Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OJwTxrPB3GsiFQNaZC8e-5sA3fU.cer
File:                     OJwTxrPB3GsiFQNaZC8e-5sA3fU.cer (raw, json)
Hash identifier:          k8ZcX7kSQEhw+yi9AhfNC3uwe78uPGqWiy2Q5+NS62Y=
Subject key identifier:   38:9C:13:C6:B3:C1:DC:6B:22:15:03:5A:64:2F:1E:FB:9B:00:DD:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F8D1B373A10D678ADBD03773190B2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/OJwTxrPB3GsiFQNaZC8e-5sA3fU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:30:03 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 206125

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8d:1b:37:3a:10:d6:78:ad:bd:03:77:31:90:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=389c13c6b3c1dc6b2215035a642f1efb9b00ddf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:30:19:08:53:f9:53:d1:20:43:be:3f:21:59:
                    12:11:6d:88:53:30:46:82:58:95:74:9b:aa:0e:2c:
                    92:4e:7a:17:b3:e3:c5:00:c1:17:6a:f6:a1:43:5f:
                    b0:be:d3:f1:9f:d3:2c:ad:8d:af:a4:4e:6d:d0:0e:
                    47:37:c0:2c:24:cd:ad:1d:97:af:a2:79:f2:9c:13:
                    fa:2b:9d:b8:6f:3e:d7:40:62:49:01:eb:5a:b0:77:
                    67:0f:ef:f5:b1:90:fd:57:30:26:9f:9e:00:72:2e:
                    a5:c9:3b:5f:9c:b5:9a:f1:2c:de:2d:0d:1a:34:63:
                    8c:6b:50:ee:20:3f:6e:50:26:e0:4a:38:21:c7:48:
                    cc:4e:65:18:9c:a2:c3:b5:b2:8d:ef:52:af:34:3e:
                    59:29:35:83:31:9b:87:2d:a6:f2:8a:cd:c0:8e:5c:
                    f1:77:86:49:f9:34:09:ab:0b:33:8e:bb:d4:41:bf:
                    28:33:56:2e:15:df:b4:44:d2:b8:68:fb:f4:ee:19:
                    9b:ef:f5:09:84:1c:a1:b8:92:88:65:2c:43:cd:d2:
                    d6:b5:c7:92:33:40:5e:cb:df:cd:0a:d5:4e:47:dc:
                    fe:36:c3:fc:0a:7f:27:c5:ea:01:c7:f1:15:c4:c0:
                    ea:8a:f4:b8:1d:22:08:73:88:de:e8:34:d9:e1:af:
                    6d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:9C:13:C6:B3:C1:DC:6B:22:15:03:5A:64:2F:1E:FB:9B:00:DD:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/OJwTxrPB3GsiFQNaZC8e-5sA3fU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206125

    Signature Algorithm: sha256WithRSAEncryption
         53:fa:6d:7f:94:f5:6c:be:0b:95:ee:db:65:26:e5:2a:49:12:
         79:0c:e6:72:ab:d6:43:dc:a5:f6:af:38:ef:99:02:1e:92:11:
         88:9e:cd:91:7d:8b:f8:19:78:a7:bc:91:86:f9:d7:1f:83:66:
         12:9f:74:fc:73:ea:de:8c:ed:66:9b:ee:85:4c:6c:42:f0:ec:
         7f:bd:e7:00:89:72:25:bc:5a:27:82:7f:10:24:22:1f:d0:9d:
         3a:cb:5f:e0:93:d5:57:ba:bd:22:2a:10:dc:d5:d8:c8:b0:ec:
         55:3a:4a:0b:dd:93:cc:f5:94:3b:02:b8:be:29:0e:f5:16:7a:
         a0:87:78:ba:cc:97:f8:97:0f:fa:8b:ed:0f:32:a3:85:bb:b7:
         d9:27:d4:1a:4d:e3:95:1e:1c:24:f9:99:f2:6c:21:70:cf:82:
         f0:10:86:89:d1:6e:73:7a:6d:cd:80:34:81:8c:7c:bb:39:80:
         89:e0:36:26:b4:c8:6b:c2:f0:d8:08:68:3f:e0:e5:69:12:f0:
         d7:53:c2:73:bc:6d:fc:ae:82:17:93:ca:38:45:25:94:d5:dd:
         94:58:f2:51:99:5e:46:13:ff:4d:8f:f3:9d:44:46:2a:51:59:
         12:91:8b:3b:57:11:0c:5b:61:f8:04:cd:29:71:5d:bf:e3:f5:
         f2:1a:79:9d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIb40bNzoQ1nitvQN3MZCyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODljMTNjNmIzYzFkYzZiMjIxNTAzNWE2NDJmMWVmYjliMDBkZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8DAZCFP5U9EgQ74/IVkSEW2IUzBG
gliVdJuqDiySTnoXs+PFAMEXavahQ1+wvtPxn9MsrY2vpE5t0A5HN8AsJM2tHZev
onnynBP6K524bz7XQGJJAetasHdnD+/1sZD9VzAmn54Aci6lyTtfnLWa8SzeLQ0a
NGOMa1DuID9uUCbgSjghx0jMTmUYnKLDtbKN71KvND5ZKTWDMZuHLabyis3Ajlzx
d4ZJ+TQJqwszjrvUQb8oM1YuFd+0RNK4aPv07hmb7/UJhByhuJKIZSxDzdLWtceS
M0Bey9/NCtVOR9z+NsP8Cn8nxeoBx/EVxMDqivS4HSIIc4je6DTZ4a9t3wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDicE8azwdxrIhUDWmQvHvubAN31MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJkLzgwZWIy
MS1hZjIwLTQ4ZWItYTJkYy02MjEwZWFiMDViNzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvODBlYjIx
LWFmMjAtNDhlYi1hMmRjLTYyMTBlYWIwNWI3MC8xL09Kd1R4clBCM0dzaUZRTmFa
QzhlLTVzQTNmVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMlLTANBgkqhkiG9w0BAQsFAAOCAQEAU/ptf5T1bL4L
le7bZSblKkkSeQzmcqvWQ9yl9q8475kCHpIRiJ7NkX2L+Bl4p7yRhvnXH4NmEp90
/HPq3oztZpvuhUxsQvDsf73nAIlyJbxaJ4J/ECQiH9CdOstf4JPVV7q9IioQ3NXY
yLDsVTpKC92TzPWUOwK4vikO9RZ6oId4usyX+JcP+ovtDzKjhbu32SfUGk3jlR4c
JPmZ8mwhcM+C8BCGidFuc3ptzYA0gYx8uzmAieA2JrTIa8Lw2AhoP+DlaRLw11PC
c7xt/K6CF5PKOEUllNXdlFjyUZleRhP/TY/znURGKlFZEpGLO1cRDFth+ATNKXFd
v+P18hp5nQ==
-----END CERTIFICATE-----