Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
File:                     Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer (raw, json)
Hash identifier:          aLpoeqeuOcWxc15xjCjYhdU6PQtc2vTYivEQVv5TwGo=
Subject key identifier:   3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019435FF791259A7F7D0A6F219E137817F8B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 05 Jan 2025 10:25:22 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214178
                          IP: 2a14:4b40::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:35:ff:79:12:59:a7:f7:d0:a6:f2:19:e1:37:81:7f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  5 10:25:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2d:93:0d:7e:a0:d6:24:ec:5e:78:7f:0b:26:
                    0e:6b:08:5c:52:dc:45:23:8c:9f:10:45:07:e2:cc:
                    ed:32:bd:02:a4:7e:d1:be:e6:a7:c1:f7:20:4d:f0:
                    b2:d6:f1:de:f1:21:f9:33:f1:d5:a7:30:f6:43:d6:
                    3f:48:9c:46:05:25:79:66:6e:18:89:5d:82:87:d3:
                    63:e2:f2:a4:b0:f7:a3:2e:5b:1c:72:d3:2b:47:f0:
                    15:28:67:8f:48:fa:a4:d7:73:4c:43:55:21:2e:4f:
                    9b:5c:b0:af:8b:c1:56:bf:a6:00:3b:4d:88:e9:5a:
                    77:7e:d6:ce:51:19:56:59:c0:03:38:68:66:a6:04:
                    87:72:28:87:e4:41:a1:37:c2:4d:8c:66:18:77:1d:
                    c1:a1:61:2d:27:b0:ea:72:53:df:4f:b3:c9:d1:9c:
                    8c:6f:f1:e5:f0:ba:aa:f6:3d:06:0e:0f:36:84:0f:
                    6f:e2:1c:dc:67:a1:66:4f:57:28:c8:7a:5f:50:83:
                    b1:14:12:48:26:28:33:65:6f:61:26:f1:41:65:a2:
                    7f:53:af:d4:cf:26:4c:62:45:73:dc:20:69:a8:91:
                    f8:ea:82:5d:16:b7:83:d3:ca:07:26:03:89:35:1b:
                    a3:06:17:ad:67:c7:49:61:31:9d:d8:5a:a8:0e:61:
                    b3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4b40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214178

    Signature Algorithm: sha256WithRSAEncryption
         3c:cb:8a:e5:0f:fc:c7:da:42:59:e5:0f:d1:fe:e5:35:91:5a:
         69:75:8c:af:d7:d1:aa:30:9e:4f:31:2e:5e:bc:9b:44:4f:fb:
         fa:2a:15:df:06:ca:88:df:82:a3:72:88:d1:a4:17:c1:ca:c5:
         52:99:63:f4:37:57:12:5e:12:26:f0:f6:39:51:b7:05:3a:ae:
         31:73:8d:8b:4b:90:41:7d:f5:7e:82:14:f6:54:fd:c9:0a:94:
         f3:ae:33:ef:97:bc:b4:e7:7c:6a:62:bd:b0:43:19:a5:f9:8e:
         2f:e1:17:8e:82:8a:1c:af:c8:3e:74:6e:a5:62:64:e5:85:1e:
         c4:1f:61:f4:57:f8:e1:6d:53:93:47:ad:7a:5b:b8:e1:54:32:
         1a:e1:df:97:0e:20:20:1b:57:60:a2:34:b6:a3:f6:a1:07:b3:
         9a:34:5d:8a:8a:eb:bc:70:b1:9c:48:a8:30:15:38:28:15:71:
         94:4e:6d:bd:0d:68:87:3e:8f:74:d0:9e:18:40:64:66:88:3f:
         0f:42:4a:bc:02:ae:17:d0:50:a6:7a:40:6a:a6:3c:21:44:8e:
         44:d1:6e:97:30:44:66:52:62:c6:26:9e:db:67:66:d5:c5:f7:
         b1:c0:a1:2d:95:59:d7:7b:c3:56:7f:87:70:04:c7:4d:b9:53:
         c5:ee:d8:5f
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZQ1/3kSWaf30KbyGeE3gX+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTA1MTAyNTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTNlYTMzYWVhOGIzODQyN2YyYmNlZjVlZDRjMjE0MjNhMmE5ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi2TDX6g1iTsXnh/CyYOawhcUtxF
I4yfEEUH4sztMr0CpH7RvuanwfcgTfCy1vHe8SH5M/HVpzD2Q9Y/SJxGBSV5Zm4Y
iV2Ch9Nj4vKksPejLlscctMrR/AVKGePSPqk13NMQ1UhLk+bXLCvi8FWv6YAO02I
6Vp3ftbOURlWWcADOGhmpgSHciiH5EGhN8JNjGYYdx3BoWEtJ7DqclPfT7PJ0ZyM
b/Hl8Lqq9j0GDg82hA9v4hzcZ6FmT1coyHpfUIOxFBJIJigzZW9hJvFBZaJ/U6/U
zyZMYkVz3CBpqJH46oJdFreD08oHJgOJNRujBhetZ8dJYTGd2FqoDmGzfQIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFDo+ozrqizhCfyvO9e1MIUI6Kp1kMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIxLzA2N2Iw
Ny01ZWI2LTQzZjEtODZmZi0xZDY3YzMyNDUwMWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjEvMDY3YjA3
LTVlYjYtNDNmMS04NmZmLTFkNjdjMzI0NTAxZi8xL09qNmpPdXFMT0VKX0s4NzE3
VXdoUWpvcW5XUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhRLQDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDRKIwDQYJKoZIhvcNAQELBQADggEBADzLiuUP/MfaQlnlD9H+5TWRWml1jK/X
0aownk8xLl68m0RP+/oqFd8GyojfgqNyiNGkF8HKxVKZY/Q3VxJeEibw9jlRtwU6
rjFzjYtLkEF99X6CFPZU/ckKlPOuM++XvLTnfGpivbBDGaX5ji/hF46CihyvyD50
bqViZOWFHsQfYfRX+OFtU5NHrXpbuOFUMhrh35cOICAbV2CiNLaj9qEHs5o0XYqK
67xwsZxIqDAVOCgVcZRObb0NaIc+j3TQnhhAZGaIPw9CSrwCrhfQUKZ6QGqmPCFE
jkTRbpcwRGZSYsYmnttnZtXF97HAoS2VWdd7w1Z/h3AEx025U8Xu2F8=
-----END CERTIFICATE-----