Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ogAYZIx6-hREZNR7seLLK6eG67E.cer
File:                     ogAYZIx6-hREZNR7seLLK6eG67E.cer (raw, json)
Hash identifier:          ZMjqrqeo4EzW2jVsbfC2Bwysx7wrzBktzUUWX+H9B+s=
Subject key identifier:   A2:00:18:64:8C:7A:FA:14:44:64:D4:7B:B1:E2:CB:2B:A7:86:EB:B1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194206852FFF5178FE1C9EDC193B47EA2EB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d9/83a77d-9cad-40de-abed-c4d42b7f6270/1/ogAYZIx6-hREZNR7seLLK6eG67E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d9/83a77d-9cad-40de-abed-c4d42b7f6270/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:15 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 25245
                          IP: 195.234.216.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:52:ff:f5:17:8f:e1:c9:ed:c1:93:b4:7e:a2:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a20018648c7afa144464d47bb1e2cb2ba786ebb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c1:ad:db:4a:94:2a:4d:1d:44:f3:83:f9:26:
                    51:5a:26:6f:48:af:72:2c:72:fe:1a:d5:c0:bd:e3:
                    64:3d:3f:87:08:48:ec:d0:0e:0a:8b:f1:4e:13:c6:
                    6e:4f:8d:2e:f1:cc:df:57:0d:e1:78:e8:eb:f0:90:
                    32:1d:23:e4:68:ee:8d:3b:7a:47:77:75:cd:f1:cb:
                    73:4c:93:13:7a:e9:06:4e:21:dc:4d:20:d8:41:64:
                    e3:03:82:39:5e:17:33:15:72:0e:1a:61:0f:54:f2:
                    04:7a:6b:33:1b:34:a9:57:75:3f:ca:10:11:14:ef:
                    3d:4e:cc:16:51:23:cb:a1:76:f5:9f:61:15:6e:4e:
                    54:b0:cd:6a:79:31:f0:b3:01:5f:08:5b:3b:98:bc:
                    37:22:b8:f2:d6:33:5c:07:17:c2:f3:ba:ba:e8:73:
                    8e:3a:c2:7c:a5:41:bb:3a:4d:ea:e3:7d:44:e9:7e:
                    8c:cc:bd:f0:9e:d3:9a:91:3d:9b:20:cd:ed:07:81:
                    17:0c:98:82:9d:27:b6:96:6a:48:2c:5e:f8:64:1e:
                    b2:52:1d:4f:4f:0f:8d:42:d7:cf:80:46:53:d1:40:
                    77:67:a7:45:94:8e:4f:1b:81:45:6d:04:99:5a:4e:
                    87:eb:05:a5:28:37:73:77:9f:9d:96:f2:66:40:71:
                    82:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:00:18:64:8C:7A:FA:14:44:64:D4:7B:B1:E2:CB:2B:A7:86:EB:B1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/83a77d-9cad-40de-abed-c4d42b7f6270/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/83a77d-9cad-40de-abed-c4d42b7f6270/1/ogAYZIx6-hREZNR7seLLK6eG67E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.216.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25245

    Signature Algorithm: sha256WithRSAEncryption
         71:54:8c:63:91:f8:50:61:f0:24:20:32:f7:e3:3a:c8:8d:5f:
         a2:cf:94:5f:65:3d:a9:94:ef:87:fb:00:47:93:a7:24:83:56:
         dc:f9:c3:cb:09:c5:a0:e9:6d:b6:55:ed:5d:dd:9e:60:3c:1e:
         07:dc:26:f7:1b:d8:be:7b:88:0c:74:12:7a:10:8b:98:5a:e2:
         ce:09:d6:e8:e7:4e:3b:e2:5e:80:1b:15:73:cd:1b:fe:67:2f:
         01:ae:ff:1a:0d:bd:b6:62:77:4c:71:e2:0e:c1:3c:18:2f:79:
         32:15:1c:98:a7:ad:6b:c9:0d:b7:a9:e7:c8:63:5c:18:24:78:
         95:6e:84:17:2e:7e:01:a4:eb:fe:06:dc:e9:4a:20:ad:7a:92:
         73:83:99:32:27:56:fd:2a:ad:84:46:35:5b:1f:41:b7:15:90:
         11:77:68:68:19:4f:ed:ab:30:da:26:06:12:dc:40:26:37:c6:
         69:e0:15:34:cf:1b:5e:e3:10:94:cf:25:0f:23:65:dd:14:d8:
         fd:80:ba:ab:f1:95:95:74:9e:70:a5:6d:9e:d8:29:3f:82:fd:
         af:2f:8a:ad:3c:98:33:58:c2:7f:d2:3c:fc:df:ed:dd:44:21:
         3f:a0:a0:6d:1d:5d:8e:c4:6f:28:58:83:0b:5d:82:5b:56:02:
         49:1e:f5:05
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQgaFL/9ReP4cntwZO0fqLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjAwMTg2NDhjN2FmYTE0NDQ2NGQ0N2JiMWUyY2IyYmE3ODZlYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MGt20qUKk0dRPOD+SZRWiZvSK9y
LHL+GtXAveNkPT+HCEjs0A4Ki/FOE8ZuT40u8czfVw3heOjr8JAyHSPkaO6NO3pH
d3XN8ctzTJMTeukGTiHcTSDYQWTjA4I5XhczFXIOGmEPVPIEemszGzSpV3U/yhAR
FO89TswWUSPLoXb1n2EVbk5UsM1qeTHwswFfCFs7mLw3Irjy1jNcBxfC87q66HOO
OsJ8pUG7Ok3q431E6X6MzL3wntOakT2bIM3tB4EXDJiCnSe2lmpILF74ZB6yUh1P
Tw+NQtfPgEZT0UB3Z6dFlI5PG4FFbQSZWk6H6wWlKDdzd5+dlvJmQHGC/QIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFKIAGGSMevoURGTUe7HiyyunhuuxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q5LzgzYTc3
ZC05Y2FkLTQwZGUtYWJlZC1jNGQ0MmI3ZjYyNzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDkvODNhNzdk
LTljYWQtNDBkZS1hYmVkLWM0ZDQyYjdmNjI3MC8xL29nQVlaSXg2LWhSRVpOUjdz
ZUxMSzZlRzY3RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCw+rYMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AmKdMA0GCSqGSIb3DQEBCwUAA4IBAQBxVIxjkfhQYfAkIDL34zrIjV+iz5RfZT2p
lO+H+wBHk6ckg1bc+cPLCcWg6W22Ve1d3Z5gPB4H3Cb3G9i+e4gMdBJ6EIuYWuLO
Cdbo50474l6AGxVzzRv+Zy8Brv8aDb22YndMceIOwTwYL3kyFRyYp61ryQ23qefI
Y1wYJHiVboQXLn4BpOv+BtzpSiCtepJzg5kyJ1b9Kq2ERjVbH0G3FZARd2hoGU/t
qzDaJgYS3EAmN8Zp4BU0zxte4xCUzyUPI2XdFNj9gLqr8ZWVdJ5wpW2e2Ck/gv2v
L4qtPJgzWMJ/0jz83+3dRCE/oKBtHV2OxG8oWIMLXYJbVgJJHvUF
-----END CERTIFICATE-----