Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/o2iDBf7VyZdgrsfIlMa6IeTq1nU.cer
File:                     o2iDBf7VyZdgrsfIlMa6IeTq1nU.cer (raw, json)
Hash identifier:          0a8G0PrpcKYVdJrgYib9DNEZtkAqGyYsiQfZgSS0mcE=
Subject key identifier:   A3:68:83:05:FE:D5:C9:97:60:AE:C7:C8:94:C6:BA:21:E4:EA:D6:75
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348B1A7BDCFA2628C028D264421FB81
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bf/f9e257-0162-4def-96ad-dec9796f6223/1/o2iDBf7VyZdgrsfIlMa6IeTq1nU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bf/f9e257-0162-4def-96ad-dec9796f6223/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 5.183.172.0/24
                          IP: 2a10:3f40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b1:a7:bd:cf:a2:62:8c:02:8d:26:44:21:fb:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3688305fed5c99760aec7c894c6ba21e4ead675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a5:fe:da:f9:36:8b:58:d4:d9:c4:cc:e9:b8:
                    d3:cd:64:92:19:e0:f3:c2:a8:43:3c:79:9a:4d:87:
                    8f:d1:25:2d:92:f4:d3:6d:ab:45:d0:13:03:fd:e4:
                    62:15:bb:f6:dc:76:49:48:53:13:22:5b:78:05:80:
                    2b:db:3e:bf:79:cf:a2:09:c8:3b:94:35:45:94:47:
                    dc:f2:95:37:fd:35:fe:cc:06:a5:68:b8:b2:ca:61:
                    b8:e0:8a:90:a0:03:3d:64:83:e2:db:9b:c5:b7:9e:
                    31:96:71:77:c0:f9:67:d3:c5:86:56:a8:0a:bd:23:
                    9a:71:05:d7:d3:31:28:3d:34:c5:a4:f1:5b:7a:31:
                    9f:c2:76:02:d3:ff:7b:d9:a7:d0:67:7c:37:cb:4c:
                    2d:d7:99:9f:c2:56:09:9a:c3:5e:3a:fa:5a:6a:d6:
                    13:eb:ba:72:ea:67:0a:1b:74:53:70:6c:d2:f5:e9:
                    8b:ae:fe:31:a0:cf:c7:fc:78:30:86:9c:64:66:bd:
                    86:3e:8c:94:5a:87:df:f0:09:34:eb:6c:4a:95:66:
                    26:b7:4b:8f:78:0e:7b:00:99:cd:5f:bc:38:f2:e9:
                    76:54:8a:a5:91:26:24:38:e3:f8:4b:3d:91:42:5b:
                    c9:a7:80:0c:69:d8:3b:34:06:eb:2c:3d:cc:cd:d7:
                    87:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:68:83:05:FE:D5:C9:97:60:AE:C7:C8:94:C6:BA:21:E4:EA:D6:75
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f9e257-0162-4def-96ad-dec9796f6223/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f9e257-0162-4def-96ad-dec9796f6223/1/o2iDBf7VyZdgrsfIlMa6IeTq1nU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.172.0/24
                IPv6:
                  2a10:3f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:0d:48:80:cb:db:9a:da:29:fd:9a:70:ae:3e:bc:0e:a1:c4:
         75:cb:aa:74:5c:35:23:da:a4:3a:97:38:c9:9a:fb:78:fa:ac:
         d0:80:f4:46:bb:fe:71:bd:77:0d:1d:51:cb:3e:b9:02:f1:52:
         34:ba:fb:ea:af:44:58:3b:23:28:cb:0b:65:8b:12:15:a0:90:
         4e:4b:bd:dd:f6:8a:4f:2f:c5:83:26:7d:da:ee:ef:ce:12:80:
         0e:6a:a4:d5:b8:79:0e:62:cd:ea:50:09:66:77:e6:e1:98:81:
         e8:80:96:1e:00:7a:4d:93:e1:66:bb:77:1c:68:3a:7f:6c:f3:
         51:17:aa:99:49:e5:9f:69:15:0e:f4:6d:a7:30:04:b1:76:ba:
         14:2c:bb:67:64:bc:37:ca:b2:86:07:82:b6:c5:75:f7:1a:b1:
         b8:ff:57:72:80:c9:36:0e:8d:82:bd:a3:30:0a:0c:33:97:a7:
         07:6a:93:fd:11:30:6e:90:45:29:11:11:6d:99:64:a6:e8:01:
         8f:24:f4:f2:32:82:04:35:bc:23:62:d8:44:75:0c:5e:d4:23:
         ac:d8:56:0e:e8:6d:85:4f:b7:03:9e:52:c6:6d:60:a8:14:64:
         2f:ac:85:f6:b1:37:11:76:2f:7d:0b:7a:2f:05:4a:6e:eb:de:
         3b:76:14:6c
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzDSLGnvc+iYowCjSZEIfuBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzY4ODMwNWZlZDVjOTk3NjBhZWM3Yzg5NGM2YmEyMWU0ZWFkNjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqX+2vk2i1jU2cTM6bjTzWSSGeDz
wqhDPHmaTYeP0SUtkvTTbatF0BMD/eRiFbv23HZJSFMTIlt4BYAr2z6/ec+iCcg7
lDVFlEfc8pU3/TX+zAalaLiyymG44IqQoAM9ZIPi25vFt54xlnF3wPln08WGVqgK
vSOacQXX0zEoPTTFpPFbejGfwnYC0/972afQZ3w3y0wt15mfwlYJmsNeOvpaatYT
67py6mcKG3RTcGzS9emLrv4xoM/H/HgwhpxkZr2GPoyUWoff8Ak062xKlWYmt0uP
eA57AJnNX7w48ul2VIqlkSYkOOP4Sz2RQlvJp4AMadg7NAbrLD3MzdeHcQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKNogwX+1cmXYK7HyJTGuiHk6tZ1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JmL2Y5ZTI1
Ny0wMTYyLTRkZWYtOTZhZC1kZWM5Nzk2ZjYyMjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmYvZjllMjU3
LTAxNjItNGRlZi05NmFkLWRlYzk3OTZmNjIyMy8xL28yaURCZjdWeVpkZ3JzZkls
TWE2SWVUcTFuVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQABbesMA0EAgACMAcDBQMqED9AMA0GCSqGSIb3
DQEBCwUAA4IBAQAwDUiAy9ua2in9mnCuPrwOocR1y6p0XDUj2qQ6lzjJmvt4+qzQ
gPRGu/5xvXcNHVHLPrkC8VI0uvvqr0RYOyMoywtlixIVoJBOS73d9opPL8WDJn3a
7u/OEoAOaqTVuHkOYs3qUAlmd+bhmIHogJYeAHpNk+Fmu3ccaDp/bPNRF6qZSeWf
aRUO9G2nMASxdroULLtnZLw3yrKGB4K2xXX3GrG4/1dygMk2Do2CvaMwCgwzl6cH
apP9ETBukEUpERFtmWSm6AGPJPTyMoIENbwjYthEdQxe1COs2FYO6G2FT7cDnlLG
bWCoFGQvrIX2sTcRdi99C3ovBUpu6947dhRs
-----END CERTIFICATE-----