Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OcUbkTH248JZr53Qrb9U9xokmO8.cer
File:                     OcUbkTH248JZr53Qrb9U9xokmO8.cer (raw, json)
Hash identifier:          YhegOINZbzifibrOuHXs8zB7LWgj3C6JhNAd4yLPrWw=
Subject key identifier:   39:C5:1B:91:31:F6:E3:C2:59:AF:9D:D0:AD:BF:54:F7:1A:24:98:EF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019107C5D528E2A523DDC365DBAA5089F9E1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/OcUbkTH248JZr53Qrb9U9xokmO8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 31 Jul 2024 07:51:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2.56.156.0/22
                          IP: 2a09:c6c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:07:c5:d5:28:e2:a5:23:dd:c3:65:db:aa:50:89:f9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 31 07:51:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39c51b9131f6e3c259af9dd0adbf54f71a2498ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8b:66:8e:c5:19:9f:4e:69:18:92:7a:3a:dc:
                    f6:e6:4e:69:31:55:f5:9f:48:05:9a:9d:37:bd:10:
                    e8:09:95:73:3f:9e:61:65:f8:ca:f3:70:02:ed:3f:
                    a3:9a:25:73:4e:98:07:15:33:0e:01:7c:8a:be:93:
                    ec:93:92:4c:30:9e:d8:94:0f:a6:53:48:72:22:56:
                    96:41:90:01:f5:ac:51:17:35:4e:66:7e:6b:0c:5f:
                    41:26:f9:a6:de:67:7f:16:85:dc:09:e1:76:3a:6a:
                    7c:ce:ba:66:c3:af:19:a6:9d:73:49:3a:92:40:bc:
                    b8:3c:c2:8f:03:04:b4:c6:b2:62:68:d1:8b:de:17:
                    7f:7b:1b:80:5f:c7:19:19:0c:19:bd:f3:d7:92:a2:
                    d0:7d:d2:9a:fa:aa:89:7f:2d:a7:71:b6:bd:83:2d:
                    1c:ae:a0:39:7b:65:b9:4c:b4:34:31:f1:8d:b0:b4:
                    1d:db:29:8f:0e:4e:70:3e:fc:6d:95:52:bc:27:33:
                    18:f5:96:65:6b:75:f1:f6:37:e6:3a:e5:de:a5:63:
                    ef:11:0b:a4:15:e3:82:3c:75:2b:10:01:1c:f3:e8:
                    80:46:52:41:d5:5b:02:74:2b:20:83:c7:cc:61:3c:
                    b1:f8:c0:b9:d5:d0:10:ff:10:7b:90:ba:84:a2:52:
                    7c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C5:1B:91:31:F6:E3:C2:59:AF:9D:D0:AD:BF:54:F7:1A:24:98:EF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/OcUbkTH248JZr53Qrb9U9xokmO8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.156.0/22
                IPv6:
                  2a09:c6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:8f:b1:5a:db:e2:d1:de:18:8b:98:95:f2:c4:76:52:e7:1a:
         01:34:24:dd:2f:4d:90:9d:c7:f4:b2:53:ff:0d:e5:a6:b4:7d:
         e8:d9:66:71:8f:35:70:64:18:dc:de:40:cb:0b:97:61:bc:f9:
         2f:0b:d5:49:b4:75:9c:44:b7:79:eb:c9:21:af:f0:81:a8:bc:
         ea:a4:2a:a3:a7:6e:8b:f0:4e:0e:b1:04:74:a1:05:da:20:13:
         15:2c:9b:02:3b:e5:3a:ea:47:8b:30:14:7a:23:35:4f:c5:7c:
         d6:fc:f3:f5:e2:0c:3d:e5:a0:c7:76:0a:84:54:ed:6a:ce:15:
         02:07:1b:34:60:38:1e:98:e9:e2:38:ac:92:1a:df:d8:29:83:
         01:74:df:4b:a0:75:9e:99:79:d0:b4:a2:cd:e7:b2:aa:89:f9:
         07:f5:79:9a:cb:11:b9:80:40:ff:23:a5:56:79:7b:66:45:5c:
         4e:7d:77:2d:ca:bd:f5:1c:73:01:57:c2:91:b1:b3:ca:1c:f9:
         a4:c2:96:c6:b3:4d:05:fa:9d:51:d5:df:8c:22:3b:fa:f1:28:
         d7:69:c5:7a:6a:a2:4d:3d:7d:fd:af:17:59:d3:df:03:fb:40:
         f4:cb:cb:92:a6:8c:db:e4:4f:d9:54:7e:14:bd:18:4d:3a:f9:
         81:a0:d8:90
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZEHxdUo4qUj3cNl26pQifnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzMxMDc1MTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM1MWI5MTMxZjZlM2MyNTlhZjlkZDBhZGJmNTRmNzFhMjQ5OGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYtmjsUZn05pGJJ6Otz25k5pMVX1
n0gFmp03vRDoCZVzP55hZfjK83AC7T+jmiVzTpgHFTMOAXyKvpPsk5JMMJ7YlA+m
U0hyIlaWQZAB9axRFzVOZn5rDF9BJvmm3md/FoXcCeF2Omp8zrpmw68Zpp1zSTqS
QLy4PMKPAwS0xrJiaNGL3hd/exuAX8cZGQwZvfPXkqLQfdKa+qqJfy2ncba9gy0c
rqA5e2W5TLQ0MfGNsLQd2ymPDk5wPvxtlVK8JzMY9ZZla3Xx9jfmOuXepWPvEQuk
FeOCPHUrEAEc8+iARlJB1VsCdCsgg8fMYTyx+MC51dAQ/xB7kLqEolJ8AQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDnFG5Ex9uPCWa+d0K2/VPcaJJjvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZkLzNhMDhj
My1lZGIwLTQ3NWQtYjg3MC03MzBjNGQ0NzJhOGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQvM2EwOGMz
LWVkYjAtNDc1ZC1iODcwLTczMGM0ZDQ3MmE4YS8xL09jVWJrVEgyNDhKWnI1M1Fy
YjlVOXhva21POC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCAjicMA0EAgACMAcDBQMqCcbAMA0GCSqGSIb3
DQEBCwUAA4IBAQBzj7Fa2+LR3hiLmJXyxHZS5xoBNCTdL02Qncf0slP/DeWmtH3o
2WZxjzVwZBjc3kDLC5dhvPkvC9VJtHWcRLd568khr/CBqLzqpCqjp26L8E4OsQR0
oQXaIBMVLJsCO+U66keLMBR6IzVPxXzW/PP14gw95aDHdgqEVO1qzhUCBxs0YDge
mOniOKySGt/YKYMBdN9LoHWemXnQtKLN57KqifkH9XmayxG5gED/I6VWeXtmRVxO
fXctyr31HHMBV8KRsbPKHPmkwpbGs00F+p1R1d+MIjv68SjXacV6aqJNPX39rxdZ
098D+0D0y8uSpozb5E/ZVH4UvRhNOvmBoNiQ
-----END CERTIFICATE-----