Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OWpY9F0OyAFfoyauWP9YAzKJv50.cer
File:                     OWpY9F0OyAFfoyauWP9YAzKJv50.cer (raw, json)
Hash identifier:          qwiD9XMFoGkecS/TyKdJf6HWaSBnSGP1vkAl9npdLOA=
Subject key identifier:   39:6A:58:F4:5D:0E:C8:01:5F:A3:26:AE:58:FF:58:03:32:89:BF:9D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB02649FAFE73DD12AD69473453466
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/OWpY9F0OyAFfoyauWP9YAzKJv50.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 207564

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:02:64:9f:af:e7:3d:d1:2a:d6:94:73:45:34:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=396a58f45d0ec8015fa326ae58ff58033289bf9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:53:10:39:5b:1f:ac:57:59:54:d0:87:db:44:
                    63:f1:a1:a2:60:11:31:4c:16:58:d5:75:18:b5:86:
                    e7:24:b6:8a:31:65:63:4c:67:3e:61:ee:c0:25:13:
                    12:8b:64:a9:97:89:82:28:8c:77:ae:a8:ac:fb:0d:
                    18:9a:83:bf:f7:1b:6b:d2:f1:84:2f:bc:d8:4f:58:
                    28:ff:a0:74:45:f9:0e:56:d0:50:eb:4c:af:54:e3:
                    e8:e6:e8:dc:7a:ab:b5:a2:e6:c9:07:1a:c5:02:e4:
                    72:97:24:55:8d:24:99:02:f8:63:31:55:e0:cf:b2:
                    53:18:47:7c:fb:58:e5:07:b9:64:fc:f3:5d:b6:ab:
                    3e:bb:ac:d2:d5:f8:c9:10:cc:5b:b5:e5:87:a1:6d:
                    de:12:84:d1:bb:dc:e7:09:83:dd:a8:3c:35:58:3e:
                    1e:45:41:c7:44:2c:32:96:a5:92:7d:9f:43:c4:1e:
                    7c:c7:c5:b1:a4:5d:b0:09:45:54:a6:71:54:57:cf:
                    78:0e:ef:d3:dd:8e:9d:32:56:28:90:d2:cf:b1:c4:
                    10:d5:dc:59:a0:fe:74:93:69:60:52:27:6b:3a:dd:
                    43:f7:a5:f4:5f:8c:41:84:c0:48:53:59:81:d5:c3:
                    92:60:2d:a8:d0:47:b7:06:fe:e2:a8:06:18:44:ad:
                    64:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6A:58:F4:5D:0E:C8:01:5F:A3:26:AE:58:FF:58:03:32:89:BF:9D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/OWpY9F0OyAFfoyauWP9YAzKJv50.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207564

    Signature Algorithm: sha256WithRSAEncryption
         a9:f6:8d:3c:6b:89:b2:0f:a7:ac:69:2d:4f:4d:e4:d7:d3:3e:
         e1:f8:23:24:b9:02:10:8d:0d:23:79:24:28:e5:d6:1d:45:1b:
         64:7e:52:72:b3:a6:f5:ad:51:42:37:54:eb:80:1a:92:65:6d:
         9f:87:63:78:bb:52:8c:1a:66:5d:44:7e:37:9d:9b:44:da:6e:
         a0:e4:9c:18:42:1e:64:24:ea:51:96:fa:e5:ef:9b:26:34:ce:
         0a:6e:fd:85:12:c6:a7:cd:28:e8:e1:f4:b5:42:d1:8c:fa:bb:
         63:0b:74:51:49:2f:07:98:82:88:af:ca:a4:c4:c7:1a:1a:ff:
         10:74:f3:bd:3d:19:a4:fc:bd:f0:dd:2d:10:58:e8:19:28:6e:
         56:f0:4d:6f:a6:c3:79:43:13:cd:1d:5e:b3:37:3a:7b:7d:2b:
         31:a7:59:7c:7f:63:4e:f0:cd:e1:8a:0b:a3:ec:bb:51:0f:a3:
         67:7d:8b:59:f2:3a:97:32:75:01:b2:47:43:14:db:67:f9:8b:
         65:aa:59:a0:20:d0:af:2b:c0:99:69:19:7c:54:99:a9:81:e0:
         c4:9c:30:68:6a:30:e3:f8:00:a5:ea:12:aa:5d:27:71:e8:6a:
         b9:04:fe:df:05:49:28:2e:67:b2:7b:83:cc:4b:2c:57:b7:89:
         0f:ef:3f:9c
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzC2wJkn6/nPdEq1pRzRTRmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZhNThmNDVkMGVjODAxNWZhMzI2YWU1OGZmNTgwMzMyODliZjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFMQOVsfrFdZVNCH20Rj8aGiYBEx
TBZY1XUYtYbnJLaKMWVjTGc+Ye7AJRMSi2Spl4mCKIx3rqis+w0YmoO/9xtr0vGE
L7zYT1go/6B0RfkOVtBQ60yvVOPo5ujcequ1oubJBxrFAuRylyRVjSSZAvhjMVXg
z7JTGEd8+1jlB7lk/PNdtqs+u6zS1fjJEMxbteWHoW3eEoTRu9znCYPdqDw1WD4e
RUHHRCwylqWSfZ9DxB58x8WxpF2wCUVUpnFUV894Du/T3Y6dMlYokNLPscQQ1dxZ
oP50k2lgUidrOt1D96X0X4xBhMBIU1mB1cOSYC2o0Ee3Bv7iqAYYRK1kAQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDlqWPRdDsgBX6Mmrlj/WAMyib+dMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzLzQ5NWMz
NC05NWY5LTQ5NWUtYjFjOC00NzRmMmNmNmU2MmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvNDk1YzM0
LTk1ZjktNDk1ZS1iMWM4LTQ3NGYyY2Y2ZTYyYS8xL09XcFk5RjBPeUFGZm95YXVX
UDlZQXpLSnY1MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMqzDANBgkqhkiG9w0BAQsFAAOCAQEAqfaNPGuJsg+n
rGktT03k19M+4fgjJLkCEI0NI3kkKOXWHUUbZH5ScrOm9a1RQjdU64AakmVtn4dj
eLtSjBpmXUR+N52bRNpuoOScGEIeZCTqUZb65e+bJjTOCm79hRLGp80o6OH0tULR
jPq7Ywt0UUkvB5iCiK/KpMTHGhr/EHTzvT0ZpPy98N0tEFjoGShuVvBNb6bDeUMT
zR1eszc6e30rMadZfH9jTvDN4YoLo+y7UQ+jZ32LWfI6lzJ1AbJHQxTbZ/mLZapZ
oCDQryvAmWkZfFSZqYHgxJwwaGow4/gApeoSql0ncehquQT+3wVJKC5nsnuDzEss
V7eJD+8/nA==
-----END CERTIFICATE-----