Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OGq5cL-2lHWX6XzvuRbsdqDFaFg.cer
File:                     OGq5cL-2lHWX6XzvuRbsdqDFaFg.cer (raw, json)
Hash identifier:          xLRH2l3rUlvj9TW41AvDt+NeIwQdIk79StAxjjRTyxA=
Subject key identifier:   38:6A:B9:70:BF:B6:94:75:97:E9:7C:EF:B9:16:EC:76:A0:C5:68:58
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228D8CB54641718C68B7B423BD6358B9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/OGq5cL-2lHWX6XzvuRbsdqDFaFg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 206725
                          IP: 2001:678:134::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:8c:b5:46:41:71:8c:68:b7:b4:23:bd:63:58:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=386ab970bfb6947597e97cefb916ec76a0c56858
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:70:a9:a5:f9:b8:b2:59:02:6e:30:82:ab:31:
                    9d:21:f5:4f:5d:43:5a:f2:34:fb:ba:60:38:cc:6c:
                    6c:16:04:bb:9f:86:07:9d:eb:cd:cc:6d:4a:f3:75:
                    e7:2e:0b:79:e2:89:17:f1:ce:b0:c7:f3:3a:7f:d9:
                    39:10:87:24:7f:e9:6f:04:a6:42:53:75:3b:cf:4b:
                    f8:a6:02:d4:58:f6:8d:58:af:ab:9b:3a:20:38:d9:
                    64:95:ba:31:45:0c:b8:91:96:8b:e3:2b:9a:4a:cf:
                    15:0f:6a:fe:8e:11:10:ca:7f:ba:7e:dc:ed:a4:0d:
                    76:ce:ba:74:35:3a:51:57:82:87:51:99:62:5f:2d:
                    20:cd:e1:1c:67:8a:87:f3:d6:c6:10:01:e6:8b:a9:
                    82:50:a2:8d:0b:5c:01:fd:31:00:86:7c:41:a9:9c:
                    90:dc:ba:cb:78:46:11:73:cf:c3:90:10:df:dc:5e:
                    0d:cc:95:96:0d:c5:40:ee:f4:61:48:ae:ab:21:a9:
                    d1:d9:f5:c4:e8:e1:d0:58:8b:6e:b7:8d:27:81:32:
                    b0:c2:6e:f8:d8:47:44:dd:83:fc:cd:8e:ca:ce:1f:
                    08:f8:ee:ef:7e:01:3f:a1:97:b0:97:d3:42:98:86:
                    56:76:95:20:65:d8:b5:ff:ed:4b:e1:ac:52:c7:56:
                    a0:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6A:B9:70:BF:B6:94:75:97:E9:7C:EF:B9:16:EC:76:A0:C5:68:58
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/OGq5cL-2lHWX6XzvuRbsdqDFaFg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:134::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206725

    Signature Algorithm: sha256WithRSAEncryption
         93:09:12:94:1e:38:f7:8f:81:e4:57:dd:a5:12:f9:1a:01:5b:
         fe:eb:a1:ad:d3:67:04:46:0c:96:92:81:6c:bf:e7:0b:01:bb:
         1a:08:7b:df:78:50:8d:28:6a:40:c5:82:d2:10:71:a9:eb:a6:
         56:78:1c:b3:b6:65:ea:e0:33:f9:7b:ee:f2:03:ba:b4:7f:00:
         7f:7c:41:7a:21:3e:2b:62:c7:8d:ee:cb:43:aa:fb:1e:e0:43:
         2b:8c:37:23:7c:49:05:ec:45:ed:7c:86:82:e3:a4:4d:6b:ca:
         ef:67:a9:f6:8b:36:55:99:eb:6f:93:13:a3:82:a3:99:94:bb:
         ed:c1:36:7d:1e:b1:2f:7a:6d:ec:d9:20:43:bd:ee:c5:04:b5:
         ef:54:fb:a5:34:5d:66:04:5b:f0:06:16:e8:cc:c0:42:37:2a:
         02:28:89:ac:5d:5f:3f:fd:46:b6:9c:c6:7f:fe:5d:92:94:28:
         19:fb:ea:15:64:6c:41:bc:a8:2c:20:bb:87:f4:05:1f:16:e4:
         67:25:c8:59:a1:e3:c0:c2:c0:68:5d:ae:78:f7:7b:0d:4c:a7:
         7c:39:e5:c5:2a:42:23:1d:ee:96:dd:5b:4d:1b:f1:65:74:a5:
         70:a7:a8:18:05:02:8f:2a:5c:ac:e9:c3:83:85:af:49:b9:3b:
         07:aa:d1:34
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQijYy1RkFxjGi3tCO9Y1i5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZhYjk3MGJmYjY5NDc1OTdlOTdjZWZiOTE2ZWM3NmEwYzU2ODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43Cppfm4slkCbjCCqzGdIfVPXUNa
8jT7umA4zGxsFgS7n4YHnevNzG1K83XnLgt54okX8c6wx/M6f9k5EIckf+lvBKZC
U3U7z0v4pgLUWPaNWK+rmzogONlklboxRQy4kZaL4yuaSs8VD2r+jhEQyn+6ftzt
pA12zrp0NTpRV4KHUZliXy0gzeEcZ4qH89bGEAHmi6mCUKKNC1wB/TEAhnxBqZyQ
3LrLeEYRc8/DkBDf3F4NzJWWDcVA7vRhSK6rIanR2fXE6OHQWItut40ngTKwwm74
2EdE3YP8zY7Kzh8I+O7vfgE/oZewl9NCmIZWdpUgZdi1/+1L4axSx1ag/QIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFDhquXC/tpR1l+l877kW7HagxWhYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JkLzQxZmRh
OS05NzAyLTQ1OGQtOTgyZi04ZDExMjU3ZDRhZjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmQvNDFmZGE5
LTk3MDItNDU4ZC05ODJmLThkMTEyNTdkNGFmNi8xL09HcTVjTC0ybEhXWDZYenZ1
UmJzZHFERmFGZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAE0MBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMnhTANBgkqhkiG9w0BAQsFAAOCAQEAkwkSlB4494+B5FfdpRL5GgFb/uuh
rdNnBEYMlpKBbL/nCwG7Ggh733hQjShqQMWC0hBxqeumVngcs7Zl6uAz+Xvu8gO6
tH8Af3xBeiE+K2LHje7LQ6r7HuBDK4w3I3xJBexF7XyGguOkTWvK72ep9os2VZnr
b5MTo4KjmZS77cE2fR6xL3pt7NkgQ73uxQS171T7pTRdZgRb8AYW6MzAQjcqAiiJ
rF1fP/1GtpzGf/5dkpQoGfvqFWRsQbyoLCC7h/QFHxbkZyXIWaHjwMLAaF2uePd7
DUynfDnlxSpCIx3ult1bTRvxZXSlcKeoGAUCjypcrOnDg4WvSbk7B6rRNA==
-----END CERTIFICATE-----