Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer
File:                     OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer (raw, json)
Hash identifier:          6W3Mt09KY1OdzImyQZ3xtP5o82mVE4JQsj2J8Vbfow4=
Subject key identifier:   38:08:30:44:FB:6C:43:BF:FA:D5:FD:54:B0:7D:2C:C7:C0:0D:1B:D3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94AA78B1DB7154102056832BBA0B4E9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:29:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 94.101.99.0/24
                          IP: 2a13:b8c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:a7:8b:1d:b7:15:41:02:05:68:32:bb:a0:b4:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38083044fb6c43bffad5fd54b07d2cc7c00d1bd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:76:4f:50:20:36:f2:54:dd:c0:35:29:8d:18:
                    33:8a:20:25:27:1b:1f:b5:23:44:4d:f1:23:9d:ed:
                    d4:7a:69:69:56:30:16:78:c3:5a:38:a1:ba:9e:89:
                    22:fb:8d:e5:9c:15:6a:55:2f:37:da:02:9f:98:62:
                    9e:13:5d:5f:7d:1d:45:e6:14:c5:d6:88:88:a1:ed:
                    4e:4a:b1:46:ea:34:02:a5:16:42:47:37:8f:a3:8e:
                    25:51:05:99:e9:1b:cc:85:0b:29:64:98:6c:e5:d8:
                    bb:7b:0c:65:7e:99:60:8c:e6:9b:f8:ff:2c:4b:5a:
                    78:8c:14:17:80:d6:be:7f:7d:34:7f:8d:a9:2b:cd:
                    7f:22:25:e7:bb:50:fa:b8:c3:01:cc:89:7c:43:82:
                    64:e0:c7:79:ba:eb:30:36:42:cb:5b:d9:90:f8:e4:
                    ba:a4:80:a0:b4:1d:4d:81:f6:95:3f:bd:bf:e0:40:
                    88:1c:d4:31:6b:0c:76:31:ed:b2:72:dc:2f:d3:cb:
                    ef:3d:6e:da:74:fa:3c:a9:29:4a:6f:13:25:b8:29:
                    28:72:7f:31:83:fe:cb:1b:e8:18:10:c0:92:5b:4b:
                    2a:e4:cc:54:ec:57:7b:86:d4:19:95:97:f9:5f:51:
                    ea:b4:95:dd:ed:d8:37:99:d1:49:a1:b6:59:ea:5f:
                    df:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:08:30:44:FB:6C:43:BF:FA:D5:FD:54:B0:7D:2C:C7:C0:0D:1B:D3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.99.0/24
                IPv6:
                  2a13:b8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:05:c5:91:9c:ea:a8:21:a2:b5:64:5f:2a:d8:04:c0:70:de:
         9b:0a:06:43:b0:2e:b6:4a:ec:27:df:0b:0d:34:67:61:9a:95:
         4e:8c:83:e2:6f:a2:02:b0:7e:d3:90:6f:fe:66:9e:fc:2e:39:
         2f:8d:df:53:5f:87:b3:be:32:69:f6:35:b2:b8:96:01:25:b4:
         a7:2c:5d:ec:99:88:7d:fd:5d:f2:c0:84:45:e8:57:3f:9b:89:
         d4:66:3a:ab:75:b2:34:25:b2:bf:15:92:87:9f:d1:82:28:a9:
         6e:55:b6:b9:df:ab:f5:39:34:24:9b:e0:8f:3f:28:9e:03:bc:
         72:c3:d0:3b:ec:f3:4a:56:cc:26:14:8e:de:3c:b5:60:1d:ba:
         f4:30:2b:f3:2c:ae:76:2c:6e:07:0a:f1:62:1a:01:dc:00:dd:
         44:1c:6b:8e:0a:a3:fe:45:69:66:fe:f1:15:23:ca:e1:aa:93:
         2e:17:38:8c:51:d3:4d:bb:4b:4e:77:ac:32:25:ad:2a:7e:c8:
         82:c1:bc:54:3f:32:79:44:25:fa:83:be:e5:60:75:3a:00:31:
         01:30:e4:17:6a:25:d0:d9:4d:6b:90:94:4d:ac:f5:00:07:85:
         d3:11:7e:36:d1:11:42:2d:08:15:aa:b3:51:3c:4e:76:ff:b6:
         27:d4:53:5f
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzJSqeLHbcVQQIFaDK7oLTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODA4MzA0NGZiNmM0M2JmZmFkNWZkNTRiMDdkMmNjN2MwMGQxYmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznZPUCA28lTdwDUpjRgziiAlJxsf
tSNETfEjne3UemlpVjAWeMNaOKG6noki+43lnBVqVS832gKfmGKeE11ffR1F5hTF
1oiIoe1OSrFG6jQCpRZCRzePo44lUQWZ6RvMhQspZJhs5di7ewxlfplgjOab+P8s
S1p4jBQXgNa+f300f42pK81/IiXnu1D6uMMBzIl8Q4Jk4Md5uuswNkLLW9mQ+OS6
pICgtB1NgfaVP72/4ECIHNQxawx2Me2yctwv08vvPW7adPo8qSlKbxMluCkocn8x
g/7LG+gYEMCSW0sq5MxU7Fd7htQZlZf5X1HqtJXd7dg3mdFJobZZ6l/fTQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDgIMET7bEO/+tX9VLB9LMfADRvTMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhkLzk0YTZi
OC0zOWQzLTRmNzktYWUyNS1hOTU1MTFiYTRkNDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGQvOTRhNmI4
LTM5ZDMtNGY3OS1hZTI1LWE5NTUxMWJhNGQ0Ni8xL09BZ3dSUHRzUTdfNjFmMVVz
SDBzeDhBTkc5TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAXmVjMA0EAgACMAcDBQMqE7jAMA0GCSqGSIb3
DQEBCwUAA4IBAQBoBcWRnOqoIaK1ZF8q2ATAcN6bCgZDsC62Suwn3wsNNGdhmpVO
jIPib6ICsH7TkG/+Zp78Ljkvjd9TX4ezvjJp9jWyuJYBJbSnLF3smYh9/V3ywIRF
6Fc/m4nUZjqrdbI0JbK/FZKHn9GCKKluVba536v1OTQkm+CPPyieA7xyw9A77PNK
VswmFI7ePLVgHbr0MCvzLK52LG4HCvFiGgHcAN1EHGuOCqP+RWlm/vEVI8rhqpMu
FziMUdNNu0tOd6wyJa0qfsiCwbxUPzJ5RCX6g77lYHU6ADEBMOQXaiXQ2U1rkJRN
rPUAB4XTEX420RFCLQgVqrNRPE52/7Yn1FNf
-----END CERTIFICATE-----