Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OPdGuBrsAONrm8t6CGQqZOkT2ls.cer
File:                     OPdGuBrsAONrm8t6CGQqZOkT2ls.cer (raw, json)
Hash identifier:          BjZIt01nWzomqIGQZcqobYwMnAqMCw2xWoXrV4v6Ejc=
Subject key identifier:   38:F7:46:B8:1A:EC:00:E3:6B:9B:CB:7A:08:64:2A:64:E9:13:DA:5B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D679199E20CE1A7F1DBCCA0A0B0F4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/OPdGuBrsAONrm8t6CGQqZOkT2ls.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.240.241.0/24
                          IP: 2001:67c:2a50::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:67:91:99:e2:0c:e1:a7:f1:db:cc:a0:a0:b0:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38f746b81aec00e36b9bcb7a08642a64e913da5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7d:89:1a:53:e7:39:28:8d:2a:ff:48:3a:44:
                    5b:f3:8b:b9:02:e6:9f:12:eb:41:bc:71:b2:31:32:
                    93:cd:bd:71:51:31:bd:92:96:97:bf:80:b2:83:ad:
                    7e:57:04:85:90:f6:d8:bb:49:22:c1:c4:f3:ce:e0:
                    24:f5:20:e3:8b:2e:20:13:81:ec:dd:e9:74:4f:b6:
                    5e:92:5f:74:1c:c2:51:ff:88:11:a4:a4:76:46:50:
                    7d:39:bd:85:f1:d3:ad:9c:e5:77:bc:4c:aa:b2:ca:
                    ca:bd:25:60:a5:32:e0:52:8c:21:95:f2:a9:9a:7a:
                    02:29:f4:ec:e0:fd:8f:3a:31:7b:98:bc:e9:de:10:
                    bc:bd:d4:b8:3c:ba:ef:de:ce:20:ac:39:dc:5f:d7:
                    3e:f1:f6:78:a2:59:ab:2a:03:ac:d6:d1:c3:8b:21:
                    33:be:37:66:0a:e8:b8:4a:ca:a9:21:e8:9d:d0:1d:
                    00:9e:7e:56:0c:4a:9e:10:35:54:45:03:22:24:52:
                    3b:26:c4:e6:e6:8b:2a:c7:4f:49:88:69:78:e6:78:
                    95:e2:7d:2a:23:0d:5b:93:9c:d9:52:ca:97:58:a5:
                    d6:f7:40:83:5e:76:b8:5b:94:f5:15:b2:76:11:e5:
                    c1:77:41:7a:35:8f:5c:c5:31:94:c9:c7:47:58:09:
                    72:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F7:46:B8:1A:EC:00:E3:6B:9B:CB:7A:08:64:2A:64:E9:13:DA:5B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/OPdGuBrsAONrm8t6CGQqZOkT2ls.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.241.0/24
                IPv6:
                  2001:67c:2a50::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:ce:f6:6d:95:bc:7b:d4:b8:a0:69:c2:f2:5f:ac:1f:92:9b:
         16:16:b4:1e:9d:d7:ec:49:f9:43:75:24:b0:a1:6a:80:fe:b1:
         e2:01:e6:6f:c3:d9:6d:6e:4a:86:95:07:ae:6f:73:c3:cc:9d:
         ab:ba:c3:8e:12:7c:6f:1c:d2:a2:38:27:e8:0a:85:4e:b1:19:
         3e:2c:ac:01:e7:9c:3f:20:b1:57:f0:be:67:79:52:f0:d0:c2:
         67:e5:a1:37:e7:ea:f7:55:1f:04:87:6b:f9:5b:9a:7b:38:8a:
         de:03:41:32:9a:6b:84:81:17:65:3d:e9:4b:5c:84:01:76:ab:
         fb:a8:52:b8:67:99:5f:ff:bb:8a:ff:ad:ab:8b:82:d4:9b:4f:
         9b:19:85:de:56:72:a7:56:74:9d:11:7b:89:69:45:69:39:66:
         0b:89:e6:32:7b:15:90:3a:ed:23:23:a5:62:fd:1d:7b:0a:96:
         5c:89:ac:59:18:26:22:a7:02:e7:80:a6:17:33:07:9a:17:9c:
         8a:02:86:99:4b:8e:9f:84:5a:73:c4:ca:9e:18:91:db:4c:89:
         ec:02:e6:a3:25:23:c3:c8:cc:53:33:a7:8f:27:eb:6c:81:53:
         d9:73:11:18:82:db:73:4c:10:83:4e:ac:6e:f4:51:b8:f6:25:
         55:ab:d7:03
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAYzCbWeRmeIM4afx28ygoLD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGY3NDZiODFhZWMwMGUzNmI5YmNiN2EwODY0MmE2NGU5MTNkYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwX2JGlPnOSiNKv9IOkRb84u5Auaf
EutBvHGyMTKTzb1xUTG9kpaXv4Cyg61+VwSFkPbYu0kiwcTzzuAk9SDjiy4gE4Hs
3el0T7Zekl90HMJR/4gRpKR2RlB9Ob2F8dOtnOV3vEyqssrKvSVgpTLgUowhlfKp
mnoCKfTs4P2POjF7mLzp3hC8vdS4PLrv3s4grDncX9c+8fZ4olmrKgOs1tHDiyEz
vjdmCui4SsqpIeid0B0Ann5WDEqeEDVURQMiJFI7JsTm5osqx09JiGl45niV4n0q
Iw1bk5zZUsqXWKXW90CDXna4W5T1FbJ2EeXBd0F6NY9cxTGUycdHWAlyeQIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFDj3Rrga7ADja5vLeghkKmTpE9pbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZhL2Y0ZGM3
Ni1kY2QyLTQ3NWItOWU2OC1jMjIzOTVjZTFiZTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmEvZjRkYzc2
LWRjZDItNDc1Yi05ZTY4LWMyMjM5NWNlMWJlNC8xL09QZEd1QnJzQU9Ocm04dDZD
R1FxWk9rVDJscy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAW/DxMA8EAgACMAkDBwAgAQZ8KlAwDQYJKoZI
hvcNAQELBQADggEBAFLO9m2VvHvUuKBpwvJfrB+SmxYWtB6d1+xJ+UN1JLChaoD+
seIB5m/D2W1uSoaVB65vc8PMnau6w44SfG8c0qI4J+gKhU6xGT4srAHnnD8gsVfw
vmd5UvDQwmfloTfn6vdVHwSHa/lbmns4it4DQTKaa4SBF2U96UtchAF2q/uoUrhn
mV//u4r/rauLgtSbT5sZhd5WcqdWdJ0Re4lpRWk5ZguJ5jJ7FZA67SMjpWL9HXsK
llyJrFkYJiKnAueAphczB5oXnIoChplLjp+EWnPEyp4YkdtMiewC5qMlI8PIzFMz
p48n62yBU9lzERiC23NMEINOrG70Ubj2JVWr1wM=
-----END CERTIFICATE-----