Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aomTYnatLRhxB9-3QAeTADrBSac.cer
File:                     aomTYnatLRhxB9-3QAeTADrBSac.cer (raw, json)
Hash identifier:          K79eT5h9Fsz1ko1c0TeHkJV9W+G7H21bp7P6eajpyB0=
Subject key identifier:   6A:89:93:62:76:AD:2D:18:71:07:DF:B7:40:07:93:00:3A:C1:49:A7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC42457AF1126F67504904A1798B9C751
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ab/2ab62d-070c-4b06-b38a-73a7a4736038/1/aomTYnatLRhxB9-3QAeTADrBSac.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ab/2ab62d-070c-4b06-b38a-73a7a4736038/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:46c::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:57:af:11:26:f6:75:04:90:4a:17:98:b9:c7:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a89936276ad2d187107dfb7400793003ac149a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:df:12:d0:93:92:68:53:96:46:81:13:af:7e:
                    4c:5d:06:39:1f:50:5c:bf:55:6a:01:ea:8d:15:52:
                    bc:c0:2c:8f:6b:ff:25:95:90:ec:b9:42:0b:bf:f2:
                    cd:f4:f8:fa:de:cd:e1:74:a1:8b:90:af:34:f4:fd:
                    51:4d:ad:e5:37:f5:64:fc:98:75:e9:9f:82:9e:ba:
                    fc:1a:14:f6:ac:42:74:de:9a:28:5e:86:d1:98:b3:
                    59:46:30:24:2f:9a:58:d7:d6:be:d6:cb:0e:1c:af:
                    cc:7a:8e:be:6b:44:9a:ee:22:c8:b4:2b:00:83:12:
                    28:25:1f:01:b4:e7:9c:c2:b6:53:bf:7d:20:52:b2:
                    b1:8e:20:0d:c1:20:94:d6:5e:e3:ca:fd:0f:71:7f:
                    34:f7:8f:ea:bd:61:31:c8:30:cf:a6:5f:28:c3:68:
                    dd:20:11:53:54:c5:71:2d:18:97:f4:be:a3:6e:0d:
                    1c:61:aa:b0:a4:61:11:11:fd:2c:53:5c:fa:49:1a:
                    6f:92:2b:74:16:73:71:3a:d4:d2:42:65:6a:8d:7a:
                    cc:65:45:82:15:fb:ec:80:ae:c2:78:b2:7d:99:d9:
                    03:f2:18:e4:f4:b1:9a:bf:b7:f4:65:ea:4e:59:70:
                    ac:a9:78:40:14:f3:ab:3a:57:51:68:72:d5:ae:9e:
                    fc:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:89:93:62:76:AD:2D:18:71:07:DF:B7:40:07:93:00:3A:C1:49:A7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/2ab62d-070c-4b06-b38a-73a7a4736038/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/2ab62d-070c-4b06-b38a-73a7a4736038/1/aomTYnatLRhxB9-3QAeTADrBSac.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:46c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:4d:fd:b2:f4:02:2a:a3:43:00:a9:53:54:36:1c:3d:21:26:
         b1:c9:7d:b1:13:b1:27:53:e0:1f:28:88:22:a7:ce:06:75:eb:
         79:da:e7:d2:df:8f:a9:a8:96:19:62:09:c2:31:f4:9a:f0:f7:
         aa:a4:e0:c5:e3:8a:c4:a6:17:86:9d:c5:d7:8a:87:e1:86:ab:
         ce:28:14:d5:cc:e4:e6:6c:da:f9:c2:0d:20:76:22:5d:92:41:
         15:8a:3e:8f:8e:e5:b2:50:ec:fd:77:6a:ac:6b:64:e9:51:d5:
         dc:0d:18:18:22:7e:87:33:06:bc:f1:88:51:b3:3c:8b:e7:91:
         fe:07:3c:1e:5e:77:bf:45:d2:57:4d:77:1d:c7:9e:39:50:f7:
         8f:47:a9:4d:85:ef:17:4e:65:63:22:8f:2f:02:ce:f6:d8:1a:
         bb:2b:a9:bc:ae:6f:1e:49:f5:46:e2:ff:03:6b:99:ae:09:1e:
         18:64:a3:38:08:12:17:84:37:56:76:f0:44:50:71:a5:34:ca:
         33:dd:45:05:16:b1:a2:3d:0c:4a:66:e8:1a:f9:3b:4f:85:9f:
         7f:92:4c:87:37:b6:f2:3d:af:62:b7:fc:44:32:80:9d:e8:fa:
         e0:25:b5:7a:5e:e3:e3:7e:e3:e1:43:e1:06:d0:4f:4d:9b:ac:
         f0:10:ca:bb
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzEJFevESb2dQSQSheYucdRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTg5OTM2Mjc2YWQyZDE4NzEwN2RmYjc0MDA3OTMwMDNhYzE0OWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt8S0JOSaFOWRoETr35MXQY5H1Bc
v1VqAeqNFVK8wCyPa/8llZDsuUILv/LN9Pj63s3hdKGLkK809P1RTa3lN/Vk/Jh1
6Z+Cnrr8GhT2rEJ03pooXobRmLNZRjAkL5pY19a+1ssOHK/Meo6+a0Sa7iLItCsA
gxIoJR8BtOecwrZTv30gUrKxjiANwSCU1l7jyv0PcX8094/qvWExyDDPpl8ow2jd
IBFTVMVxLRiX9L6jbg0cYaqwpGEREf0sU1z6SRpvkit0FnNxOtTSQmVqjXrMZUWC
FfvsgK7CeLJ9mdkD8hjk9LGav7f0ZepOWXCsqXhAFPOrOldRaHLVrp78BwIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFGqJk2J2rS0YcQfft0AHkwA6wUmnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FiLzJhYjYy
ZC0wNzBjLTRiMDYtYjM4YS03M2E3YTQ3MzYwMzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWIvMmFiNjJk
LTA3MGMtNGIwNi1iMzhhLTczYTdhNDczNjAzOC8xL2FvbVRZbmF0TFJoeEI5LTNR
QWVUQURyQlNhYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfARsMA0GCSqGSIb3DQEBCwUAA4IBAQAb
Tf2y9AIqo0MAqVNUNhw9ISaxyX2xE7EnU+AfKIgip84Gdet52ufS34+pqJYZYgnC
MfSa8PeqpODF44rEpheGncXXiofhhqvOKBTVzOTmbNr5wg0gdiJdkkEVij6PjuWy
UOz9d2qsa2TpUdXcDRgYIn6HMwa88YhRszyL55H+BzweXne/RdJXTXcdx545UPeP
R6lNhe8XTmVjIo8vAs722Bq7K6m8rm8eSfVG4v8Da5muCR4YZKM4CBIXhDdWdvBE
UHGlNMoz3UUFFrGiPQxKZuga+TtPhZ9/kkyHN7byPa9it/xEMoCd6PrgJbV6XuPj
fuPhQ+EG0E9Nm6zwEMq7
-----END CERTIFICATE-----