Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OupNrj6ZT9n-e-dDPkL5b2cVk3g.cer
File:                     OupNrj6ZT9n-e-dDPkL5b2cVk3g.cer (raw, json)
Hash identifier:          +/D4XeSTVrf/J264yFq6IXzwA9mRR5XjUwOKyBHEKQc=
Subject key identifier:   3A:EA:4D:AE:3E:99:4F:D9:FE:7B:E7:43:3E:42:F9:6F:67:15:93:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56E3CCADA4164E7E29154C0DBD3EDF5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/OupNrj6ZT9n-e-dDPkL5b2cVk3g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:45 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 209460
                          IP: 2001:67c:918::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3c:ca:da:41:64:e7:e2:91:54:c0:db:d3:ed:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3aea4dae3e994fd9fe7be7433e42f96f67159378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b0:13:37:9e:0f:2f:6b:95:7c:fe:a8:0e:51:
                    a4:78:62:e6:61:85:4b:63:7c:a0:bd:7a:17:59:1b:
                    7f:58:b4:f7:26:45:03:07:fd:77:79:2d:0f:df:0e:
                    f8:73:2a:f1:31:72:5e:de:2b:26:ed:ac:da:06:f9:
                    4e:6d:a0:69:19:a9:05:92:9b:3e:6b:c6:19:2f:01:
                    13:9b:d1:df:89:6e:81:cd:37:22:9c:da:3e:14:1d:
                    e3:94:d3:b1:fa:b3:f9:37:87:b5:e4:5d:fb:8f:66:
                    4f:ae:8b:c4:8a:56:f9:9a:99:21:28:06:c6:c1:05:
                    fd:f9:e2:04:a8:cf:8e:2d:b6:8e:7c:a0:58:b8:e6:
                    c7:8a:90:f3:1a:c1:66:0e:3e:52:26:95:c8:5e:b7:
                    db:7d:26:91:ec:0c:b0:7e:2a:6e:0e:3e:fb:23:9f:
                    a2:5a:41:43:5d:99:cb:ae:2d:3b:9d:2a:e0:74:5b:
                    c5:23:8d:f1:eb:b1:a5:db:65:7a:68:79:97:a8:ab:
                    50:bd:fb:d6:d5:6b:4c:28:db:b5:69:e5:36:20:bb:
                    c7:e5:1c:88:ad:23:9b:53:72:48:b6:bb:20:44:b4:
                    bc:fd:d7:35:db:bb:3d:16:e2:21:aa:23:34:17:17:
                    6b:3a:ce:3c:aa:c9:90:a7:0c:8b:46:93:6e:9c:6d:
                    90:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:EA:4D:AE:3E:99:4F:D9:FE:7B:E7:43:3E:42:F9:6F:67:15:93:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/OupNrj6ZT9n-e-dDPkL5b2cVk3g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:918::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209460

    Signature Algorithm: sha256WithRSAEncryption
         ad:aa:59:e0:18:c0:c7:d2:6e:4c:cb:e8:5d:0d:09:dc:d6:e2:
         89:64:02:a3:9b:9c:ff:51:f7:c1:df:bd:4a:e2:ea:7d:cc:ad:
         ec:30:64:45:4e:3f:a7:df:b1:76:92:95:df:ea:bc:aa:36:3a:
         57:38:d9:81:d7:d5:ee:61:cc:8f:2b:66:98:d5:cb:10:ec:b5:
         c5:06:8b:7b:f5:2b:e5:d8:cc:de:96:54:0a:52:ee:30:9b:e1:
         77:c7:31:9f:07:8c:4b:95:33:9f:4a:cb:8c:1f:df:ac:86:a7:
         d7:3d:14:52:f5:b6:49:53:f6:db:da:23:63:ba:40:3b:98:04:
         70:a0:9e:0e:34:8d:d9:ba:37:56:16:67:13:98:ea:56:09:49:
         a9:1e:8c:c0:36:3e:3f:a9:2a:be:df:6f:fb:57:2e:85:c3:0e:
         b7:5c:33:b9:1e:a9:a9:fe:05:ac:e1:2f:cd:77:03:55:64:9d:
         fb:d4:50:f9:6d:b8:57:79:6d:b0:4f:b7:0b:6f:fc:b4:f1:37:
         e3:d2:47:27:b0:fd:c3:0e:d7:fd:74:b1:07:cc:c3:66:35:db:
         a4:e2:4f:15:30:3b:02:d8:80:ca:9a:f9:21:2e:60:ee:91:5e:
         af:f0:92:26:a9:c5:38:7d:60:dc:64:ea:b7:51:96:f0:8d:e4:
         a4:f1:82:c6
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzFbjzK2kFk5+KRVMDb0+31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWVhNGRhZTNlOTk0ZmQ5ZmU3YmU3NDMzZTQyZjk2ZjY3MTU5Mzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27ATN54PL2uVfP6oDlGkeGLmYYVL
Y3ygvXoXWRt/WLT3JkUDB/13eS0P3w74cyrxMXJe3ism7azaBvlObaBpGakFkps+
a8YZLwETm9HfiW6BzTcinNo+FB3jlNOx+rP5N4e15F37j2ZProvEilb5mpkhKAbG
wQX9+eIEqM+OLbaOfKBYuObHipDzGsFmDj5SJpXIXrfbfSaR7AywfipuDj77I5+i
WkFDXZnLri07nSrgdFvFI43x67Gl22V6aHmXqKtQvfvW1WtMKNu1aeU2ILvH5RyI
rSObU3JItrsgRLS8/dc127s9FuIhqiM0FxdrOs48qsmQpwyLRpNunG2QMQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFDrqTa4+mU/Z/nvnQz5C+W9nFZN4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBjLzMyNTdk
OS0zZmI4LTRjZGYtOThhYS05M2U5NDAzZWIwMTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMvMzI1N2Q5
LTNmYjgtNGNkZi05OGFhLTkzZTk0MDNlYjAxOS8xL091cE5yajZaVDluLWUtZERQ
a0w1YjJjVmszZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAkYMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMyNDANBgkqhkiG9w0BAQsFAAOCAQEArapZ4BjAx9JuTMvoXQ0J3NbiiWQC
o5uc/1H3wd+9SuLqfcyt7DBkRU4/p9+xdpKV3+q8qjY6VzjZgdfV7mHMjytmmNXL
EOy1xQaLe/Ur5djM3pZUClLuMJvhd8cxnweMS5Uzn0rLjB/frIan1z0UUvW2SVP2
29ojY7pAO5gEcKCeDjSN2bo3VhZnE5jqVglJqR6MwDY+P6kqvt9v+1cuhcMOt1wz
uR6pqf4FrOEvzXcDVWSd+9RQ+W24V3ltsE+3C2/8tPE349JHJ7D9ww7X/XSxB8zD
ZjXbpOJPFTA7AtiAypr5IS5g7pFer/CSJqnFOH1g3GTqt1GW8I3kpPGCxg==
-----END CERTIFICATE-----