Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/oCuxHQGVV-EvX7brkDg3QhFg0Ak.cer
File:                     oCuxHQGVV-EvX7brkDg3QhFg0Ak.cer (raw, json)
Hash identifier:          p6hP0XRz3sjxzGruveN8fULM+h4WCnKMF4r65jz8PXQ=
Subject key identifier:   A0:2B:B1:1D:01:95:57:E1:2F:5F:B6:EB:90:38:37:42:11:60:D0:09
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B8A66A3CDE58DC628D973B781330C2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/9d6ca2-0dac-4597-80f5-7bd3ab73e172/1/oCuxHQGVV-EvX7brkDg3QhFg0Ak.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/9d6ca2-0dac-4597-80f5-7bd3ab73e172/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:30:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202332
                          IP: 194.147.40.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a6:6a:3c:de:58:dc:62:8d:97:3b:78:13:30:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a02bb11d019557e12f5fb6eb903837421160d009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c8:74:45:c1:22:0b:0d:bf:97:d7:49:c1:ff:
                    a4:d1:99:15:b3:25:38:71:50:cd:74:14:09:61:c2:
                    25:9e:63:f7:47:a5:5e:5e:4f:a1:5d:12:3b:3d:4d:
                    40:d9:c0:56:a3:c3:55:b7:8f:ae:c2:f3:3a:d6:e4:
                    12:f3:84:e7:6e:88:3d:58:3a:75:04:24:7d:94:3f:
                    bd:32:31:02:f1:f2:d1:04:bb:b4:ef:45:72:39:4b:
                    dd:35:6f:95:52:88:62:ca:0f:12:c9:f6:9e:9d:e1:
                    2e:8d:27:39:d0:ee:3b:b9:27:c1:39:8a:27:a2:5a:
                    af:fa:98:6b:e5:4c:f8:1f:33:e6:fa:1a:22:fb:cf:
                    8c:3e:66:1e:65:cd:00:36:d3:54:78:42:e3:75:66:
                    d9:f1:66:c2:44:85:f4:91:36:2f:1e:e5:c7:5a:ab:
                    c3:94:83:e7:d7:60:32:81:11:fa:dd:c8:4b:9a:58:
                    45:f8:4d:4b:db:3f:14:22:82:4d:95:b8:9a:8d:06:
                    ce:ff:aa:6c:93:cf:1f:39:6e:d3:7d:c5:07:fa:90:
                    f8:a9:4d:f6:1b:2d:17:a5:94:4b:08:56:6a:ba:a6:
                    21:20:d2:a8:17:2f:38:eb:57:db:ae:91:6c:6a:7a:
                    c8:95:ba:1a:63:8e:37:ee:93:cf:42:dd:cd:5a:ae:
                    6f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2B:B1:1D:01:95:57:E1:2F:5F:B6:EB:90:38:37:42:11:60:D0:09
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9d6ca2-0dac-4597-80f5-7bd3ab73e172/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9d6ca2-0dac-4597-80f5-7bd3ab73e172/1/oCuxHQGVV-EvX7brkDg3QhFg0Ak.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.40.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202332

    Signature Algorithm: sha256WithRSAEncryption
         27:0b:53:9e:64:a7:ac:e8:5a:fe:60:36:1d:7d:3a:f6:86:37:
         c6:8b:b9:59:30:59:2e:94:71:1b:ba:f0:2c:a0:64:fb:e4:3f:
         fb:0f:e9:66:23:40:d6:86:d7:cc:1b:a9:60:27:05:a6:f0:c7:
         98:1b:6d:a2:a9:1e:5a:cf:9d:38:84:5b:9a:8c:ee:1b:cb:65:
         0f:4a:86:d4:b2:92:eb:4d:83:1c:6c:45:80:5e:ef:70:3e:01:
         62:7d:f3:b0:d5:a9:aa:27:3f:94:f6:65:a0:e4:13:87:65:d2:
         0a:04:1c:f9:65:70:1d:4c:6c:20:fe:19:f2:93:55:30:a7:4f:
         36:59:2f:91:4b:98:89:37:5b:21:54:93:b7:48:79:ab:52:91:
         e0:b8:98:c5:1d:6f:89:16:ed:df:ff:eb:83:f8:ee:e9:1c:7c:
         89:93:33:32:45:32:3a:a8:15:d6:77:0e:3d:37:f0:db:51:f6:
         cb:e8:83:e1:1f:ef:c5:f3:75:e7:20:01:53:de:44:be:47:62:
         d6:f4:8a:40:55:ef:db:73:55:99:09:38:8c:1e:ff:d8:aa:a4:
         b7:bc:d3:2c:e9:3a:37:55:a3:aa:dc:43:0b:ff:d4:d5:05:af:
         3f:7f:19:89:31:6b:3c:28:24:fa:50:2c:18:39:10:62:e5:1d:
         a2:dd:9c:55
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzGuKZqPN5Y3GKNlzt4EzDCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDJiYjExZDAxOTU1N2UxMmY1ZmI2ZWI5MDM4Mzc0MjExNjBkMDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Mh0RcEiCw2/l9dJwf+k0ZkVsyU4
cVDNdBQJYcIlnmP3R6VeXk+hXRI7PU1A2cBWo8NVt4+uwvM61uQS84Tnbog9WDp1
BCR9lD+9MjEC8fLRBLu070VyOUvdNW+VUohiyg8SyfaeneEujSc50O47uSfBOYon
olqv+phr5Uz4HzPm+hoi+8+MPmYeZc0ANtNUeELjdWbZ8WbCRIX0kTYvHuXHWqvD
lIPn12AygRH63chLmlhF+E1L2z8UIoJNlbiajQbO/6psk88fOW7TfcUH+pD4qU32
Gy0XpZRLCFZquqYhINKoFy8461fbrpFsanrIlboaY4437pPPQt3NWq5vKwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKArsR0BlVfhL1+265A4N0IRYNAJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2LzlkNmNh
Mi0wZGFjLTQ1OTctODBmNS03YmQzYWI3M2UxNzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvOWQ2Y2Ey
LTBkYWMtNDU5Ny04MGY1LTdiZDNhYjczZTE3Mi8xL29DdXhIUUdWVi1Fdlg3YnJr
RGczUWhGZzBBay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwpMoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMWXDANBgkqhkiG9w0BAQsFAAOCAQEAJwtTnmSnrOha/mA2HX069oY3xou5WTBZ
LpRxG7rwLKBk++Q/+w/pZiNA1obXzBupYCcFpvDHmBttoqkeWs+dOIRbmozuG8tl
D0qG1LKS602DHGxFgF7vcD4BYn3zsNWpqic/lPZloOQTh2XSCgQc+WVwHUxsIP4Z
8pNVMKdPNlkvkUuYiTdbIVSTt0h5q1KR4LiYxR1viRbt3//rg/ju6Rx8iZMzMkUy
OqgV1ncOPTfw21H2y+iD4R/vxfN15yABU95Evkdi1vSKQFXv23NVmQk4jB7/2Kqk
t7zTLOk6N1WjqtxDC//U1QWvP38ZiTFrPCgk+lAsGDkQYuUdot2cVQ==
-----END CERTIFICATE-----