Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OJbZ85IBpJ-hNpWC4Y8aK7llsoM.cer
File:                     OJbZ85IBpJ-hNpWC4Y8aK7llsoM.cer (raw, json)
Hash identifier:          +0eMIUx1FRGm2mCV9EdpdaSdhs6kUM0ocVAsuxpjuCg=
Subject key identifier:   38:96:D9:F3:92:01:A4:9F:A1:36:95:82:E1:8F:1A:2B:B9:65:B2:83
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2BC57D99BBB7ADAB6BE1098616925C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/OJbZ85IBpJ-hNpWC4Y8aK7llsoM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:35:15 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2a13:ef00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c5:7d:99:bb:b7:ad:ab:6b:e1:09:86:16:92:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3896d9f39201a49fa1369582e18f1a2bb965b283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ca:d0:f6:5c:40:8e:c8:2f:93:3b:80:ce:ef:
                    58:4d:78:72:4c:d8:19:ab:be:14:5d:86:79:11:08:
                    6c:f4:94:fc:91:45:b3:48:60:f8:59:58:fe:c8:eb:
                    c3:2b:62:bf:f7:1a:cc:18:4e:24:bf:fc:8f:67:fc:
                    31:ed:7a:a1:13:04:4b:16:d4:56:f5:46:19:c1:ec:
                    eb:6b:0b:a8:4c:4c:0c:a2:f2:ed:f4:b3:1d:01:91:
                    cd:1b:48:4b:bc:52:0e:b9:f9:42:10:fd:59:f9:28:
                    47:9e:8d:3c:9b:b0:76:cc:88:3e:4a:51:d8:21:62:
                    76:40:0b:99:4a:59:72:6e:a1:c0:93:27:52:fd:2d:
                    83:ff:7f:39:5b:16:2f:ab:52:c2:77:9e:c1:42:67:
                    4a:b0:b9:64:9e:af:2d:7e:ae:fd:52:df:0b:8b:73:
                    7b:50:ac:74:c8:ae:70:f4:bd:f4:24:7e:f3:bd:98:
                    51:e4:d7:43:1a:8d:d4:75:ce:3c:f2:06:3c:10:11:
                    b0:70:b0:1d:62:97:ad:8e:ff:17:2f:5f:c6:7d:ab:
                    ed:ab:e9:37:7e:24:5d:2c:5d:04:90:25:90:36:1f:
                    8b:c6:d3:ce:87:06:af:4a:7b:a6:dc:87:cd:df:76:
                    e5:22:9f:88:42:cc:80:3a:71:d8:d9:f6:fd:db:91:
                    8a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:96:D9:F3:92:01:A4:9F:A1:36:95:82:E1:8F:1A:2B:B9:65:B2:83
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/784601-0461-4753-8a52-e80a05e39f4b/1/OJbZ85IBpJ-hNpWC4Y8aK7llsoM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ef00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:79:5d:a7:1d:31:a3:c6:b4:b1:ce:06:a7:2b:c3:f1:5d:69:
         7b:7d:2d:8a:75:65:5e:bf:0a:59:4a:06:48:89:b9:dd:ab:e1:
         17:d0:01:01:ac:9b:83:2b:82:1f:25:0f:ad:5b:bd:fd:04:db:
         e4:c8:55:01:b5:25:f3:cf:f5:12:0e:9e:ae:8f:ef:40:d3:d8:
         0a:01:c5:23:fa:23:43:23:b2:f0:b1:98:7b:49:de:5b:0e:04:
         9c:bc:7d:8d:09:7d:91:a4:97:93:a9:75:6f:ed:ea:15:ed:43:
         ab:59:cc:26:55:a0:91:6e:b0:8c:1d:57:9f:28:b5:11:1d:c4:
         25:34:63:f4:64:2c:84:dd:c8:9c:b1:ca:46:05:4d:ef:87:39:
         62:07:fe:c6:d6:81:9e:6d:9d:1f:4e:f7:83:ff:85:ee:e0:a6:
         41:e7:66:ec:7f:0a:15:71:f7:bd:14:79:06:89:ad:b8:39:2d:
         f8:f3:cd:c0:ac:6c:a1:24:5e:57:18:bc:e3:b3:0d:3e:dc:4e:
         58:2f:09:98:d6:4c:ad:a2:a9:4e:7c:84:af:63:06:09:10:b9:
         12:01:af:a1:ee:bc:75:7a:de:30:81:ec:a3:c4:00:b9:f2:ab:
         34:f5:a5:fb:6f:ca:9b:c0:0e:0a:44:7f:99:9d:5a:85:16:54:
         6a:82:a3:55
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYzKK8V9mbu3ratr4QmGFpJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODk2ZDlmMzkyMDFhNDlmYTEzNjk1ODJlMThmMWEyYmI5NjViMjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MrQ9lxAjsgvkzuAzu9YTXhyTNgZ
q74UXYZ5EQhs9JT8kUWzSGD4WVj+yOvDK2K/9xrMGE4kv/yPZ/wx7XqhEwRLFtRW
9UYZwezrawuoTEwMovLt9LMdAZHNG0hLvFIOuflCEP1Z+ShHno08m7B2zIg+SlHY
IWJ2QAuZSllybqHAkydS/S2D/385WxYvq1LCd57BQmdKsLlknq8tfq79Ut8Li3N7
UKx0yK5w9L30JH7zvZhR5NdDGo3Udc488gY8EBGwcLAdYpetjv8XL1/Gfavtq+k3
fiRdLF0EkCWQNh+LxtPOhwavSnum3IfN33blIp+IQsyAOnHY2fb925GKXQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFDiW2fOSAaSfoTaVguGPGiu5ZbKDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE3Lzc4NDYw
MS0wNDYxLTQ3NTMtOGE1Mi1lODBhMDVlMzlmNGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcvNzg0NjAx
LTA0NjEtNDc1My04YTUyLWU4MGEwNWUzOWY0Yi8xL09KYlo4NUlCcEotaE5wV0M0
WThhSzdsbHNvTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhPvADANBgkqhkiG9w0BAQsFAAOCAQEArHld
px0xo8a0sc4GpyvD8V1pe30tinVlXr8KWUoGSIm53avhF9ABAaybgyuCHyUPrVu9
/QTb5MhVAbUl88/1Eg6ero/vQNPYCgHFI/ojQyOy8LGYe0neWw4EnLx9jQl9kaSX
k6l1b+3qFe1Dq1nMJlWgkW6wjB1Xnyi1ER3EJTRj9GQshN3InLHKRgVN74c5Ygf+
xtaBnm2dH073g/+F7uCmQedm7H8KFXH3vRR5BomtuDkt+PPNwKxsoSReVxi847MN
PtxOWC8JmNZMraKpTnyEr2MGCRC5EgGvoe68dXreMIHso8QAufKrNPWl+2/Km8AO
CkR/mZ1ahRZUaoKjVQ==
-----END CERTIFICATE-----