Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Oe6oRlUcbkGblH4NoQfuywBwQZo.cer
File:                     Oe6oRlUcbkGblH4NoQfuywBwQZo.cer (raw, json)
Hash identifier:          uBVixNTgGFmNbhBw7plFL0pynX1KlH9YiX9VmQN/W5U=
Subject key identifier:   39:EE:A8:46:55:1C:6E:41:9B:94:7E:0D:A1:07:EE:CB:00:70:41:9A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC05B9DC6D631A52C65DDECF852D30
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/Oe6oRlUcbkGblH4NoQfuywBwQZo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:40 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.229.80.0/22
                          IP: 2a0c:76c0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:05:b9:dc:6d:63:1a:52:c6:5d:de:cf:85:2d:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39eea846551c6e419b947e0da107eecb0070419a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8c:2e:34:64:77:c2:c2:46:9a:d8:39:50:8c:
                    ce:4b:bc:2b:24:b1:53:2a:22:79:4a:0b:1e:d8:fa:
                    c4:3e:ab:43:d7:79:3f:f6:49:fd:32:9e:42:05:a2:
                    bb:10:42:e2:22:06:e6:05:b0:a4:74:aa:b1:fe:be:
                    cd:96:00:51:c1:57:d3:9c:b7:39:87:0c:43:3e:b5:
                    bf:a5:6d:0f:dc:46:1d:27:af:87:46:7f:d3:47:98:
                    a3:e0:1f:d0:62:63:2b:3c:61:8a:0e:f9:59:70:6e:
                    a9:ac:7d:75:5c:f1:3f:e1:3a:ea:92:41:4c:dd:f2:
                    c5:e5:4f:1f:63:91:1e:f4:a0:de:5c:50:c5:6a:27:
                    c3:5d:17:ea:50:2c:35:39:f4:56:7c:c3:ab:d5:89:
                    a1:04:af:d6:da:8e:de:c6:b8:69:b1:9e:78:d0:72:
                    0a:77:21:c5:7b:47:4e:af:b1:35:58:82:b0:61:2f:
                    21:82:d1:2f:ef:db:7b:94:90:f8:94:93:61:9a:fa:
                    a5:0d:78:47:5d:f9:ee:a6:ff:4a:3a:bc:bf:a5:cf:
                    0d:61:d3:fe:97:fa:e8:34:f7:c9:f9:50:bb:6b:cb:
                    5a:f6:79:ee:8c:70:67:95:d3:36:dc:a0:f8:45:33:
                    91:ba:d1:75:a6:54:c6:ea:95:dd:98:6d:5c:8c:53:
                    62:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:EE:A8:46:55:1C:6E:41:9B:94:7E:0D:A1:07:EE:CB:00:70:41:9A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/Oe6oRlUcbkGblH4NoQfuywBwQZo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.80.0/22
                IPv6:
                  2a0c:76c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:1e:0f:06:f5:61:90:10:c1:81:de:8b:40:ac:41:f2:95:27:
         fb:ef:72:7f:53:b0:c5:16:e3:b4:78:5d:09:0c:2e:b8:80:7c:
         a2:f0:54:9f:da:60:a5:5a:de:76:e2:11:a0:6a:9c:b0:c8:6b:
         3c:0d:26:81:30:1a:0a:49:8e:ae:52:b0:41:f5:b0:16:3c:05:
         4d:fe:f9:49:0a:79:b1:24:35:39:fa:b2:62:56:26:3d:aa:75:
         39:e5:23:67:c0:a0:c5:a3:5c:1a:42:74:be:91:02:47:d5:c7:
         c4:ce:20:9a:2a:a7:61:5d:cd:8d:35:ab:11:29:a3:26:e5:1f:
         13:c8:76:a7:e8:b7:fc:a5:5c:2b:f5:26:98:ff:8c:a8:eb:c2:
         82:37:c5:1b:da:e1:99:12:af:ff:ff:57:bf:c9:0d:cf:f7:a8:
         cc:3e:76:4a:0a:2a:7c:08:0d:9f:e1:2d:b9:1a:8c:81:fd:9c:
         20:92:fd:ba:96:56:72:25:9d:7e:1f:e6:9b:9e:2d:b1:dc:cf:
         62:1a:68:8f:36:52:43:cd:b8:9e:d9:b0:e9:8e:14:a3:80:73:
         6e:49:d3:d0:e6:cc:b4:27:c5:ff:ce:41:d2:7b:6f:af:b3:e2:
         21:88:72:39:10:74:6e:f0:b8:48:d2:83:97:5e:2e:cb:b5:fc:
         32:a9:02:41
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzF3AW53G1jGlLGXd7PhS0wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWVlYTg0NjU1MWM2ZTQxOWI5NDdlMGRhMTA3ZWVjYjAwNzA0MTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuowuNGR3wsJGmtg5UIzOS7wrJLFT
KiJ5Sgse2PrEPqtD13k/9kn9Mp5CBaK7EELiIgbmBbCkdKqx/r7NlgBRwVfTnLc5
hwxDPrW/pW0P3EYdJ6+HRn/TR5ij4B/QYmMrPGGKDvlZcG6prH11XPE/4TrqkkFM
3fLF5U8fY5Ee9KDeXFDFaifDXRfqUCw1OfRWfMOr1YmhBK/W2o7exrhpsZ540HIK
dyHFe0dOr7E1WIKwYS8hgtEv79t7lJD4lJNhmvqlDXhHXfnupv9KOry/pc8NYdP+
l/roNPfJ+VC7a8ta9nnujHBnldM23KD4RTORutF1plTG6pXdmG1cjFNiiwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDnuqEZVHG5Bm5R+DaEH7ssAcEGaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FmLzA5ZDMy
OS03ZmZlLTQ1MWItYmM4Mi0yODMxYTQ4NTA2NDUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWYvMDlkMzI5
LTdmZmUtNDUxYi1iYzgyLTI4MzFhNDg1MDY0NS8xL09lNm9SbFVjYmtHYmxINE5v
UWZ1eXdCd1Faby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCW+VQMA0EAgACMAcDBQAqDHbAMA0GCSqGSIb3
DQEBCwUAA4IBAQBeHg8G9WGQEMGB3otArEHylSf773J/U7DFFuO0eF0JDC64gHyi
8FSf2mClWt524hGgapywyGs8DSaBMBoKSY6uUrBB9bAWPAVN/vlJCnmxJDU5+rJi
ViY9qnU55SNnwKDFo1waQnS+kQJH1cfEziCaKqdhXc2NNasRKaMm5R8TyHan6Lf8
pVwr9SaY/4yo68KCN8Ub2uGZEq///1e/yQ3P96jMPnZKCip8CA2f4S25GoyB/Zwg
kv26llZyJZ1+H+abni2x3M9iGmiPNlJDzbie2bDpjhSjgHNuSdPQ5sy0J8X/zkHS
e2+vs+IhiHI5EHRu8LhI0oOXXi7LtfwyqQJB
-----END CERTIFICATE-----