Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/o2iDBf7VyZdgrsfIlMa6IeTq1nU.cer
File:                     o2iDBf7VyZdgrsfIlMa6IeTq1nU.cer (raw, json)
Hash identifier:          WqBrFwFdWiG73vc/DqPnP4wE0INBMDbFYzzi6Mg3tpg=
Subject key identifier:   A3:68:83:05:FE:D5:C9:97:60:AE:C7:C8:94:C6:BA:21:E4:EA:D6:75
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B382AC48096FA8DC98199BA03A42D2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bf/f9e257-0162-4def-96ad-dec9796f6223/1/o2iDBf7VyZdgrsfIlMa6IeTq1nU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bf/f9e257-0162-4def-96ad-dec9796f6223/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:47:43 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 5.183.172.0/24
                          IP: 2a10:3f40::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:82:ac:48:09:6f:a8:dc:98:19:9b:a0:3a:42:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3688305fed5c99760aec7c894c6ba21e4ead675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a5:fe:da:f9:36:8b:58:d4:d9:c4:cc:e9:b8:
                    d3:cd:64:92:19:e0:f3:c2:a8:43:3c:79:9a:4d:87:
                    8f:d1:25:2d:92:f4:d3:6d:ab:45:d0:13:03:fd:e4:
                    62:15:bb:f6:dc:76:49:48:53:13:22:5b:78:05:80:
                    2b:db:3e:bf:79:cf:a2:09:c8:3b:94:35:45:94:47:
                    dc:f2:95:37:fd:35:fe:cc:06:a5:68:b8:b2:ca:61:
                    b8:e0:8a:90:a0:03:3d:64:83:e2:db:9b:c5:b7:9e:
                    31:96:71:77:c0:f9:67:d3:c5:86:56:a8:0a:bd:23:
                    9a:71:05:d7:d3:31:28:3d:34:c5:a4:f1:5b:7a:31:
                    9f:c2:76:02:d3:ff:7b:d9:a7:d0:67:7c:37:cb:4c:
                    2d:d7:99:9f:c2:56:09:9a:c3:5e:3a:fa:5a:6a:d6:
                    13:eb:ba:72:ea:67:0a:1b:74:53:70:6c:d2:f5:e9:
                    8b:ae:fe:31:a0:cf:c7:fc:78:30:86:9c:64:66:bd:
                    86:3e:8c:94:5a:87:df:f0:09:34:eb:6c:4a:95:66:
                    26:b7:4b:8f:78:0e:7b:00:99:cd:5f:bc:38:f2:e9:
                    76:54:8a:a5:91:26:24:38:e3:f8:4b:3d:91:42:5b:
                    c9:a7:80:0c:69:d8:3b:34:06:eb:2c:3d:cc:cd:d7:
                    87:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:68:83:05:FE:D5:C9:97:60:AE:C7:C8:94:C6:BA:21:E4:EA:D6:75
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f9e257-0162-4def-96ad-dec9796f6223/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f9e257-0162-4def-96ad-dec9796f6223/1/o2iDBf7VyZdgrsfIlMa6IeTq1nU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.172.0/24
                IPv6:
                  2a10:3f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:7f:1c:ea:b4:97:b4:ac:08:0e:c2:8a:6d:09:8c:17:54:52:
         5f:54:b6:86:f0:65:cc:61:57:03:2f:ba:57:87:08:3b:1b:17:
         c1:99:21:bb:7a:b2:37:91:8e:d0:82:e5:17:39:88:45:5f:40:
         f3:84:5a:64:c6:1c:48:1a:8b:81:ca:94:91:bf:02:e9:c0:70:
         cd:b4:ef:8f:c5:33:93:15:c7:e2:05:cb:51:c0:3e:35:e7:fe:
         f5:67:f7:90:67:20:8b:28:67:a7:7f:49:04:01:57:28:86:54:
         25:00:1f:22:14:a3:6d:7d:1c:c0:67:e2:98:14:c8:a3:09:20:
         a0:90:6f:8d:de:db:2e:0b:eb:a3:13:f4:5d:8d:c4:a5:6b:71:
         11:c3:56:cb:ff:c4:60:e2:b1:00:4a:74:e0:e6:0a:79:f8:3c:
         08:50:ff:09:83:ec:3a:8a:4a:29:ba:9c:34:ad:20:c6:6e:d3:
         f4:de:29:f7:a9:70:98:63:a6:3e:d3:e7:ea:a8:ca:99:e3:fa:
         91:9c:dd:ac:09:1c:2a:44:71:64:90:ba:74:87:f5:9d:a4:f0:
         f6:71:67:a7:cc:9c:d2:ed:72:b8:38:37:a5:57:51:1a:5c:f2:
         2d:40:96:65:06:b8:7a:fb:57:2e:22:ce:c5:fe:a5:df:72:52:
         54:bd:e3:51
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQns4KsSAlvqNyYGZugOkLSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzY4ODMwNWZlZDVjOTk3NjBhZWM3Yzg5NGM2YmEyMWU0ZWFkNjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqX+2vk2i1jU2cTM6bjTzWSSGeDz
wqhDPHmaTYeP0SUtkvTTbatF0BMD/eRiFbv23HZJSFMTIlt4BYAr2z6/ec+iCcg7
lDVFlEfc8pU3/TX+zAalaLiyymG44IqQoAM9ZIPi25vFt54xlnF3wPln08WGVqgK
vSOacQXX0zEoPTTFpPFbejGfwnYC0/972afQZ3w3y0wt15mfwlYJmsNeOvpaatYT
67py6mcKG3RTcGzS9emLrv4xoM/H/HgwhpxkZr2GPoyUWoff8Ak062xKlWYmt0uP
eA57AJnNX7w48ul2VIqlkSYkOOP4Sz2RQlvJp4AMadg7NAbrLD3MzdeHcQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKNogwX+1cmXYK7HyJTGuiHk6tZ1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JmL2Y5ZTI1
Ny0wMTYyLTRkZWYtOTZhZC1kZWM5Nzk2ZjYyMjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmYvZjllMjU3
LTAxNjItNGRlZi05NmFkLWRlYzk3OTZmNjIyMy8xL28yaURCZjdWeVpkZ3JzZkls
TWE2SWVUcTFuVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQABbesMA0EAgACMAcDBQMqED9AMA0GCSqGSIb3
DQEBCwUAA4IBAQCkfxzqtJe0rAgOwoptCYwXVFJfVLaG8GXMYVcDL7pXhwg7GxfB
mSG7erI3kY7QguUXOYhFX0DzhFpkxhxIGouBypSRvwLpwHDNtO+PxTOTFcfiBctR
wD415/71Z/eQZyCLKGenf0kEAVcohlQlAB8iFKNtfRzAZ+KYFMijCSCgkG+N3tsu
C+ujE/RdjcSla3ERw1bL/8Rg4rEASnTg5gp5+DwIUP8Jg+w6ikopupw0rSDGbtP0
3in3qXCYY6Y+0+fqqMqZ4/qRnN2sCRwqRHFkkLp0h/WdpPD2cWenzJzS7XK4ODel
V1EaXPItQJZlBrh6+1cuIs7F/qXfclJUveNR
-----END CERTIFICATE-----