Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/obeZgyScHV-GGfE1xtbn43379WI.cer
File:                     obeZgyScHV-GGfE1xtbn43379WI.cer (raw, json)
Hash identifier:          0PUwnaO3tXBz9Z1Dnlprh9T6k/FmGy9hp5gNnZzMHtQ=
Subject key identifier:   A1:B7:99:83:24:9C:1D:5F:86:19:F1:35:C6:D6:E7:E3:7D:FB:F5:62
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A5358D1FA42C7EB8239B0514016CF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fe/122d89-8e43-40c3-9cef-b33916b9f839/1/obeZgyScHV-GGfE1xtbn43379WI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fe/122d89-8e43-40c3-9cef-b33916b9f839/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:40 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200094

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:53:58:d1:fa:42:c7:eb:82:39:b0:51:40:16:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1b79983249c1d5f8619f135c6d6e7e37dfbf562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ea:46:49:01:3d:b0:60:83:04:cb:30:06:96:
                    3f:a6:6a:a3:78:f1:d6:e1:c3:e0:33:87:13:fd:30:
                    0e:95:16:15:f4:a0:f3:62:ee:5e:1c:d6:7c:e2:b8:
                    78:93:2a:b8:11:b4:3c:00:93:b5:63:83:75:54:98:
                    c8:6a:47:4c:79:72:a7:db:d6:98:15:b1:59:d0:f2:
                    2a:b4:a5:91:6c:70:2c:48:2f:6d:56:b0:df:5d:77:
                    17:87:96:80:38:fd:50:d8:26:1f:28:14:5c:bb:49:
                    ee:36:a9:34:54:c8:01:2a:c5:49:4f:5b:08:40:66:
                    ff:0f:d8:60:10:3a:dd:26:65:5b:12:7f:22:94:3a:
                    00:2f:df:1a:20:8a:8d:73:4e:b4:2f:41:72:4f:f7:
                    dd:c1:22:61:b8:5a:df:82:75:21:02:ad:b0:50:c4:
                    5a:5b:55:39:9a:0c:02:54:b2:f3:74:43:07:31:f3:
                    8e:6c:ca:c1:8e:84:7b:62:ca:6a:0e:c7:3c:2d:e8:
                    42:15:59:c7:73:16:fb:8b:ef:9d:3f:e4:94:50:a8:
                    06:8d:70:19:86:21:88:76:26:bc:0a:31:42:59:d1:
                    60:a1:eb:4d:7c:af:f3:d2:2b:5a:cc:78:6c:60:ea:
                    aa:21:5c:08:ef:2c:f9:cc:8c:15:18:95:f2:50:bf:
                    72:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:B7:99:83:24:9C:1D:5F:86:19:F1:35:C6:D6:E7:E3:7D:FB:F5:62
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/122d89-8e43-40c3-9cef-b33916b9f839/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/122d89-8e43-40c3-9cef-b33916b9f839/1/obeZgyScHV-GGfE1xtbn43379WI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200094

    Signature Algorithm: sha256WithRSAEncryption
         00:1a:04:6b:f9:b2:5b:d4:0e:48:ed:d4:00:34:b2:b1:bb:b8:
         29:50:21:6d:f0:7b:90:a5:6f:90:89:b1:52:da:cb:63:e5:1c:
         60:47:95:2a:40:29:b2:92:dd:4c:0e:8b:a3:c6:ca:5e:bb:45:
         9a:05:69:be:13:f1:81:cb:41:5e:0f:67:f2:2f:2d:01:0f:4f:
         9a:62:25:f5:7a:e2:8c:dc:6b:19:f5:1a:6d:d7:db:19:1a:77:
         a7:c1:78:66:a5:19:7f:54:e4:62:ab:b5:80:5d:ef:9e:b0:e4:
         4c:82:a4:0b:16:44:ff:a5:95:82:8c:09:36:39:0f:6d:b7:65:
         92:ef:3c:f5:3c:82:b4:53:56:0a:80:c0:71:5b:87:ca:d2:95:
         88:c1:49:d6:60:cc:fc:bc:c9:c9:c6:0f:20:45:05:47:61:a6:
         1d:a0:bc:c7:24:42:76:84:5e:b9:ab:70:3d:a1:d3:0e:14:b3:
         69:35:55:cc:4f:8f:78:a0:17:24:2a:36:04:7f:d9:73:5a:01:
         62:e7:ac:2f:31:8c:19:3a:3f:71:16:92:92:59:02:d3:35:d4:
         4e:f1:30:c7:e4:e4:d8:fe:fa:85:28:88:81:98:d5:2f:97:be:
         0b:73:7f:ba:81:b8:9d:67:83:46:54:55:ab:45:12:b7:66:7a:
         bb:ac:fb:78
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKKlNY0fpCx+uCObBRQBbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWI3OTk4MzI0OWMxZDVmODYxOWYxMzVjNmQ2ZTdlMzdkZmJmNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiepGSQE9sGCDBMswBpY/pmqjePHW
4cPgM4cT/TAOlRYV9KDzYu5eHNZ84rh4kyq4EbQ8AJO1Y4N1VJjIakdMeXKn29aY
FbFZ0PIqtKWRbHAsSC9tVrDfXXcXh5aAOP1Q2CYfKBRcu0nuNqk0VMgBKsVJT1sI
QGb/D9hgEDrdJmVbEn8ilDoAL98aIIqNc060L0FyT/fdwSJhuFrfgnUhAq2wUMRa
W1U5mgwCVLLzdEMHMfOObMrBjoR7YspqDsc8LehCFVnHcxb7i++dP+SUUKgGjXAZ
hiGIdia8CjFCWdFgoetNfK/z0itazHhsYOqqIVwI7yz5zIwVGJXyUL9yfwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFKG3mYMknB1fhhnxNcbW5+N9+/ViMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZlLzEyMmQ4
OS04ZTQzLTQwYzMtOWNlZi1iMzM5MTZiOWY4MzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvMTIyZDg5
LThlNDMtNDBjMy05Y2VmLWIzMzkxNmI5ZjgzOS8xL29iZVpneVNjSFYtR0dmRTF4
dGJuNDMzNzlXSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMNnjANBgkqhkiG9w0BAQsFAAOCAQEAABoEa/myW9QO
SO3UADSysbu4KVAhbfB7kKVvkImxUtrLY+UcYEeVKkApspLdTA6Lo8bKXrtFmgVp
vhPxgctBXg9n8i8tAQ9PmmIl9XrijNxrGfUabdfbGRp3p8F4ZqUZf1TkYqu1gF3v
nrDkTIKkCxZE/6WVgowJNjkPbbdlku889TyCtFNWCoDAcVuHytKViMFJ1mDM/LzJ
ycYPIEUFR2GmHaC8xyRCdoReuatwPaHTDhSzaTVVzE+PeKAXJCo2BH/Zc1oBYues
LzGMGTo/cRaSklkC0zXUTvEwx+Tk2P76hSiIgZjVL5e+C3N/uoG4nWeDRlRVq0US
t2Z6u6z7eA==
-----END CERTIFICATE-----