Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3OGyX9kbX7wf-xIYxn7VWK53jAQ.cer
File:                     3OGyX9kbX7wf-xIYxn7VWK53jAQ.cer (raw, json)
Hash identifier:          7IVeHEzfjFHXzbOhT8kScZMzOxsoZ/DMF5Zg3a5cQfo=
Subject key identifier:   DC:E1:B2:5F:D9:1B:5F:BC:1F:FB:12:18:C6:7E:D5:58:AE:77:8C:04
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196C8FB6417C48D4B6D016FE3E0012AF05E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/3OGyX9kbX7wf-xIYxn7VWK53jAQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 13 May 2025 09:30:40 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 47773
                          IP: 2a10:8dc0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 13:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:fb:64:17:c4:8d:4b:6d:01:6f:e3:e0:01:2a:f0:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 13 09:30:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dce1b25fd91b5fbc1ffb1218c67ed558ae778c04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:24:44:f4:9f:3d:fb:1b:43:b5:22:e5:da:a3:
                    d3:a7:31:96:0a:49:ab:47:ea:0f:48:04:9c:8b:71:
                    26:f4:d1:77:0e:2d:5e:42:63:1f:a6:72:63:3b:27:
                    1c:af:14:70:e0:54:20:d0:4f:8e:7d:8d:53:13:e8:
                    26:b4:31:90:b6:f0:16:0f:7a:eb:f0:14:ef:3b:75:
                    1e:2e:b5:f1:7f:1e:3b:1d:7c:76:27:69:f1:cb:3f:
                    b2:f8:97:3e:d0:71:c0:da:de:a9:5e:8f:5c:1f:5b:
                    25:b3:92:45:ea:af:a8:40:e5:1e:44:81:d9:0e:10:
                    dc:c9:bc:5b:68:36:d2:f6:4f:c9:09:97:40:51:02:
                    be:c2:a0:73:03:2c:99:51:ec:e4:fe:9f:93:f9:f9:
                    a2:e9:f3:34:5c:af:67:7b:72:e3:d5:93:e9:64:ae:
                    8f:ee:6f:1a:2f:cd:d3:bb:4b:1a:e6:d8:1b:76:1d:
                    20:b4:69:14:9d:e0:35:27:7b:0c:23:0e:ff:94:46:
                    91:2c:f3:df:3e:7e:9d:79:3c:3d:95:5b:e8:38:4e:
                    e6:8e:6b:cd:ca:8e:c5:43:0e:f8:64:43:ef:ff:0a:
                    fb:95:50:d8:f7:42:6d:74:fe:48:95:fe:2e:0c:19:
                    72:fe:90:08:c3:b8:0f:ab:40:67:ec:47:c7:ff:35:
                    db:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E1:B2:5F:D9:1B:5F:BC:1F:FB:12:18:C6:7E:D5:58:AE:77:8C:04
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/3OGyX9kbX7wf-xIYxn7VWK53jAQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:8dc0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47773

    Signature Algorithm: sha256WithRSAEncryption
         83:59:56:d7:25:4f:3e:8c:ee:33:20:07:ac:b9:55:cc:5f:d9:
         6b:1a:bc:21:6c:83:4e:74:78:69:5f:9d:fc:5f:48:39:b2:04:
         d3:3a:15:d3:e1:80:58:a5:aa:ac:fc:8a:42:ca:bf:ea:93:2e:
         25:e7:a4:0e:be:ee:f8:f0:5f:a0:e4:ee:38:df:48:f1:85:db:
         20:9a:68:f8:72:b6:94:2a:79:fa:c9:22:c1:0c:0c:20:cb:36:
         4b:f8:f6:d0:58:a3:5d:f7:ca:bf:10:45:a0:44:94:5b:fc:e8:
         de:40:a2:8d:28:0d:eb:6c:da:ff:65:c9:3f:d2:85:90:13:84:
         ed:fb:87:93:0d:0b:9b:bd:fd:f7:ab:46:1a:f3:40:a7:45:11:
         45:5c:0b:9f:41:10:9e:27:24:02:ca:13:f8:1b:29:2e:3b:78:
         a7:a2:ca:52:b7:57:55:67:0a:c8:7f:f5:6c:91:5a:0f:2d:f5:
         fa:f4:d0:ac:da:ec:64:fd:ae:69:55:bc:93:3c:7c:d2:8e:bf:
         4b:bc:db:ac:02:af:67:78:db:24:03:52:dc:ee:f4:d7:67:bc:
         20:9b:57:40:26:1e:11:22:c6:ba:b6:0e:f8:58:78:99:a5:2d:
         7b:1e:14:70:82:e2:ae:3b:ea:3c:b6:22:9d:02:49:b6:53:24:
         34:18:05:24
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZbI+2QXxI1LbQFv4+ABKvBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTEzMDkzMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2UxYjI1ZmQ5MWI1ZmJjMWZmYjEyMThjNjdlZDU1OGFlNzc4YzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApiRE9J89+xtDtSLl2qPTpzGWCkmr
R+oPSASci3Em9NF3Di1eQmMfpnJjOyccrxRw4FQg0E+OfY1TE+gmtDGQtvAWD3rr
8BTvO3UeLrXxfx47HXx2J2nxyz+y+Jc+0HHA2t6pXo9cH1sls5JF6q+oQOUeRIHZ
DhDcybxbaDbS9k/JCZdAUQK+wqBzAyyZUezk/p+T+fmi6fM0XK9ne3Lj1ZPpZK6P
7m8aL83Tu0sa5tgbdh0gtGkUneA1J3sMIw7/lEaRLPPfPn6deTw9lVvoOE7mjmvN
yo7FQw74ZEPv/wr7lVDY90JtdP5Ilf4uDBly/pAIw7gPq0Bn7EfH/zXbCwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFNzhsl/ZG1+8H/sSGMZ+1Viud4wEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ1LzMyNTJj
MC01NzI1LTQ0OWYtOTJhMS02NDNiYjI3ZjdmYmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvMzI1MmMw
LTU3MjUtNDQ5Zi05MmExLTY0M2JiMjdmN2ZiZi8xLzNPR3lYOWtiWDd3Zi14SVl4
bjdWV0s1M2pBUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUAKhCNwDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMAup0wDQYJKoZIhvcNAQELBQADggEBAINZVtclTz6M7jMgB6y5Vcxf2WsavCFs
g050eGlfnfxfSDmyBNM6FdPhgFilqqz8ikLKv+qTLiXnpA6+7vjwX6Dk7jjfSPGF
2yCaaPhytpQqefrJIsEMDCDLNkv49tBYo133yr8QRaBElFv86N5Aoo0oDets2v9l
yT/ShZAThO37h5MNC5u9/ferRhrzQKdFEUVcC59BEJ4nJALKE/gbKS47eKeiylK3
V1VnCsh/9WyRWg8t9fr00Kza7GT9rmlVvJM8fNKOv0u826wCr2d42yQDUtzu9Ndn
vCCbV0AmHhEixrq2DvhYeJmlLXseFHCC4q476jy2Ip0CSbZTJDQYBSQ=
-----END CERTIFICATE-----