Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OGq5cL-2lHWX6XzvuRbsdqDFaFg.cer
File:                     OGq5cL-2lHWX6XzvuRbsdqDFaFg.cer (raw, json)
Hash identifier:          C2oXWleeAUNgO5dJZ4tk6tcveCvRhfg+vz9iSIdSaIo=
Subject key identifier:   38:6A:B9:70:BF:B6:94:75:97:E9:7C:EF:B9:16:EC:76:A0:C5:68:58
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BB1FC80E4C8546E1B97D3D65480CD2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/OGq5cL-2lHWX6XzvuRbsdqDFaFg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:32:12 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 206725
                          IP: 2001:678:134::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:1f:c8:0e:4c:85:46:e1:b9:7d:3d:65:48:0c:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=386ab970bfb6947597e97cefb916ec76a0c56858
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:70:a9:a5:f9:b8:b2:59:02:6e:30:82:ab:31:
                    9d:21:f5:4f:5d:43:5a:f2:34:fb:ba:60:38:cc:6c:
                    6c:16:04:bb:9f:86:07:9d:eb:cd:cc:6d:4a:f3:75:
                    e7:2e:0b:79:e2:89:17:f1:ce:b0:c7:f3:3a:7f:d9:
                    39:10:87:24:7f:e9:6f:04:a6:42:53:75:3b:cf:4b:
                    f8:a6:02:d4:58:f6:8d:58:af:ab:9b:3a:20:38:d9:
                    64:95:ba:31:45:0c:b8:91:96:8b:e3:2b:9a:4a:cf:
                    15:0f:6a:fe:8e:11:10:ca:7f:ba:7e:dc:ed:a4:0d:
                    76:ce:ba:74:35:3a:51:57:82:87:51:99:62:5f:2d:
                    20:cd:e1:1c:67:8a:87:f3:d6:c6:10:01:e6:8b:a9:
                    82:50:a2:8d:0b:5c:01:fd:31:00:86:7c:41:a9:9c:
                    90:dc:ba:cb:78:46:11:73:cf:c3:90:10:df:dc:5e:
                    0d:cc:95:96:0d:c5:40:ee:f4:61:48:ae:ab:21:a9:
                    d1:d9:f5:c4:e8:e1:d0:58:8b:6e:b7:8d:27:81:32:
                    b0:c2:6e:f8:d8:47:44:dd:83:fc:cd:8e:ca:ce:1f:
                    08:f8:ee:ef:7e:01:3f:a1:97:b0:97:d3:42:98:86:
                    56:76:95:20:65:d8:b5:ff:ed:4b:e1:ac:52:c7:56:
                    a0:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6A:B9:70:BF:B6:94:75:97:E9:7C:EF:B9:16:EC:76:A0:C5:68:58
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/OGq5cL-2lHWX6XzvuRbsdqDFaFg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:134::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206725

    Signature Algorithm: sha256WithRSAEncryption
         11:e5:c3:47:49:2a:20:86:8d:59:0c:65:92:d8:33:f5:59:10:
         8d:d1:58:04:68:48:b1:06:ad:31:97:25:e2:f9:6d:ab:c2:94:
         9c:1c:56:0b:8b:65:5e:5e:27:ee:30:7e:bd:22:6b:70:2d:25:
         e8:64:90:2c:42:84:6b:e6:b1:c4:5f:68:18:f6:f8:2b:f3:e4:
         76:c3:80:42:b4:02:fe:25:e8:b9:b9:10:03:ee:5f:ac:58:10:
         03:24:10:75:b3:c4:e7:ac:23:4f:29:14:c5:41:dc:23:ef:95:
         23:84:2c:1b:90:c3:f2:ae:b6:c5:d9:3f:24:b4:97:db:c2:90:
         77:ff:d8:79:dd:5f:d3:2b:a3:34:0f:d8:d3:de:23:0a:f6:e8:
         94:13:1a:b9:b8:dc:f3:53:bf:02:1f:23:47:81:1c:45:04:e6:
         00:f4:5a:ab:d5:b6:1c:ae:ea:06:83:09:6b:d9:84:fc:03:e7:
         85:6c:a5:41:cf:32:c2:f0:0a:bd:e5:78:10:74:d2:51:0c:9b:
         9c:e8:d9:ed:78:ca:a5:2f:8c:3e:ba:4a:e1:4c:d4:53:3d:50:
         c6:65:ce:b4:d6:5c:10:ab:07:01:40:24:8c:5a:a8:4f:b1:41:
         27:d7:3f:d1:59:db:aa:28:4b:9e:54:5c:46:fe:44:a5:9b:33:
         26:bf:09:14
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzJux/IDkyFRuG5fT1lSAzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZhYjk3MGJmYjY5NDc1OTdlOTdjZWZiOTE2ZWM3NmEwYzU2ODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43Cppfm4slkCbjCCqzGdIfVPXUNa
8jT7umA4zGxsFgS7n4YHnevNzG1K83XnLgt54okX8c6wx/M6f9k5EIckf+lvBKZC
U3U7z0v4pgLUWPaNWK+rmzogONlklboxRQy4kZaL4yuaSs8VD2r+jhEQyn+6ftzt
pA12zrp0NTpRV4KHUZliXy0gzeEcZ4qH89bGEAHmi6mCUKKNC1wB/TEAhnxBqZyQ
3LrLeEYRc8/DkBDf3F4NzJWWDcVA7vRhSK6rIanR2fXE6OHQWItut40ngTKwwm74
2EdE3YP8zY7Kzh8I+O7vfgE/oZewl9NCmIZWdpUgZdi1/+1L4axSx1ag/QIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFDhquXC/tpR1l+l877kW7HagxWhYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JkLzQxZmRh
OS05NzAyLTQ1OGQtOTgyZi04ZDExMjU3ZDRhZjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmQvNDFmZGE5
LTk3MDItNDU4ZC05ODJmLThkMTEyNTdkNGFmNi8xL09HcTVjTC0ybEhXWDZYenZ1
UmJzZHFERmFGZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAE0MBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMnhTANBgkqhkiG9w0BAQsFAAOCAQEAEeXDR0kqIIaNWQxlktgz9VkQjdFY
BGhIsQatMZcl4vltq8KUnBxWC4tlXl4n7jB+vSJrcC0l6GSQLEKEa+axxF9oGPb4
K/PkdsOAQrQC/iXoubkQA+5frFgQAyQQdbPE56wjTykUxUHcI++VI4QsG5DD8q62
xdk/JLSX28KQd//Yed1f0yujNA/Y094jCvbolBMaubjc81O/Ah8jR4EcRQTmAPRa
q9W2HK7qBoMJa9mE/APnhWylQc8ywvAKveV4EHTSUQybnOjZ7XjKpS+MPrpK4UzU
Uz1QxmXOtNZcEKsHAUAkjFqoT7FBJ9c/0VnbqihLnlRcRv5EpZszJr8JFA==
-----END CERTIFICATE-----