Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ooinzLTItWvoPCxXZZ3A2W6VZig.cer
File:                     ooinzLTItWvoPCxXZZ3A2W6VZig.cer (raw, json)
Hash identifier:          Z0t5CGtFCo1qdW1kZt+Aw2O6vqX34EbOLIZBim7DkPE=
Subject key identifier:   A2:88:A7:CC:B4:C8:B5:6B:E8:3C:2C:57:65:9D:C0:D9:6E:95:66:28
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC727668FFF530CFA93BB7B986AD72040
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fc/8f6128-139d-4416-b506-26677f8a5055/1/ooinzLTItWvoPCxXZZ3A2W6VZig.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fc/8f6128-139d-4416-b506-26677f8a5055/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198825

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:66:8f:ff:53:0c:fa:93:bb:7b:98:6a:d7:20:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a288a7ccb4c8b56be83c2c57659dc0d96e956628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:22:79:25:41:28:68:28:87:d3:7e:a2:ac:8f:
                    88:62:4c:fc:f2:a1:88:1e:a3:9d:ea:0b:c1:8a:18:
                    4b:d9:4b:93:eb:a2:da:6b:aa:74:52:3b:eb:f7:d9:
                    2f:85:ad:a9:32:cd:cf:72:a4:54:13:dc:2b:25:1d:
                    c8:c5:0e:2a:72:49:d6:7f:38:ad:b5:96:e3:0a:34:
                    69:7f:14:14:09:3a:a2:cc:a7:f8:c0:08:c2:ee:c9:
                    b8:9c:8b:9e:6a:d7:19:90:a1:26:27:3f:bc:87:34:
                    b3:94:36:1c:ed:69:11:0a:49:64:ef:56:4a:4d:ea:
                    21:09:1b:0c:aa:14:d7:68:f3:bc:39:aa:8f:78:06:
                    7a:80:08:3f:32:6c:9d:c7:08:96:11:ef:ed:a9:14:
                    c6:f5:b8:6d:5a:64:91:bd:3a:b1:98:8b:65:fa:b5:
                    bb:7f:28:78:fd:84:57:e3:e9:7f:37:88:a4:29:fa:
                    65:5c:65:f2:16:18:de:64:78:31:f9:45:61:77:55:
                    55:1e:80:2b:50:d3:a7:7b:62:b1:94:d0:27:ea:77:
                    e2:48:0c:86:51:a7:4e:59:0f:e9:5e:ee:c9:6d:41:
                    40:fe:74:dd:d5:54:3e:68:56:05:51:3d:e6:a9:1d:
                    fb:6d:a7:18:7e:f6:50:21:96:30:76:75:51:e5:cf:
                    b0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:88:A7:CC:B4:C8:B5:6B:E8:3C:2C:57:65:9D:C0:D9:6E:95:66:28
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/8f6128-139d-4416-b506-26677f8a5055/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/8f6128-139d-4416-b506-26677f8a5055/1/ooinzLTItWvoPCxXZZ3A2W6VZig.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198825

    Signature Algorithm: sha256WithRSAEncryption
         72:d4:a2:0f:29:f2:c9:5a:2e:5a:c4:8f:99:d8:63:1d:53:62:
         bd:7c:9f:af:07:1e:66:cf:e4:e8:f5:78:3e:60:27:85:63:e2:
         19:3c:c2:07:e5:fb:2b:dc:44:30:f9:43:e0:2e:e1:89:90:00:
         d2:a1:4a:75:19:84:cf:be:e4:64:fd:4e:c2:8a:95:76:dd:9b:
         6b:ec:27:64:0b:9a:21:2b:67:24:2e:c7:34:ca:87:b4:15:83:
         81:b9:6a:37:10:b6:98:47:65:00:0d:34:23:23:47:e5:df:66:
         6c:f2:55:e8:17:f8:c6:f1:85:58:ea:a1:aa:dd:39:9b:76:1c:
         52:b9:ff:75:ce:8b:07:4d:8c:e4:ca:ab:f2:27:5c:9f:e7:5b:
         4d:b2:7c:a6:d3:86:15:47:21:4a:59:a2:5b:93:5c:57:b9:49:
         ae:e0:cb:6b:7f:cd:8f:6f:a7:14:d8:59:8e:37:67:f8:a2:56:
         61:26:b5:9d:04:33:98:50:98:dc:af:81:1f:75:7c:e3:3d:cf:
         ef:ee:6a:84:14:de:dd:df:90:0a:c5:ff:c8:8d:b0:89:4e:9d:
         03:e7:a3:ba:9b:fa:30:79:6f:df:3b:a5:36:0a:13:87:e5:49:
         6d:57:5b:4f:35:ec:d1:75:9c:ab:1b:f1:11:09:17:cf:a0:d6:
         d7:a0:80:10
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHJ2aP/1MM+pO7e5hq1yBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjg4YTdjY2I0YzhiNTZiZTgzYzJjNTc2NTlkYzBkOTZlOTU2NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCJ5JUEoaCiH036irI+IYkz88qGI
HqOd6gvBihhL2UuT66Laa6p0Ujvr99kvha2pMs3PcqRUE9wrJR3IxQ4qcknWfzit
tZbjCjRpfxQUCTqizKf4wAjC7sm4nIueatcZkKEmJz+8hzSzlDYc7WkRCklk71ZK
TeohCRsMqhTXaPO8OaqPeAZ6gAg/MmydxwiWEe/tqRTG9bhtWmSRvTqxmItl+rW7
fyh4/YRX4+l/N4ikKfplXGXyFhjeZHgx+UVhd1VVHoArUNOne2KxlNAn6nfiSAyG
UadOWQ/pXu7JbUFA/nTd1VQ+aFYFUT3mqR37bacYfvZQIZYwdnVR5c+wmQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFKKIp8y0yLVr6DwsV2WdwNlulWYoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZjLzhmNjEy
OC0xMzlkLTQ0MTYtYjUwNi0yNjY3N2Y4YTUwNTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmMvOGY2MTI4
LTEzOWQtNDQxNi1iNTA2LTI2Njc3ZjhhNTA1NS8xL29vaW56TFRJdFd2b1BDeFha
WjNBMlc2VlppZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMIqTANBgkqhkiG9w0BAQsFAAOCAQEActSiDynyyVou
WsSPmdhjHVNivXyfrwceZs/k6PV4PmAnhWPiGTzCB+X7K9xEMPlD4C7hiZAA0qFK
dRmEz77kZP1OwoqVdt2ba+wnZAuaIStnJC7HNMqHtBWDgblqNxC2mEdlAA00IyNH
5d9mbPJV6Bf4xvGFWOqhqt05m3YcUrn/dc6LB02M5Mqr8idcn+dbTbJ8ptOGFUch
SlmiW5NcV7lJruDLa3/Nj2+nFNhZjjdn+KJWYSa1nQQzmFCY3K+BH3V84z3P7+5q
hBTe3d+QCsX/yI2wiU6dA+ejupv6MHlv3zulNgoTh+VJbVdbTzXs0XWcqxvxEQkX
z6DW16CAEA==
-----END CERTIFICATE-----