Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/oDD2TOq1ttqltszfXx3vnNevm-4.cer
File:                     oDD2TOq1ttqltszfXx3vnNevm-4.cer (raw, json)
Hash identifier:          Yfdadq7euXBO01QYfktAIgC8iprm94KcOSBsMzxr794=
Subject key identifier:   A0:30:F6:4C:EA:B5:B6:DA:A5:B6:CC:DF:5F:1D:EF:9C:D7:AF:9B:EE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC87151755D6590A0319416586D7742E3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3c/230232-143c-4aef-86dd-367472ebd1dc/1/oDD2TOq1ttqltszfXx3vnNevm-4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3c/230232-143c-4aef-86dd-367472ebd1dc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:31:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216452

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:51:75:5d:65:90:a0:31:94:16:58:6d:77:42:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a030f64ceab5b6daa5b6ccdf5f1def9cd7af9bee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c9:8b:ad:29:68:b2:46:af:65:34:ab:82:cc:
                    54:db:fd:dc:ce:32:41:4d:cc:11:70:5d:8a:21:a4:
                    db:0c:3e:a9:2c:48:85:0d:35:b7:3b:71:44:da:61:
                    54:a2:1c:97:f1:bf:1c:c5:37:f9:33:0a:ba:01:89:
                    d2:6e:d3:ec:f8:1e:04:c3:cd:9a:d4:a0:85:47:52:
                    e8:74:f5:28:9c:a7:bb:98:e2:ba:0a:09:77:91:a2:
                    28:5f:b6:74:8f:c6:5d:a0:a9:cd:ad:86:a9:75:bc:
                    b1:13:2b:8b:5d:c1:cc:27:ec:d8:bd:7e:63:c6:5d:
                    61:c4:49:09:dd:5b:47:11:54:66:44:1d:f2:74:f4:
                    25:3c:e4:75:9f:45:43:22:f0:ee:c1:2f:9f:3d:aa:
                    26:97:88:92:9d:bd:68:b7:4b:db:36:57:a3:8e:d1:
                    29:3b:c3:90:38:3d:0a:70:e0:4f:a2:48:ca:45:c9:
                    a5:5d:d4:d2:fb:68:d0:cd:21:98:3a:ac:77:93:62:
                    ab:cb:b9:44:ca:e5:a6:30:d3:52:54:f6:a8:99:8d:
                    eb:bf:e9:b8:2e:a4:b3:b9:bc:b9:56:bc:75:26:05:
                    aa:25:77:ca:31:9e:c2:83:c0:8f:46:44:57:a4:da:
                    40:51:1f:7d:e4:cc:24:ab:bb:1d:e6:bd:6e:b1:e4:
                    e4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:30:F6:4C:EA:B5:B6:DA:A5:B6:CC:DF:5F:1D:EF:9C:D7:AF:9B:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/230232-143c-4aef-86dd-367472ebd1dc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/230232-143c-4aef-86dd-367472ebd1dc/1/oDD2TOq1ttqltszfXx3vnNevm-4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216452

    Signature Algorithm: sha256WithRSAEncryption
         a8:e7:d0:9a:c6:d6:9a:b4:d2:b8:5d:b0:e4:46:91:71:58:96:
         f3:bb:ce:04:89:5b:86:e5:bf:4f:ce:86:1b:fd:19:61:6e:2d:
         19:2b:90:e2:bf:45:e9:77:32:32:09:35:15:e9:54:50:c9:f4:
         55:5b:ef:5b:ba:b0:c7:58:cb:7e:36:99:6c:33:a2:95:54:94:
         3a:a4:60:ae:c8:29:04:b3:df:4f:a1:e6:e9:d7:bc:f7:a7:79:
         a4:4f:21:af:b0:15:48:31:e8:c8:0d:45:e1:6c:a9:20:ca:72:
         ea:7e:4e:58:2a:8b:16:d3:30:e9:42:f1:22:e6:b4:03:84:96:
         02:82:d6:d8:32:53:41:27:23:0e:4e:d5:f1:54:41:ec:ea:6e:
         5e:65:3d:a5:aa:1b:fe:9d:8e:47:e2:6d:ed:93:da:58:2e:3b:
         0f:cd:27:8b:7a:c0:de:2c:d6:e3:3d:74:62:36:67:c6:85:6a:
         c9:40:73:d3:8a:bb:3a:ce:09:5c:53:05:dc:36:57:fd:24:c2:
         f8:ec:39:c8:a7:4a:dc:e2:ca:97:89:7d:9f:94:a5:21:c5:c7:
         d4:02:57:78:82:a0:31:ad:b4:69:7f:6f:d7:83:89:a9:e8:c2:
         b5:df:a1:ea:9c:6a:fc:2a:d8:f9:aa:e2:f8:a9:a6:f3:f2:c2:
         48:db:f0:06
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIcVF1XWWQoDGUFlhtd0LjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDMwZjY0Y2VhYjViNmRhYTViNmNjZGY1ZjFkZWY5Y2Q3YWY5YmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMmLrSloskavZTSrgsxU2/3czjJB
TcwRcF2KIaTbDD6pLEiFDTW3O3FE2mFUohyX8b8cxTf5Mwq6AYnSbtPs+B4Ew82a
1KCFR1LodPUonKe7mOK6Cgl3kaIoX7Z0j8ZdoKnNrYapdbyxEyuLXcHMJ+zYvX5j
xl1hxEkJ3VtHEVRmRB3ydPQlPOR1n0VDIvDuwS+fPaoml4iSnb1ot0vbNlejjtEp
O8OQOD0KcOBPokjKRcmlXdTS+2jQzSGYOqx3k2Kry7lEyuWmMNNSVPaomY3rv+m4
LqSzuby5Vrx1JgWqJXfKMZ7Cg8CPRkRXpNpAUR995Mwkq7sd5r1useTkDQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFKAw9kzqtbbapbbM318d75zXr5vuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNjLzIzMDIz
Mi0xNDNjLTRhZWYtODZkZC0zNjc0NzJlYmQxZGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2MvMjMwMjMy
LTE0M2MtNGFlZi04NmRkLTM2NzQ3MmViZDFkYy8xL29ERDJUT3ExdHRxbHRzemZY
eDN2bk5ldm0tNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNNhDANBgkqhkiG9w0BAQsFAAOCAQEAqOfQmsbWmrTS
uF2w5EaRcViW87vOBIlbhuW/T86GG/0ZYW4tGSuQ4r9F6XcyMgk1FelUUMn0VVvv
W7qwx1jLfjaZbDOilVSUOqRgrsgpBLPfT6Hm6de896d5pE8hr7AVSDHoyA1F4Wyp
IMpy6n5OWCqLFtMw6ULxIua0A4SWAoLW2DJTQScjDk7V8VRB7OpuXmU9paob/p2O
R+Jt7ZPaWC47D80ni3rA3izW4z10YjZnxoVqyUBz04q7Os4JXFMF3DZX/STC+Ow5
yKdK3OLKl4l9n5SlIcXH1AJXeIKgMa20aX9v14OJqejCtd+h6pxq/CrY+ari+Kmm
8/LCSNvwBg==
-----END CERTIFICATE-----