Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OcRJQj3D0WymMkQ8hOz9LFiabqM.cer
File:                     OcRJQj3D0WymMkQ8hOz9LFiabqM.cer (raw, json)
Hash identifier:          68H7YA2NYc7RKABjA0ZLnk+/UgdJ1eqJXgZW44HD2nU=
Subject key identifier:   39:C4:49:42:3D:C3:D1:6C:A6:32:44:3C:84:EC:FD:2C:58:9A:6E:A3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01909C51AEB03BE512D8437F22416527BC7F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a0/c792e9-db95-4fc7-897a-9a69775fc5d7/1/OcRJQj3D0WymMkQ8hOz9LFiabqM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a0/c792e9-db95-4fc7-897a-9a69775fc5d7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 10 Jul 2024 11:05:17 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212514

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:51:ae:b0:3b:e5:12:d8:43:7f:22:41:65:27:bc:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 10 11:05:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39c449423dc3d16ca632443c84ecfd2c589a6ea3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0d:67:36:8b:ee:0b:ac:c1:cd:1b:5a:d4:ba:
                    01:b8:f6:29:91:67:b5:d4:69:d2:6d:97:a2:26:7a:
                    49:e8:8d:44:96:fe:11:d3:64:d6:c4:73:e5:19:59:
                    e3:14:aa:fd:8c:3a:77:f2:24:f2:d6:67:5e:42:96:
                    99:cc:74:83:5b:7e:9a:65:a4:91:d1:73:96:4d:78:
                    6b:c5:6f:d4:c1:37:e2:76:af:1b:d3:37:1a:d5:f7:
                    55:ed:d6:38:ea:0a:a8:43:16:6e:d6:0f:03:28:78:
                    12:63:53:f1:68:86:c9:7e:22:66:ae:32:f0:8e:b6:
                    bf:e6:03:65:a4:60:4c:08:1d:61:f5:81:13:80:ec:
                    6a:bd:87:8a:07:b7:96:3b:69:c9:2e:f8:6b:bc:5f:
                    84:87:7e:d5:21:19:6c:7e:eb:ed:9a:d1:be:ee:79:
                    2d:6e:49:2f:82:44:20:cd:26:02:df:d1:65:71:cd:
                    c6:0f:97:e5:ee:ed:29:5e:0b:3f:e9:30:29:9d:16:
                    59:cb:4e:49:3e:1b:4b:24:30:09:71:8a:f2:6c:27:
                    26:c7:ab:71:6b:7a:01:2c:48:d2:45:1e:0a:82:2a:
                    0d:f1:76:f3:b5:9c:cf:c6:aa:04:ed:e6:1f:63:3b:
                    00:5d:29:d7:8b:ad:8d:73:00:62:38:9e:a2:72:64:
                    40:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C4:49:42:3D:C3:D1:6C:A6:32:44:3C:84:EC:FD:2C:58:9A:6E:A3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c792e9-db95-4fc7-897a-9a69775fc5d7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c792e9-db95-4fc7-897a-9a69775fc5d7/1/OcRJQj3D0WymMkQ8hOz9LFiabqM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212514

    Signature Algorithm: sha256WithRSAEncryption
         3a:4b:6b:9f:ad:6f:09:9d:42:8c:54:a2:bb:f3:d0:45:84:62:
         41:42:2c:2a:9a:00:b8:25:3f:40:85:41:e7:bd:de:36:38:8b:
         f2:82:4b:e6:a2:c1:5e:d7:b2:5a:49:c5:87:83:3d:6d:b0:61:
         fd:72:16:c4:25:ef:d1:01:34:a8:17:05:df:72:1c:4d:7b:2a:
         d8:bc:03:65:7f:4b:ea:b6:dd:a7:ef:f3:9c:81:a0:3f:59:f2:
         e9:43:66:f5:f7:31:8c:60:aa:23:00:61:6b:72:44:ae:4b:11:
         fa:ef:94:47:3c:8e:6f:70:b3:10:e8:67:a8:72:10:e4:aa:ae:
         37:e7:9f:e1:da:d9:69:cc:3b:ff:e9:85:45:89:3d:7e:47:88:
         3d:56:39:dd:46:1b:ad:88:13:35:4a:29:1f:97:af:44:17:4f:
         df:91:f7:8a:d6:c6:be:65:64:21:a9:f3:d9:9a:60:c6:df:70:
         85:a4:62:81:d9:aa:5c:2f:d9:b7:fa:28:b2:d7:f1:d7:40:b4:
         50:7c:f0:9d:3e:c9:c8:dc:98:6b:54:37:e4:b1:e4:69:3f:f1:
         5f:3b:2b:89:6b:fc:34:11:05:76:1f:80:31:ab:e1:d5:0b:59:
         fe:98:bf:92:9f:59:ac:fd:b0:e0:42:aa:43:8c:8b:f1:59:45:
         57:aa:b1:91
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZCcUa6wO+US2EN/IkFlJ7x/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzEwMTEwNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM0NDk0MjNkYzNkMTZjYTYzMjQ0M2M4NGVjZmQyYzU4OWE2ZWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2g1nNovuC6zBzRta1LoBuPYpkWe1
1GnSbZeiJnpJ6I1Elv4R02TWxHPlGVnjFKr9jDp38iTy1mdeQpaZzHSDW36aZaSR
0XOWTXhrxW/UwTfidq8b0zca1fdV7dY46gqoQxZu1g8DKHgSY1PxaIbJfiJmrjLw
jra/5gNlpGBMCB1h9YETgOxqvYeKB7eWO2nJLvhrvF+Eh37VIRlsfuvtmtG+7nkt
bkkvgkQgzSYC39Flcc3GD5fl7u0pXgs/6TApnRZZy05JPhtLJDAJcYrybCcmx6tx
a3oBLEjSRR4KgioN8XbztZzPxqoE7eYfYzsAXSnXi62NcwBiOJ6icmRABQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDnESUI9w9FspjJEPITs/SxYmm6jMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EwL2M3OTJl
OS1kYjk1LTRmYzctODk3YS05YTY5Nzc1ZmM1ZDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvYzc5MmU5
LWRiOTUtNGZjNy04OTdhLTlhNjk3NzVmYzVkNy8xL09jUkpRajNEMFd5bU1rUTho
T3o5TEZpYWJxTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM+IjANBgkqhkiG9w0BAQsFAAOCAQEAOktrn61vCZ1C
jFSiu/PQRYRiQUIsKpoAuCU/QIVB573eNjiL8oJL5qLBXteyWknFh4M9bbBh/XIW
xCXv0QE0qBcF33IcTXsq2LwDZX9L6rbdp+/znIGgP1ny6UNm9fcxjGCqIwBha3JE
rksR+u+URzyOb3CzEOhnqHIQ5KquN+ef4drZacw7/+mFRYk9fkeIPVY53UYbrYgT
NUopH5evRBdP35H3itbGvmVkIanz2Zpgxt9whaRigdmqXC/Zt/oostfx10C0UHzw
nT7JyNyYa1Q35LHkaT/xXzsriWv8NBEFdh+AMavh1QtZ/pi/kp9ZrP2w4EKqQ4yL
8VlFV6qxkQ==
-----END CERTIFICATE-----