Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/uohh4X6-1XlQ_zLHs3f8QwQT2-Q.cer
File:                     uohh4X6-1XlQ_zLHs3f8QwQT2-Q.cer (raw, json)
Hash identifier:          X2ocf3j+WdK2lrmcBDKc2YMps77L5jT6Xz3dzKR1Beg=
Subject key identifier:   BA:88:61:E1:7E:BE:D5:79:50:FF:32:C7:B3:77:FC:43:04:13:DB:E4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC50130D1B2C853EDAC999A4F680BEABC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/uohh4X6-1XlQ_zLHs3f8QwQT2-Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49763
                          IP: 193.164.196.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:30:d1:b2:c8:53:ed:ac:99:9a:4f:68:0b:ea:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba8861e17ebed57950ff32c7b377fc430413dbe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d6:5c:6e:85:49:14:53:4e:a9:93:40:9d:a9:
                    f4:9d:89:40:e0:e3:32:fb:95:b5:6e:14:4d:9c:c7:
                    49:9f:83:43:7d:d7:71:29:0a:e6:b1:74:f7:32:93:
                    a0:3b:71:7f:ee:67:b1:25:bf:0f:5d:d1:7f:bb:fa:
                    11:fc:bb:6e:7e:30:dd:5b:5e:e6:ab:30:36:d2:41:
                    bb:ab:52:65:32:db:9d:02:59:77:25:08:9d:73:8f:
                    8c:6c:0a:f5:ae:57:d7:04:6b:9a:c5:5e:49:66:96:
                    12:8e:a4:39:5f:4e:a5:19:00:ba:98:fe:82:b3:23:
                    2e:73:ce:6b:b6:27:2c:fc:be:69:b3:3e:34:4b:f6:
                    32:54:7d:f0:a7:44:cf:b3:f0:e7:db:b5:1c:19:5d:
                    3e:e1:ae:97:4e:91:80:a5:45:5b:c9:59:eb:86:d3:
                    13:02:97:f0:6c:5b:7c:0c:0a:f3:5a:57:02:cc:54:
                    23:66:d3:62:da:f9:cc:74:06:2a:71:25:1f:ba:91:
                    2f:b3:40:f3:a1:7b:f8:4a:b4:2a:b5:e3:e0:22:fb:
                    9b:94:40:67:9b:f3:1d:ca:0e:60:52:54:3f:8e:08:
                    3e:92:db:2f:b6:f7:3a:c5:f5:50:b0:7a:bb:5d:87:
                    99:4c:d0:27:57:b8:71:12:8e:63:3d:d5:7f:16:c5:
                    4d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:88:61:E1:7E:BE:D5:79:50:FF:32:C7:B3:77:FC:43:04:13:DB:E4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/uohh4X6-1XlQ_zLHs3f8QwQT2-Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.196.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49763

    Signature Algorithm: sha256WithRSAEncryption
         7a:b0:d7:04:d4:f5:9f:2e:a5:49:c1:e5:e4:2c:32:ed:f6:d8:
         b9:e1:e4:84:3b:1c:74:03:47:7c:3b:b3:a5:1d:54:f3:af:97:
         31:e1:a2:18:0f:08:b4:e6:fb:71:7c:e4:99:5c:a2:21:87:00:
         fb:04:8a:a9:a6:2c:74:55:24:da:69:3e:71:74:ce:91:b1:c2:
         2e:9a:72:29:3a:40:b8:0a:a7:80:cd:58:a6:92:38:d5:ea:ef:
         9b:2f:d9:56:d6:7f:48:ec:f9:7b:c9:f3:d7:46:31:4f:4a:17:
         68:bc:36:4d:b9:d1:8b:64:5b:d2:15:b6:8d:7a:78:fb:5b:2c:
         8f:90:b3:6a:97:b8:9f:ce:03:ef:54:4a:a1:13:31:8e:4b:3d:
         ae:52:44:de:70:d8:51:f9:97:2e:c2:21:5d:46:86:2a:54:6f:
         f4:1e:7f:3b:70:da:af:a3:56:4c:c6:7d:68:3d:22:74:05:ac:
         9f:9e:11:05:1a:81:73:7c:40:0d:53:d7:55:a6:95:ce:c8:f1:
         06:b2:ea:a9:3c:17:66:85:24:7a:e9:18:b1:b0:7f:e9:fb:35:
         b0:8b:f6:0e:d5:6e:49:9d:4b:a0:2a:54:b7:64:1d:2b:69:88:
         2d:86:29:d1:12:5a:52:88:d7:db:0b:f4:56:d7:00:8b:4b:95:
         77:c2:bc:7b
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFATDRsshT7ayZmk9oC+q8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTg4NjFlMTdlYmVkNTc5NTBmZjMyYzdiMzc3ZmM0MzA0MTNkYmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidZcboVJFFNOqZNAnan0nYlA4OMy
+5W1bhRNnMdJn4NDfddxKQrmsXT3MpOgO3F/7mexJb8PXdF/u/oR/LtufjDdW17m
qzA20kG7q1JlMtudAll3JQidc4+MbAr1rlfXBGuaxV5JZpYSjqQ5X06lGQC6mP6C
syMuc85rtics/L5psz40S/YyVH3wp0TPs/Dn27UcGV0+4a6XTpGApUVbyVnrhtMT
ApfwbFt8DArzWlcCzFQjZtNi2vnMdAYqcSUfupEvs0DzoXv4SrQqtePgIvublEBn
m/Mdyg5gUlQ/jgg+ktsvtvc6xfVQsHq7XYeZTNAnV7hxEo5jPdV/FsVNKQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLqIYeF+vtV5UP8yx7N3/EMEE9vkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNiLzEwZDE1
My1jM2MzLTQwMTEtOTdjZi0xMGZkY2EzODVlYTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2IvMTBkMTUz
LWMzYzMtNDAxMS05N2NmLTEwZmRjYTM4NWVhNC8xL3VvaGg0WDYtMVhsUV96TEhz
M2Y4UXdRVDItUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwaTEMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDCYzANBgkqhkiG9w0BAQsFAAOCAQEAerDXBNT1ny6lScHl5Cwy7fbYueHkhDsc
dANHfDuzpR1U86+XMeGiGA8ItOb7cXzkmVyiIYcA+wSKqaYsdFUk2mk+cXTOkbHC
LppyKTpAuAqngM1YppI41ervmy/ZVtZ/SOz5e8nz10YxT0oXaLw2TbnRi2Rb0hW2
jXp4+1ssj5Czape4n84D71RKoRMxjks9rlJE3nDYUfmXLsIhXUaGKlRv9B5/O3Da
r6NWTMZ9aD0idAWsn54RBRqBc3xADVPXVaaVzsjxBrLqqTwXZoUkeukYsbB/6fs1
sIv2DtVuSZ1LoCpUt2QdK2mILYYp0RJaUojX2wv0VtcAi0uVd8K8ew==
-----END CERTIFICATE-----