Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OJbZ85IBpJ-hNpWC4Y8aK7llsoM.cer
File:                     OJbZ85IBpJ-hNpWC4Y8aK7llsoM.cer (raw, json)
Hash identifier:          Q/fAyjFFa2kPVkW9xTeUgUX/TtlZTqb0WIV6glE+ezQ=
Subject key identifier:   38:96:D9:F3:92:01:A4:9F:A1:36:95:82:E1:8F:1A:2B:B9:65:B2:83
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425216B712F6128B05C3B0368E5641D18
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/OJbZ85IBpJ-hNpWC4Y8aK7llsoM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:48:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.24.109.0/24
                          IP: 2a13:ef00::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:05:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6b:71:2f:61:28:b0:5c:3b:03:68:e5:64:1d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3896d9f39201a49fa1369582e18f1a2bb965b283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ca:d0:f6:5c:40:8e:c8:2f:93:3b:80:ce:ef:
                    58:4d:78:72:4c:d8:19:ab:be:14:5d:86:79:11:08:
                    6c:f4:94:fc:91:45:b3:48:60:f8:59:58:fe:c8:eb:
                    c3:2b:62:bf:f7:1a:cc:18:4e:24:bf:fc:8f:67:fc:
                    31:ed:7a:a1:13:04:4b:16:d4:56:f5:46:19:c1:ec:
                    eb:6b:0b:a8:4c:4c:0c:a2:f2:ed:f4:b3:1d:01:91:
                    cd:1b:48:4b:bc:52:0e:b9:f9:42:10:fd:59:f9:28:
                    47:9e:8d:3c:9b:b0:76:cc:88:3e:4a:51:d8:21:62:
                    76:40:0b:99:4a:59:72:6e:a1:c0:93:27:52:fd:2d:
                    83:ff:7f:39:5b:16:2f:ab:52:c2:77:9e:c1:42:67:
                    4a:b0:b9:64:9e:af:2d:7e:ae:fd:52:df:0b:8b:73:
                    7b:50:ac:74:c8:ae:70:f4:bd:f4:24:7e:f3:bd:98:
                    51:e4:d7:43:1a:8d:d4:75:ce:3c:f2:06:3c:10:11:
                    b0:70:b0:1d:62:97:ad:8e:ff:17:2f:5f:c6:7d:ab:
                    ed:ab:e9:37:7e:24:5d:2c:5d:04:90:25:90:36:1f:
                    8b:c6:d3:ce:87:06:af:4a:7b:a6:dc:87:cd:df:76:
                    e5:22:9f:88:42:cc:80:3a:71:d8:d9:f6:fd:db:91:
                    8a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:96:D9:F3:92:01:A4:9F:A1:36:95:82:E1:8F:1A:2B:B9:65:B2:83
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/OJbZ85IBpJ-hNpWC4Y8aK7llsoM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.109.0/24
                IPv6:
                  2a13:ef00::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:8d:51:c7:5d:f1:af:53:f3:bd:65:9c:8e:b6:2d:e4:55:9c:
         84:15:8d:83:6e:51:b9:07:d7:cd:b1:3e:cd:36:22:15:9b:2d:
         ce:50:f7:db:54:aa:d8:8c:66:c9:51:f6:90:18:0b:54:da:52:
         e5:f7:b0:e3:c7:da:36:e2:7b:e6:7c:b8:39:67:27:59:12:10:
         be:fb:7f:1f:e8:99:fc:1b:77:dd:7a:39:17:9c:14:0e:18:7c:
         56:d4:5c:ef:7a:ac:e2:1a:47:41:74:16:12:94:6e:43:f2:82:
         c6:50:46:fd:b5:3f:8e:7a:7e:c3:ee:d2:0d:17:56:08:c9:d9:
         21:01:97:ef:ee:61:9e:79:8b:3d:eb:5f:34:ee:78:08:78:6d:
         a3:09:98:1e:e0:75:43:e5:1e:fc:6a:1f:f0:02:32:70:b3:d1:
         0e:89:aa:17:07:99:9b:a9:2f:56:78:79:ff:a5:2b:06:b4:9c:
         2a:5c:ff:c7:6d:b5:5b:a5:81:e7:c5:28:bb:56:b5:32:f8:8e:
         eb:d6:0b:ea:d3:d0:65:18:5f:04:26:9d:3c:89:98:41:13:5c:
         77:ae:08:7c:a6:80:99:4a:3d:3e:69:a3:2a:c0:2f:d1:07:6b:
         8e:74:c4:f7:27:7b:43:14:74:be:5d:82:b5:89:30:a0:9e:dd:
         1a:4b:96:da
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQlIWtxL2EosFw7A2jlZB0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODk2ZDlmMzkyMDFhNDlmYTEzNjk1ODJlMThmMWEyYmI5NjViMjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MrQ9lxAjsgvkzuAzu9YTXhyTNgZ
q74UXYZ5EQhs9JT8kUWzSGD4WVj+yOvDK2K/9xrMGE4kv/yPZ/wx7XqhEwRLFtRW
9UYZwezrawuoTEwMovLt9LMdAZHNG0hLvFIOuflCEP1Z+ShHno08m7B2zIg+SlHY
IWJ2QAuZSllybqHAkydS/S2D/385WxYvq1LCd57BQmdKsLlknq8tfq79Ut8Li3N7
UKx0yK5w9L30JH7zvZhR5NdDGo3Udc488gY8EBGwcLAdYpetjv8XL1/Gfavtq+k3
fiRdLF0EkCWQNh+LxtPOhwavSnum3IfN33blIp+IQsyAOnHY2fb925GKXQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDiW2fOSAaSfoTaVguGPGiu5ZbKDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE3Lzc4NDYw
MS0wNDYxLTQ3NTMtOGE1Mi1lODBhMDVlMzlmNGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcvNzg0NjAx
LTA0NjEtNDc1My04YTUyLWU4MGEwNWUzOWY0Yi8xL09KYlo4NUlCcEotaE5wV0M0
WThhSzdsbHNvTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAwRhtMA0EAgACMAcDBQMqE+8AMA0GCSqGSIb3
DQEBCwUAA4IBAQACjVHHXfGvU/O9ZZyOti3kVZyEFY2DblG5B9fNsT7NNiIVmy3O
UPfbVKrYjGbJUfaQGAtU2lLl97Djx9o24nvmfLg5ZydZEhC++38f6Jn8G3fdejkX
nBQOGHxW1FzveqziGkdBdBYSlG5D8oLGUEb9tT+Oen7D7tINF1YIydkhAZfv7mGe
eYs961807ngIeG2jCZge4HVD5R78ah/wAjJws9EOiaoXB5mbqS9WeHn/pSsGtJwq
XP/HbbVbpYHnxSi7VrUy+I7r1gvq09BlGF8EJp08iZhBE1x3rgh8poCZSj0+aaMq
wC/RB2uOdMT3J3tDFHS+XYK1iTCgnt0aS5ba
-----END CERTIFICATE-----