Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OJbZ85IBpJ-hNpWC4Y8aK7llsoM.cer
File:                     OJbZ85IBpJ-hNpWC4Y8aK7llsoM.cer (raw, json)
Hash identifier:          HIT3RUQHWgXX57FR7Q8K5nJNDqwInZaIom1hGzsC1S8=
Subject key identifier:   38:96:D9:F3:92:01:A4:9F:A1:36:95:82:E1:8F:1A:2B:B9:65:B2:83
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019073630B41D3EAAFEB6113A4BF97B43BBD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/OJbZ85IBpJ-hNpWC4Y8aK7llsoM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jul 2024 12:19:49 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.24.109.0/24
                          IP: 2a13:ef00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:73:63:0b:41:d3:ea:af:eb:61:13:a4:bf:97:b4:3b:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul  2 12:19:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3896d9f39201a49fa1369582e18f1a2bb965b283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ca:d0:f6:5c:40:8e:c8:2f:93:3b:80:ce:ef:
                    58:4d:78:72:4c:d8:19:ab:be:14:5d:86:79:11:08:
                    6c:f4:94:fc:91:45:b3:48:60:f8:59:58:fe:c8:eb:
                    c3:2b:62:bf:f7:1a:cc:18:4e:24:bf:fc:8f:67:fc:
                    31:ed:7a:a1:13:04:4b:16:d4:56:f5:46:19:c1:ec:
                    eb:6b:0b:a8:4c:4c:0c:a2:f2:ed:f4:b3:1d:01:91:
                    cd:1b:48:4b:bc:52:0e:b9:f9:42:10:fd:59:f9:28:
                    47:9e:8d:3c:9b:b0:76:cc:88:3e:4a:51:d8:21:62:
                    76:40:0b:99:4a:59:72:6e:a1:c0:93:27:52:fd:2d:
                    83:ff:7f:39:5b:16:2f:ab:52:c2:77:9e:c1:42:67:
                    4a:b0:b9:64:9e:af:2d:7e:ae:fd:52:df:0b:8b:73:
                    7b:50:ac:74:c8:ae:70:f4:bd:f4:24:7e:f3:bd:98:
                    51:e4:d7:43:1a:8d:d4:75:ce:3c:f2:06:3c:10:11:
                    b0:70:b0:1d:62:97:ad:8e:ff:17:2f:5f:c6:7d:ab:
                    ed:ab:e9:37:7e:24:5d:2c:5d:04:90:25:90:36:1f:
                    8b:c6:d3:ce:87:06:af:4a:7b:a6:dc:87:cd:df:76:
                    e5:22:9f:88:42:cc:80:3a:71:d8:d9:f6:fd:db:91:
                    8a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:96:D9:F3:92:01:A4:9F:A1:36:95:82:E1:8F:1A:2B:B9:65:B2:83
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/OJbZ85IBpJ-hNpWC4Y8aK7llsoM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.109.0/24
                IPv6:
                  2a13:ef00::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:06:8a:e8:09:69:b1:76:a0:f7:5c:7d:ff:88:34:58:39:f6:
         26:9d:d3:f4:24:6d:4d:01:4e:e6:b4:f6:3b:5f:16:53:b3:5a:
         b6:09:26:89:91:ff:b8:d8:79:46:31:ef:b8:40:0f:12:cd:c8:
         62:68:93:55:5e:bd:ad:a5:07:a1:c8:18:bb:af:f3:61:2c:39:
         c7:0b:09:10:0b:be:39:7e:4c:cb:00:82:66:f7:8e:7d:57:d7:
         c0:98:1a:46:69:62:58:fb:17:59:bd:1a:be:14:8d:db:85:83:
         5e:33:f6:45:94:ef:b3:33:8a:27:30:14:b8:3a:03:82:a3:f3:
         1e:ed:5e:b8:f0:81:3b:eb:10:6a:d5:c5:6a:6d:1b:ea:98:e6:
         57:27:69:2b:5f:8d:75:c3:9e:d5:0a:63:50:43:16:5b:f8:ee:
         ea:cf:e1:cd:ef:d0:29:8f:41:6d:82:1f:e3:95:be:b9:e0:50:
         5a:e8:46:11:d4:b8:29:6a:9d:a0:5a:bd:ae:cb:a7:a5:76:f1:
         f4:84:1b:9c:50:0a:13:5d:da:12:d5:54:79:71:67:4d:4c:99:
         54:76:f0:44:da:47:7b:ee:c6:08:a2:25:6f:6e:ef:69:29:04:
         e5:81:90:d4:43:10:02:00:b6:a6:a9:ee:3a:fd:32:ed:87:3c:
         62:fe:50:e0
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZBzYwtB0+qv62ETpL+XtDu9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzAyMTIxOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODk2ZDlmMzkyMDFhNDlmYTEzNjk1ODJlMThmMWEyYmI5NjViMjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MrQ9lxAjsgvkzuAzu9YTXhyTNgZ
q74UXYZ5EQhs9JT8kUWzSGD4WVj+yOvDK2K/9xrMGE4kv/yPZ/wx7XqhEwRLFtRW
9UYZwezrawuoTEwMovLt9LMdAZHNG0hLvFIOuflCEP1Z+ShHno08m7B2zIg+SlHY
IWJ2QAuZSllybqHAkydS/S2D/385WxYvq1LCd57BQmdKsLlknq8tfq79Ut8Li3N7
UKx0yK5w9L30JH7zvZhR5NdDGo3Udc488gY8EBGwcLAdYpetjv8XL1/Gfavtq+k3
fiRdLF0EkCWQNh+LxtPOhwavSnum3IfN33blIp+IQsyAOnHY2fb925GKXQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDiW2fOSAaSfoTaVguGPGiu5ZbKDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE3Lzc4NDYw
MS0wNDYxLTQ3NTMtOGE1Mi1lODBhMDVlMzlmNGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcvNzg0NjAx
LTA0NjEtNDc1My04YTUyLWU4MGEwNWUzOWY0Yi8xL09KYlo4NUlCcEotaE5wV0M0
WThhSzdsbHNvTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAwRhtMA0EAgACMAcDBQMqE+8AMA0GCSqGSIb3
DQEBCwUAA4IBAQCkBoroCWmxdqD3XH3/iDRYOfYmndP0JG1NAU7mtPY7XxZTs1q2
CSaJkf+42HlGMe+4QA8SzchiaJNVXr2tpQehyBi7r/NhLDnHCwkQC745fkzLAIJm
9459V9fAmBpGaWJY+xdZvRq+FI3bhYNeM/ZFlO+zM4onMBS4OgOCo/Me7V648IE7
6xBq1cVqbRvqmOZXJ2krX411w57VCmNQQxZb+O7qz+HN79Apj0Ftgh/jlb654FBa
6EYR1Lgpap2gWr2uy6eldvH0hBucUAoTXdoS1VR5cWdNTJlUdvBE2kd77sYIoiVv
bu9pKQTlgZDUQxACALamqe46/TLthzxi/lDg
-----END CERTIFICATE-----