Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OLoLnQ8fZ0sTl8_Opt1GgMg1Gvk.cer
File:                     OLoLnQ8fZ0sTl8_Opt1GgMg1Gvk.cer (raw, json)
Hash identifier:          2kORb2Zj8Q4uYrlAl0qfXTypnqpcwtpoZov3Dr4sZpY=
Subject key identifier:   38:BA:0B:9D:0F:1F:67:4B:13:97:CF:CE:A6:DD:46:80:C8:35:1A:F9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01945FE626F43678B2028F8F7F5AF7924739
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/71/959dad-90c8-40b6-8740-2eedae0fa788/1/OLoLnQ8fZ0sTl8_Opt1GgMg1Gvk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/71/959dad-90c8-40b6-8740-2eedae0fa788/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 13 Jan 2025 13:41:46 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 176.103.113.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:e6:26:f4:36:78:b2:02:8f:8f:7f:5a:f7:92:47:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 13 13:41:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38ba0b9d0f1f674b1397cfcea6dd4680c8351af9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:84:6c:5b:98:f3:03:a1:34:ce:ac:2b:cc:23:
                    f6:37:d0:4a:85:74:61:1d:64:53:11:c1:b6:bf:48:
                    9f:52:38:d2:66:39:49:9a:25:25:15:c3:03:11:f9:
                    e7:b6:3f:cd:c1:36:c1:d3:c1:90:92:50:a7:f6:c9:
                    5c:0d:30:02:2d:fa:7e:57:af:3f:4d:60:03:14:75:
                    b3:9c:c1:63:2f:5a:b4:6a:bd:63:19:24:84:14:cc:
                    08:c8:e8:e2:13:e0:5a:76:93:b9:ef:32:f7:41:3d:
                    2e:32:45:04:6d:72:ce:4c:a8:77:0e:7b:c7:6b:00:
                    1d:68:3f:79:5c:b9:35:04:56:56:01:d2:7e:2e:f7:
                    7f:c1:05:b2:7b:0a:0c:35:e7:75:a1:75:86:86:fb:
                    1d:f8:fd:9c:c4:ae:2a:d1:dc:dc:3f:6b:f3:14:8e:
                    ca:67:46:7e:2a:15:9c:32:c3:30:f2:87:46:a4:04:
                    1d:bc:8b:ca:47:96:ab:52:64:9d:ed:c0:bf:f1:18:
                    ba:12:48:1a:bd:bc:0a:87:cb:b9:c2:5c:83:a5:8f:
                    65:f9:2f:18:75:67:eb:90:57:f7:2a:00:5c:d3:0b:
                    99:65:bf:a4:42:60:bf:15:8e:84:f2:3e:79:43:42:
                    10:d8:73:d1:d6:e9:5d:63:a7:b4:4a:b8:bd:a4:eb:
                    0d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:BA:0B:9D:0F:1F:67:4B:13:97:CF:CE:A6:DD:46:80:C8:35:1A:F9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/959dad-90c8-40b6-8740-2eedae0fa788/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/959dad-90c8-40b6-8740-2eedae0fa788/1/OLoLnQ8fZ0sTl8_Opt1GgMg1Gvk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:ec:0b:d3:f8:ac:88:80:a0:1c:b3:76:fe:d7:dd:19:80:43:
         5d:16:f3:3a:eb:f1:34:ba:55:8e:57:80:9d:32:dc:27:5b:e1:
         b5:6d:87:16:b9:3a:ba:4a:c3:9d:9a:5d:de:62:a6:e1:d2:6f:
         2b:b3:fa:c3:46:b6:9a:34:75:10:3e:06:4f:9b:de:30:f4:d4:
         a4:83:e5:ff:c0:98:6a:22:44:df:9e:cc:02:9b:74:26:ff:4d:
         12:f8:8c:f4:d2:47:9d:d8:29:ce:30:7f:79:b0:06:a5:4d:bd:
         09:5e:c6:fc:fc:e1:5c:9c:26:8a:88:02:84:4a:cc:9c:c9:4f:
         48:25:83:10:57:d5:be:71:c2:88:5e:2b:6a:50:1a:ba:ac:c5:
         0e:14:31:d7:dd:59:60:68:2f:e5:df:72:e3:2c:a9:1c:61:46:
         8b:fc:43:5a:be:d5:ff:b3:28:4a:a2:00:5c:d1:c0:65:94:7f:
         6a:bc:94:2f:ce:06:07:dc:b1:c3:54:3c:62:21:4d:0b:2e:69:
         c3:af:d7:b8:b0:cf:89:08:99:67:18:0d:bc:ca:4b:94:2e:5d:
         6b:db:1e:59:b5:d4:84:34:ae:60:da:1a:c5:06:54:2b:20:ab:
         16:d3:25:eb:4d:2c:1f:ad:11:57:01:dc:a7:ef:ac:df:0c:0a:
         ee:cb:96:05
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZRf5ib0NniyAo+Pf1r3kkc5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTEzMTM0MTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGJhMGI5ZDBmMWY2NzRiMTM5N2NmY2VhNmRkNDY4MGM4MzUxYWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoRsW5jzA6E0zqwrzCP2N9BKhXRh
HWRTEcG2v0ifUjjSZjlJmiUlFcMDEfnntj/NwTbB08GQklCn9slcDTACLfp+V68/
TWADFHWznMFjL1q0ar1jGSSEFMwIyOjiE+BadpO57zL3QT0uMkUEbXLOTKh3DnvH
awAdaD95XLk1BFZWAdJ+Lvd/wQWyewoMNed1oXWGhvsd+P2cxK4q0dzcP2vzFI7K
Z0Z+KhWcMsMw8odGpAQdvIvKR5arUmSd7cC/8Ri6EkgavbwKh8u5wlyDpY9l+S8Y
dWfrkFf3KgBc0wuZZb+kQmC/FY6E8j55Q0IQ2HPR1uldY6e0Sri9pOsNLQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFDi6C50PH2dLE5fPzqbdRoDINRr5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcxLzk1OWRh
ZC05MGM4LTQwYjYtODc0MC0yZWVkYWUwZmE3ODgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzEvOTU5ZGFk
LTkwYzgtNDBiNi04NzQwLTJlZWRhZTBmYTc4OC8xL09Mb0xuUThmWjBzVGw4X09w
dDFHZ01nMUd2ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAsGdxMA0GCSqGSIb3DQEBCwUAA4IBAQCu7AvT
+KyIgKAcs3b+190ZgENdFvM66/E0ulWOV4CdMtwnW+G1bYcWuTq6SsOdml3eYqbh
0m8rs/rDRraaNHUQPgZPm94w9NSkg+X/wJhqIkTfnswCm3Qm/00S+Iz00ked2CnO
MH95sAalTb0JXsb8/OFcnCaKiAKESsycyU9IJYMQV9W+ccKIXitqUBq6rMUOFDHX
3VlgaC/l33LjLKkcYUaL/ENavtX/syhKogBc0cBllH9qvJQvzgYH3LHDVDxiIU0L
LmnDr9e4sM+JCJlnGA28ykuULl1r2x5ZtdSENK5g2hrFBlQrIKsW0yXrTSwfrRFX
Adyn76zfDAruy5YF
-----END CERTIFICATE-----