Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OJwTxrPB3GsiFQNaZC8e-5sA3fU.cer
File:                     OJwTxrPB3GsiFQNaZC8e-5sA3fU.cer (raw, json)
Hash identifier:          MLtYIvqGKe7DgIHKAhkLs10cT6FwDGgdu5zLMpwEafA=
Subject key identifier:   38:9C:13:C6:B3:C1:DC:6B:22:15:03:5A:64:2F:1E:FB:9B:00:DD:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01904E0B6B05B1795EC180C6774288984116
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/OJwTxrPB3GsiFQNaZC8e-5sA3fU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 25 Jun 2024 06:18:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 206125
                          IP: 2001:67c:ecc::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4e:0b:6b:05:b1:79:5e:c1:80:c6:77:42:88:98:41:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 25 06:18:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=389c13c6b3c1dc6b2215035a642f1efb9b00ddf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:30:19:08:53:f9:53:d1:20:43:be:3f:21:59:
                    12:11:6d:88:53:30:46:82:58:95:74:9b:aa:0e:2c:
                    92:4e:7a:17:b3:e3:c5:00:c1:17:6a:f6:a1:43:5f:
                    b0:be:d3:f1:9f:d3:2c:ad:8d:af:a4:4e:6d:d0:0e:
                    47:37:c0:2c:24:cd:ad:1d:97:af:a2:79:f2:9c:13:
                    fa:2b:9d:b8:6f:3e:d7:40:62:49:01:eb:5a:b0:77:
                    67:0f:ef:f5:b1:90:fd:57:30:26:9f:9e:00:72:2e:
                    a5:c9:3b:5f:9c:b5:9a:f1:2c:de:2d:0d:1a:34:63:
                    8c:6b:50:ee:20:3f:6e:50:26:e0:4a:38:21:c7:48:
                    cc:4e:65:18:9c:a2:c3:b5:b2:8d:ef:52:af:34:3e:
                    59:29:35:83:31:9b:87:2d:a6:f2:8a:cd:c0:8e:5c:
                    f1:77:86:49:f9:34:09:ab:0b:33:8e:bb:d4:41:bf:
                    28:33:56:2e:15:df:b4:44:d2:b8:68:fb:f4:ee:19:
                    9b:ef:f5:09:84:1c:a1:b8:92:88:65:2c:43:cd:d2:
                    d6:b5:c7:92:33:40:5e:cb:df:cd:0a:d5:4e:47:dc:
                    fe:36:c3:fc:0a:7f:27:c5:ea:01:c7:f1:15:c4:c0:
                    ea:8a:f4:b8:1d:22:08:73:88:de:e8:34:d9:e1:af:
                    6d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:9C:13:C6:B3:C1:DC:6B:22:15:03:5A:64:2F:1E:FB:9B:00:DD:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/OJwTxrPB3GsiFQNaZC8e-5sA3fU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ecc::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206125

    Signature Algorithm: sha256WithRSAEncryption
         aa:47:2f:32:a5:56:a4:a2:85:a7:42:4d:29:d4:a2:b5:2d:a8:
         7b:93:d1:45:bc:e8:22:ef:14:79:44:ce:6a:9c:74:43:d4:d2:
         12:73:23:a3:84:08:11:72:d6:87:a9:18:56:c4:d3:a7:8a:87:
         a5:cf:d0:e1:d1:2c:6e:e5:d4:6c:1b:71:c5:c9:23:f6:62:61:
         c9:62:fb:77:04:63:71:9c:7d:ae:d3:88:38:c2:62:28:94:ef:
         e4:05:7b:50:56:c1:91:37:c4:d8:f0:fc:52:81:e8:e1:c0:31:
         c1:d7:22:04:be:a5:00:a7:e1:64:58:95:68:4d:61:37:fe:66:
         79:4f:b0:e1:a6:4b:35:13:15:16:4c:0f:ee:b0:04:8c:e9:e4:
         f1:27:58:d7:14:66:5e:c7:14:51:da:16:80:45:42:42:eb:7b:
         62:ab:fc:72:52:39:82:41:1e:78:44:26:2e:d9:39:17:27:f6:
         c3:b2:cb:77:c6:ab:70:cd:6d:bf:ec:2e:05:7e:aa:ab:43:02:
         a6:14:9d:01:58:02:8e:be:f5:e6:74:e9:48:94:8b:02:b1:2a:
         be:eb:b0:30:bf:c4:6a:bb:ca:78:60:62:24:34:f3:1e:84:5f:
         61:05:d1:94:09:53:96:b7:d2:07:13:3e:29:32:73:53:54:08:
         73:18:26:14
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZBOC2sFsXlewYDGd0KImEEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjI1MDYxODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODljMTNjNmIzYzFkYzZiMjIxNTAzNWE2NDJmMWVmYjliMDBkZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8DAZCFP5U9EgQ74/IVkSEW2IUzBG
gliVdJuqDiySTnoXs+PFAMEXavahQ1+wvtPxn9MsrY2vpE5t0A5HN8AsJM2tHZev
onnynBP6K524bz7XQGJJAetasHdnD+/1sZD9VzAmn54Aci6lyTtfnLWa8SzeLQ0a
NGOMa1DuID9uUCbgSjghx0jMTmUYnKLDtbKN71KvND5ZKTWDMZuHLabyis3Ajlzx
d4ZJ+TQJqwszjrvUQb8oM1YuFd+0RNK4aPv07hmb7/UJhByhuJKIZSxDzdLWtceS
M0Bey9/NCtVOR9z+NsP8Cn8nxeoBx/EVxMDqivS4HSIIc4je6DTZ4a9t3wIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFDicE8azwdxrIhUDWmQvHvubAN31MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJkLzgwZWIy
MS1hZjIwLTQ4ZWItYTJkYy02MjEwZWFiMDViNzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvODBlYjIx
LWFmMjAtNDhlYi1hMmRjLTYyMTBlYWIwNWI3MC8xL09Kd1R4clBCM0dzaUZRTmFa
QzhlLTVzQTNmVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA7MMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMlLTANBgkqhkiG9w0BAQsFAAOCAQEAqkcvMqVWpKKFp0JNKdSitS2oe5PR
RbzoIu8UeUTOapx0Q9TSEnMjo4QIEXLWh6kYVsTTp4qHpc/Q4dEsbuXUbBtxxckj
9mJhyWL7dwRjcZx9rtOIOMJiKJTv5AV7UFbBkTfE2PD8UoHo4cAxwdciBL6lAKfh
ZFiVaE1hN/5meU+w4aZLNRMVFkwP7rAEjOnk8SdY1xRmXscUUdoWgEVCQut7Yqv8
clI5gkEeeEQmLtk5Fyf2w7LLd8arcM1tv+wuBX6qq0MCphSdAVgCjr715nTpSJSL
ArEqvuuwML/EarvKeGBiJDTzHoRfYQXRlAlTlrfSBxM+KTJzU1QIcxgmFA==
-----END CERTIFICATE-----