Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/om-n7jCto1qx_ATzQP7fZHqfgWI.cer
File:                     om-n7jCto1qx_ATzQP7fZHqfgWI.cer (raw, json)
Hash identifier:          SFRsmJP9cY+TM8WZw5i+n+93Q04BPyouGu4fAiTZ6so=
Subject key identifier:   A2:6F:A7:EE:30:AD:A3:5A:B1:FC:04:F3:40:FE:DF:64:7A:9F:81:62
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA29FCF0CAAB0E1067D07AE5DFE1FB03
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/32/b87a0d-cc4c-4825-a7e4-e924ce5a75b3/1/om-n7jCto1qx_ATzQP7fZHqfgWI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/32/b87a0d-cc4c-4825-a7e4-e924ce5a75b3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:18 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.27.44.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fc:f0:ca:ab:0e:10:67:d0:7a:e5:df:e1:fb:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a26fa7ee30ada35ab1fc04f340fedf647a9f8162
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:32:74:d9:71:5d:68:b5:8f:01:f9:43:ce:3e:
                    cd:f4:25:c1:01:26:28:10:7b:17:98:74:93:37:fc:
                    c6:6d:15:b1:72:91:e0:86:3a:ae:b7:27:47:da:86:
                    5e:0c:45:4d:47:5e:d6:4f:82:c5:24:e3:47:7e:18:
                    09:fb:ad:b7:ee:c1:b7:a6:dd:6b:41:74:d2:fd:01:
                    ba:a7:64:51:3e:25:26:ef:5f:65:5b:1d:31:a5:d9:
                    a7:0a:c6:47:33:c5:1b:fc:ca:91:26:c3:99:19:23:
                    49:af:6c:28:b6:2c:3e:a8:19:fc:5b:56:7c:38:55:
                    e6:41:67:76:ca:3f:2b:c0:15:74:e4:aa:1e:95:27:
                    11:8f:51:1b:ec:88:7e:5b:25:a4:bf:c6:0c:8b:5a:
                    28:0b:fc:72:2a:25:9b:3e:83:e2:a1:21:f6:02:2d:
                    41:35:ca:c6:8a:cf:04:e5:b9:ed:b7:1a:d8:a5:28:
                    6f:0d:92:9c:88:0e:b8:ae:84:a6:6c:fe:28:e0:4f:
                    1c:56:e9:a0:43:ce:33:2c:2e:d2:71:0f:c7:b5:01:
                    e8:f6:5d:db:21:33:81:a5:1b:aa:42:d2:cd:85:7d:
                    3b:f3:2f:6f:c5:98:74:10:8f:f6:c8:37:56:27:06:
                    64:f0:65:a1:16:e2:e5:cf:c8:d7:70:79:64:dc:e1:
                    32:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:6F:A7:EE:30:AD:A3:5A:B1:FC:04:F3:40:FE:DF:64:7A:9F:81:62
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/b87a0d-cc4c-4825-a7e4-e924ce5a75b3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/b87a0d-cc4c-4825-a7e4-e924ce5a75b3/1/om-n7jCto1qx_ATzQP7fZHqfgWI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:e7:ef:17:44:78:b0:44:99:cd:87:4f:95:e1:1c:dc:b1:ff:
         9e:6e:ef:87:c3:ed:01:9f:bb:91:52:24:a0:24:df:36:37:d3:
         c9:65:2d:45:86:ce:3f:6f:4a:78:3d:a4:13:e3:61:c7:27:9a:
         3f:a9:73:11:db:2b:43:09:46:2b:85:30:a8:bb:d3:c0:02:c4:
         83:9a:5c:24:19:99:68:d7:b4:f8:40:bb:d0:85:f6:49:44:7d:
         13:8b:42:4e:fa:6e:a3:c4:da:53:76:10:6f:64:21:0c:ef:7a:
         09:7b:8a:a4:a9:0b:85:aa:da:0b:d1:6a:10:56:bb:86:ca:22:
         12:0a:2f:e7:47:a3:9f:fa:a1:e9:a3:3b:77:c0:7d:a1:d1:68:
         a8:ad:be:8f:cb:22:0e:07:06:9f:d6:f8:f1:f0:8c:e6:17:42:
         49:a8:5f:b4:78:1a:0c:47:bd:6b:4f:26:d9:ec:a8:85:e7:7b:
         ce:7f:db:5a:5e:18:9c:2f:e7:4f:f4:0d:10:26:4a:17:17:75:
         1d:54:d8:e7:67:90:d9:0d:11:80:b6:03:ba:f6:f1:b5:63:b8:
         42:a7:b2:9d:83:c4:dd:00:54:dc:9c:56:3a:e1:0f:40:91:67:
         7b:fd:82:1a:8a:8c:bf:61:5e:a2:c8:2c:ff:74:c5:9b:f2:6d:
         cb:cd:d2:23
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzKKfzwyqsOEGfQeuXf4fsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjZmYTdlZTMwYWRhMzVhYjFmYzA0ZjM0MGZlZGY2NDdhOWY4MTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDJ02XFdaLWPAflDzj7N9CXBASYo
EHsXmHSTN/zGbRWxcpHghjqutydH2oZeDEVNR17WT4LFJONHfhgJ+6237sG3pt1r
QXTS/QG6p2RRPiUm719lWx0xpdmnCsZHM8Ub/MqRJsOZGSNJr2wotiw+qBn8W1Z8
OFXmQWd2yj8rwBV05KoelScRj1Eb7Ih+WyWkv8YMi1ooC/xyKiWbPoPioSH2Ai1B
NcrGis8E5bnttxrYpShvDZKciA64roSmbP4o4E8cVumgQ84zLC7ScQ/HtQHo9l3b
ITOBpRuqQtLNhX078y9vxZh0EI/2yDdWJwZk8GWhFuLlz8jXcHlk3OEyzQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFKJvp+4wraNasfwE80D+32R6n4FiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMyL2I4N2Ew
ZC1jYzRjLTQ4MjUtYTdlNC1lOTI0Y2U1YTc1YjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIvYjg3YTBk
LWNjNGMtNDgyNS1hN2U0LWU5MjRjZTVhNzViMy8xL29tLW43akN0bzFxeF9BVHpR
UDdmWkhxZmdXSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwRssMA0GCSqGSIb3DQEBCwUAA4IBAQBQ5+8X
RHiwRJnNh0+V4Rzcsf+ebu+Hw+0Bn7uRUiSgJN82N9PJZS1Fhs4/b0p4PaQT42HH
J5o/qXMR2ytDCUYrhTCou9PAAsSDmlwkGZlo17T4QLvQhfZJRH0Ti0JO+m6jxNpT
dhBvZCEM73oJe4qkqQuFqtoL0WoQVruGyiISCi/nR6Of+qHpozt3wH2h0Wiorb6P
yyIOBwaf1vjx8IzmF0JJqF+0eBoMR71rTybZ7KiF53vOf9taXhicL+dP9A0QJkoX
F3UdVNjnZ5DZDRGAtgO69vG1Y7hCp7Kdg8TdAFTcnFY64Q9AkWd7/YIaioy/YV6i
yCz/dMWb8m3LzdIj
-----END CERTIFICATE-----