Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/o3oSbXhU7NVlroKXDGk_M1n4Xzc.cer
File:                     o3oSbXhU7NVlroKXDGk_M1n4Xzc.cer (raw, json)
Hash identifier:          BJUYeJTHxhSvikgJcK/OGDVhDh3WMu4kpZ8+oWqGUwU=
Subject key identifier:   A3:7A:12:6D:78:54:EC:D5:65:AE:82:97:0C:69:3F:33:59:F8:5F:37
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC34899C8D05571AAF11668A8DE0E67E1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/81/834407-163d-410c-b949-786cb1296e58/1/o3oSbXhU7NVlroKXDGk_M1n4Xzc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/81/834407-163d-410c-b949-786cb1296e58/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.127.234.0 -- 194.127.237.255

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:99:c8:d0:55:71:aa:f1:16:68:a8:de:0e:67:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a37a126d7854ecd565ae82970c693f3359f85f37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b0:bd:0e:23:b6:42:d9:9e:bb:e7:e0:16:19:
                    06:86:8f:70:c2:c3:7a:dd:11:76:2e:2b:d9:f0:55:
                    7c:9f:f7:33:34:b8:ea:6c:0d:69:c6:89:1f:8b:47:
                    e4:ac:18:14:7e:cc:09:ba:9b:59:99:32:f9:7e:ed:
                    fe:00:b0:2c:74:da:bd:b6:bd:52:69:15:7e:30:7f:
                    b0:a9:0b:78:7f:f3:fd:ab:36:3a:8d:d3:c6:9a:44:
                    35:b3:b3:ab:c7:92:3c:21:e1:79:dc:a3:ff:ed:38:
                    0d:06:00:87:62:be:eb:15:d9:6b:26:9d:a8:87:ec:
                    81:ea:dd:d3:7d:30:8d:29:5d:80:f1:92:a3:7b:6a:
                    a1:07:be:0a:81:da:53:0d:73:2e:bb:6b:ba:60:40:
                    fe:63:90:8c:28:b8:45:f0:31:45:75:8f:57:71:b1:
                    c4:be:05:77:05:7a:64:3c:36:94:05:27:d3:89:ab:
                    9d:01:88:df:1f:72:f3:de:f8:90:e8:a3:22:9a:d4:
                    9e:b1:b1:87:99:4c:b0:98:55:dd:32:9a:2f:c6:c7:
                    be:24:3c:68:e9:a6:94:c6:7c:d3:39:57:f6:f6:e9:
                    c8:eb:f3:d0:63:86:a9:c9:96:31:12:16:a6:00:fe:
                    42:de:b0:ef:58:8f:ff:0b:c3:75:da:db:54:e3:ae:
                    32:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:7A:12:6D:78:54:EC:D5:65:AE:82:97:0C:69:3F:33:59:F8:5F:37
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/834407-163d-410c-b949-786cb1296e58/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/834407-163d-410c-b949-786cb1296e58/1/o3oSbXhU7NVlroKXDGk_M1n4Xzc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.234.0-194.127.237.255

    Signature Algorithm: sha256WithRSAEncryption
         9c:80:8a:4f:a6:a7:a4:0c:6e:6d:2c:f2:75:ee:25:4d:13:6a:
         f9:92:88:e9:c5:a7:5c:5e:69:d1:3c:3e:f2:6a:b3:16:e9:06:
         38:2f:e0:53:48:94:fd:1c:01:e1:f2:9d:98:5c:59:94:22:05:
         33:b4:b2:62:09:4c:b4:82:3e:37:5a:80:6f:3d:b8:8e:09:09:
         45:e0:80:6d:15:61:80:2c:44:96:6d:d4:ff:26:2f:28:87:3f:
         ec:63:c7:fa:5b:81:04:44:91:80:2f:34:2d:51:ec:da:ee:48:
         a2:2e:80:b8:eb:81:07:1a:44:f6:b3:07:ba:ee:c2:28:a4:89:
         68:f3:2e:c7:31:05:5d:cb:8a:46:d0:85:d2:45:ab:84:75:05:
         84:06:dc:f3:13:c2:b8:d0:4f:cd:97:4a:dc:3e:90:43:e4:79:
         75:d9:34:a2:ed:c8:96:9d:bc:80:7f:f0:6f:3e:8e:86:9c:88:
         df:26:32:90:d7:4c:dd:4f:44:27:1e:c3:c3:15:3c:7b:8d:a6:
         08:6a:17:cc:52:28:4a:03:8c:31:ae:38:ec:b2:de:d4:70:db:
         b1:f5:55:61:1e:8b:8a:a1:f3:8b:f0:3a:d4:79:82:c8:be:3a:
         eb:35:93:7c:cb:5a:9c:84:24:60:17:ce:47:41:2b:96:5c:b4:
         68:b8:88:eb
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAYzDSJnI0FVxqvEWaKjeDmfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzdhMTI2ZDc4NTRlY2Q1NjVhZTgyOTcwYzY5M2YzMzU5Zjg1ZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7C9DiO2Qtmeu+fgFhkGho9wwsN6
3RF2LivZ8FV8n/czNLjqbA1pxokfi0fkrBgUfswJuptZmTL5fu3+ALAsdNq9tr1S
aRV+MH+wqQt4f/P9qzY6jdPGmkQ1s7Orx5I8IeF53KP/7TgNBgCHYr7rFdlrJp2o
h+yB6t3TfTCNKV2A8ZKje2qhB74KgdpTDXMuu2u6YED+Y5CMKLhF8DFFdY9XcbHE
vgV3BXpkPDaUBSfTiaudAYjfH3Lz3viQ6KMimtSesbGHmUywmFXdMpovxse+JDxo
6aaUxnzTOVf29unI6/PQY4apyZYxEhamAP5C3rDvWI//C8N12ttU464yBwIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFKN6Em14VOzVZa6ClwxpPzNZ+F83MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgxLzgzNDQw
Ny0xNjNkLTQxMGMtYjk0OS03ODZjYjEyOTZlNTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODEvODM0NDA3
LTE2M2QtNDEwYy1iOTQ5LTc4NmNiMTI5NmU1OC8xL28zb1NiWGhVN05WbHJvS1hE
R2tfTTFuNFh6Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUF
BwEHAQH/BBgwFjAUBAIAATAOMAwDBAHCf+oDBAHCf+wwDQYJKoZIhvcNAQELBQAD
ggEBAJyAik+mp6QMbm0s8nXuJU0TavmSiOnFp1xeadE8PvJqsxbpBjgv4FNIlP0c
AeHynZhcWZQiBTO0smIJTLSCPjdagG89uI4JCUXggG0VYYAsRJZt1P8mLyiHP+xj
x/pbgQREkYAvNC1R7NruSKIugLjrgQcaRPazB7ruwiikiWjzLscxBV3LikbQhdJF
q4R1BYQG3PMTwrjQT82XStw+kEPkeXXZNKLtyJadvIB/8G8+joaciN8mMpDXTN1P
RCcew8MVPHuNpghqF8xSKEoDjDGuOOyy3tRw27H1VWEei4qh84vwOtR5gsi+Ous1
k3zLWpyEJGAXzkdBK5ZctGi4iOs=
-----END CERTIFICATE-----