:c8:de:00:cd:a8:
         53:73:b3:58:3a:32:54:8f:62:9b:ed:7b:89:fa:17:af:96:b4:
         12:12:ac:99:ab:94:72:77:4f:17:93:b2:0a:38:9d:0f:d6:be:
         ed:66:dd:0a:86:44:00:01:4d:98:52:a7:5c:7b:7e:3d:f5:78:
         d9:bf:86:4d:84:8e:9d:2d:16:5c:51:ec:d6:eb:73:0e:ab:77:
         68:73:2c:62:3f:1e:54:7e:5c:c3:1f:e3:b1:7e:b6:ef:78:4f:
         e8:bb:37:d8:e8:29:1d:5f:56:93:08:94:34:cd:c3:d1:a0:85:
         e7:c5:bd:4b
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzC2vtXibJxTxxerGQVL9RrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg0NTIzYzM5MzJlMmQxOTgwNDYyMzRiOTYyZTBkYzUxYWJmNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyi/9GIhHE+C5xzlu89mlJ0JBrnsc
submbNFihkg/PaaFx/g1fJ2sY6XU4gmX0a/fxDRa465zg73DeOudtM3sFkA870D1
ZNCd7UN3qba3z/pN3o38ORsA3yvOSa4IRZ5Ex8uZ8IwlHwODSPolT3Fikn3KNo7d
3c5utjtOrN2sfgfxIn/4PhpRKiVx2Gofl/fY3Gi1v7JwfXwP3KKfvea5KM1h/7l+
HSMIncaMZmMstZGNkJA28kTMMcizzp1c2RExNs/TaEKYskjlxGDMHcW3lA4IVj89
UX7bKigIVdpjB9KhtHWrt2BI8vC+Ank7Y8YuLo9uAjtsQYULbikUPIN67wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDuEUjw5MuLRmARiNLli4NxRq/WGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M3LzY0MGE1
ZS1lZDUyLTQ3YjAtYmNmZi1iZGY1Yzc4MDc0MmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzcvNjQwYTVl
LWVkNTItNDdiMC1iY2ZmLWJkZjVjNzgwNzQyZS8xL080UlNQRGt5NHRHWUJHSTB1
V0xnM0ZHcjlZWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCucnMMA0EAgACMAcDBQMqBMbAMA0GCSqGSIb3
DQEBCwUAA4IBAQB1/cEoBSjP+2kGaYmdkceovCgEAHDK2VfvoAPRyNtJH+FrceNq
arRAKwEVNKpuinR1WY4JO4EnSIh7PvPQ1uxuluk1QSkXffb1DUaOm2G2Vc6YC22D
FVqThvf94XIi/AO4ImSvy5OphDuakBDn4T5mBgdG55rhL5L+29VaUJdAVl+dCL4s
AaIWLyPZyN4AzahTc7NYOjJUj2Kb7XuJ+hevlrQSEqyZq5Ryd08Xk7IKOJ0P1r7t
Zt0KhkQAAU2YUqdce3499XjZv4ZNhI6dLRZcUezW63MOq3docyxiPx5UflzDH+Ox
frbveE/ouzfY6CkdX1aTCJQ0zcPRoIXnxb1L
-----END CERTIFICATE-----