Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dOkZZagJ0axaoPDQVQassN2wKrg.cer
File:                     dOkZZagJ0axaoPDQVQassN2wKrg.cer (raw, json)
Hash identifier:          uo7NR+EJw4vnQuwu6CsgvYbhWzfa3/HQX3srE+ONr6k=
Subject key identifier:   74:E9:19:65:A8:09:D1:AC:5A:A0:F0:D0:55:06:AC:B0:DD:B0:2A:B8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5EF213710ACEC2E6FC622FB25C032
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/0/74E91965A809D1AC5AA0F0D05506ACB0DDB02AB8.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:58 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214451
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ef:21:37:10:ac:ec:2e:6f:c6:22:fb:25:c0:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74e91965a809d1ac5aa0f0d05506acb0ddb02ab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a7:59:29:47:70:41:9c:3c:51:ea:c6:78:b3:
                    f5:a0:d9:c0:d0:b9:e3:a2:02:f9:4c:7e:1f:0d:78:
                    a3:4c:7a:d6:95:eb:a5:af:7e:34:c5:82:a1:eb:4f:
                    e8:a3:63:9d:b6:e3:0a:95:75:f7:47:58:0e:77:b2:
                    2d:82:ae:b2:64:10:1a:e5:68:f0:e7:1b:6b:a5:e4:
                    44:b9:c6:53:e8:88:6d:46:19:66:a4:25:0d:76:c9:
                    5b:2c:04:a6:28:35:4b:7f:dc:d3:47:1c:8c:fa:76:
                    c3:2c:74:d8:ea:c3:c0:09:dc:96:03:f0:e9:f0:45:
                    99:b4:8d:a6:43:0f:6f:90:54:9a:81:3e:c8:71:03:
                    1f:ef:55:09:2e:14:77:81:48:20:5f:39:13:10:ac:
                    73:e2:4a:61:40:94:8d:29:e6:92:f6:ec:16:53:76:
                    75:97:c4:b9:82:e7:a3:0a:a0:87:d2:9c:6b:ae:7e:
                    86:52:0f:c7:2e:1c:59:1e:49:91:9a:fe:ad:41:4a:
                    27:38:6a:21:4c:3d:fe:98:b7:80:02:89:c4:d3:c6:
                    64:27:32:0d:25:e6:59:6b:c2:d3:00:4d:ba:86:47:
                    26:7a:15:ac:1f:01:ac:d3:95:70:4d:49:88:48:a9:
                    62:14:59:ad:89:45:b2:6f:54:5c:0c:1e:86:3a:1a:
                    1a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E9:19:65:A8:09:D1:AC:5A:A0:F0:D0:55:06:AC:B0:DD:B0:2A:B8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/0/74E91965A809D1AC5AA0F0D05506ACB0DDB02AB8.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214451

    Signature Algorithm: sha256WithRSAEncryption
         75:91:f9:b4:9f:25:43:ca:4d:c5:77:3c:ee:77:48:24:21:a8:
         53:fe:f8:dc:0b:33:3b:1b:90:c6:6d:c1:a4:bd:72:fe:11:4e:
         10:6c:db:fc:cb:c3:da:24:65:b7:38:3b:0e:82:3e:08:50:a9:
         8a:ff:05:0b:ed:1f:c7:5a:99:93:04:b4:d3:2b:63:80:2f:1e:
         65:b6:ba:3d:da:f1:a3:b4:57:27:33:40:f6:fa:4b:fe:85:17:
         d6:fc:8d:96:c9:81:78:51:ae:8f:12:68:7f:a7:a1:fe:cd:70:
         2b:a3:82:0c:f4:f3:9a:72:29:f6:fc:40:13:e8:05:e8:43:62:
         b9:7b:d9:37:c5:4a:42:cc:14:23:d5:97:43:37:01:13:93:8b:
         75:00:ae:82:4c:26:c4:e7:1c:2d:83:09:f7:d9:98:a6:76:c7:
         46:b4:32:4a:62:22:12:65:ca:bc:17:dc:90:e1:98:52:c2:5d:
         83:1c:37:07:51:8e:5b:8a:47:a6:b7:26:e5:45:3f:6b:98:5d:
         de:a5:7f:92:4a:7b:e7:ad:5d:9d:ff:d2:de:c7:d6:e3:f7:9d:
         58:fd:2f:38:6a:c1:f5:0e:5d:40:f8:9c:66:45:1a:ca:ea:5c:
         0a:43:bc:41:05:6d:f8:68:e8:b8:95:5d:62:72:ce:0b:40:bb:
         54:86:07:01
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZQg1e8hNxCs7C5vxiL7JcAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGU5MTk2NWE4MDlkMWFjNWFhMGYwZDA1NTA2YWNiMGRkYjAyYWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1adZKUdwQZw8UerGeLP1oNnA0Lnj
ogL5TH4fDXijTHrWleulr340xYKh60/oo2OdtuMKlXX3R1gOd7Itgq6yZBAa5Wjw
5xtrpeREucZT6IhtRhlmpCUNdslbLASmKDVLf9zTRxyM+nbDLHTY6sPACdyWA/Dp
8EWZtI2mQw9vkFSagT7IcQMf71UJLhR3gUggXzkTEKxz4kphQJSNKeaS9uwWU3Z1
l8S5guejCqCH0pxrrn6GUg/HLhxZHkmRmv6tQUonOGohTD3+mLeAAonE08ZkJzIN
JeZZa8LTAE26hkcmehWsHwGs05VwTUmISKliFFmtiUWyb1RcDB6GOhoaewIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFHTpGWWoCdGsWqDw0FUGrLDdsCq4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyY2Y4
YmE3LWNiMDItNDE4Yi1iZTA0LTRkOWYzYTA3ZTk1MC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJj
ZjhiYTctY2IwMi00MThiLWJlMDQtNGQ5ZjNhMDdlOTUwLzAvNzRFOTE5NjVBODA5
RDFBQzVBQTBGMEQwNTUwNkFDQjBEREIwMkFCOC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDRbMw
DQYJKoZIhvcNAQELBQADggEBAHWR+bSfJUPKTcV3PO53SCQhqFP++NwLMzsbkMZt
waS9cv4RThBs2/zLw9okZbc4Ow6CPghQqYr/BQvtH8damZMEtNMrY4AvHmW2uj3a
8aO0VyczQPb6S/6FF9b8jZbJgXhRro8SaH+nof7NcCujggz085pyKfb8QBPoBehD
Yrl72TfFSkLMFCPVl0M3AROTi3UAroJMJsTnHC2DCffZmKZ2x0a0MkpiIhJlyrwX
3JDhmFLCXYMcNwdRjluKR6a3JuVFP2uYXd6lf5JKe+etXZ3/0t7H1uP3nVj9Lzhq
wfUOXUD4nGZFGsrqXApDvEEFbfho6LiVXWJyzgtAu1SGBwE=
-----END CERTIFICATE-----