Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer
File:                     uO0-vNIVX5oXihA62rSP2osidaU.cer (raw, json)
Hash identifier:          9oCxmLk0UAfs4L0tgETdeM4fQwGyxyMRcHZOLX4hjV0=
Subject key identifier:   B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8715C0C53FD1F089D27D1E0441017CB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:32:01 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 196719
                          IP: 91.215.200.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:5c:0c:53:fd:1f:08:9d:27:d1:e0:44:10:17:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8ed3ebcd2155f9a178a103adab48fda8b2275a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d5:77:65:58:44:20:f3:b5:84:ac:64:21:b3:
                    4a:e1:09:66:d6:60:b9:f6:ab:38:88:7b:19:2f:65:
                    fd:ad:50:7b:89:ed:17:b4:6f:cc:b3:93:00:69:25:
                    89:90:5a:84:fd:c6:24:ae:e5:13:68:db:c2:7c:f0:
                    2e:c7:f5:7e:47:a0:b3:c9:a4:2c:fe:a7:4e:e2:08:
                    fa:db:6e:a8:8d:bf:90:b6:6e:92:1f:14:d0:e9:47:
                    a6:90:43:3e:26:11:99:6a:71:1b:f6:a0:10:c1:ff:
                    99:b9:2f:5c:01:32:07:f5:1b:4a:72:20:14:43:4d:
                    61:62:e0:2a:c9:8f:89:8e:75:80:41:67:3b:be:87:
                    56:5f:2e:86:94:09:24:e6:65:84:e4:74:38:b6:e1:
                    6e:74:a7:67:34:e9:81:73:bf:26:f7:ed:8e:3f:87:
                    20:57:0b:e9:d6:ed:f3:4d:4b:ba:d2:8b:1c:bf:ec:
                    04:c5:b1:0b:a3:b0:c0:7b:38:71:a1:3e:69:2d:39:
                    8a:49:50:94:0d:d1:f4:52:2b:e8:19:e3:31:be:7c:
                    da:06:13:49:4e:8f:0d:25:51:07:22:00:10:7d:9a:
                    d9:ec:4e:2f:7d:e0:b4:eb:55:e6:67:92:9d:ae:09:
                    dd:3c:78:68:83:3b:36:e2:80:af:5d:08:7a:bd:e9:
                    92:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.200.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  196719

    Signature Algorithm: sha256WithRSAEncryption
         1f:e6:c5:f7:a2:8e:2d:6e:91:6a:d3:a7:f2:de:ba:fc:57:ad:
         10:a8:3e:7c:21:cf:0c:e6:2f:b8:03:13:31:3e:71:29:f6:c5:
         29:17:12:4c:73:16:20:9b:b4:d3:2a:d0:7d:2f:39:a0:c1:7a:
         a5:ee:d7:1e:e1:3e:ff:c0:9c:13:7a:1d:5b:36:4a:5b:4e:20:
         1e:3a:26:0d:44:e0:2b:ce:6b:e0:f4:76:c4:29:97:64:0a:fa:
         4c:b6:1c:a4:5c:67:0b:52:a3:ed:ee:4a:f7:8a:93:be:1d:3b:
         75:80:84:6b:5c:ad:5e:86:b5:86:db:80:d9:40:f9:c7:7e:e8:
         f9:6e:4d:29:79:d7:93:92:7d:4d:58:71:e6:c4:ff:7e:34:06:
         cb:e6:08:55:1b:a1:71:f4:ce:ec:84:a5:58:22:20:a8:96:07:
         2d:fe:92:ef:22:ab:56:92:c2:c9:8f:1b:d7:c6:d6:80:6e:9e:
         54:40:35:f7:d5:9b:4a:be:ab:62:78:cb:d7:bc:60:5c:8b:64:
         93:6b:bc:57:ed:a9:be:6e:aa:eb:a7:51:39:42:89:83:2e:d0:
         bb:b2:04:a8:5f:0f:ad:8f:52:77:86:56:3e:75:11:9d:7d:a0:
         85:aa:30:fe:ae:15:74:c9:ca:d2:37:59:f0:3a:95:03:77:31:
         b3:b0:73:73
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIcVwMU/0fCJ0n0eBEEBfLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGVkM2ViY2QyMTU1ZjlhMTc4YTEwM2FkYWI0OGZkYThiMjI3NWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdV3ZVhEIPO1hKxkIbNK4Qlm1mC5
9qs4iHsZL2X9rVB7ie0XtG/Ms5MAaSWJkFqE/cYkruUTaNvCfPAux/V+R6CzyaQs
/qdO4gj6226ojb+Qtm6SHxTQ6UemkEM+JhGZanEb9qAQwf+ZuS9cATIH9RtKciAU
Q01hYuAqyY+JjnWAQWc7vodWXy6GlAkk5mWE5HQ4tuFudKdnNOmBc78m9+2OP4cg
Vwvp1u3zTUu60oscv+wExbELo7DAezhxoT5pLTmKSVCUDdH0UivoGeMxvnzaBhNJ
To8NJVEHIgAQfZrZ7E4vfeC061XmZ5KdrgndPHhogzs24oCvXQh6vemSCwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLjtPrzSFV+aF4oQOtq0j9qLInWlMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMyLzQyMWM2
ZC01MzVjLTRjMTMtOGRhMy1kZWExMmRkOGM3ZjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIvNDIxYzZk
LTUzNWMtNGMxMy04ZGEzLWRlYTEyZGQ4YzdmNC8xL3VPMC12TklWWDVvWGloQTYy
clNQMm9zaWRhVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCW9fIMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMAbzANBgkqhkiG9w0BAQsFAAOCAQEAH+bF96KOLW6RatOn8t66/FetEKg+fCHP
DOYvuAMTMT5xKfbFKRcSTHMWIJu00yrQfS85oMF6pe7XHuE+/8CcE3odWzZKW04g
HjomDUTgK85r4PR2xCmXZAr6TLYcpFxnC1Kj7e5K94qTvh07dYCEa1ytXoa1htuA
2UD5x37o+W5NKXnXk5J9TVhx5sT/fjQGy+YIVRuhcfTO7ISlWCIgqJYHLf6S7yKr
VpLCyY8b18bWgG6eVEA199WbSr6rYnjL17xgXItkk2u8V+2pvm6q66dROUKJgy7Q
u7IEqF8PrY9Sd4ZWPnURnX2ghaow/q4VdMnK0jdZ8DqVA3cxs7Bzcw==
-----END CERTIFICATE-----