Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nzmWaGPYL6i9HKOTaQX6HiSpoL8.cer
File:                     nzmWaGPYL6i9HKOTaQX6HiSpoL8.cer (raw, json)
Hash identifier:          MZTi95kFIph3RNVdCYFHBa7zLtiDWgorqL+9YnzygrI=
Subject key identifier:   9F:39:96:68:63:D8:2F:A8:BD:1C:A3:93:69:05:FA:1E:24:A9:A0:BF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5B3F990F30C5BA262717217DFD4E8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5e/c3e3ad-51eb-4e96-98b2-0b1d09498534/1/nzmWaGPYL6i9HKOTaQX6HiSpoL8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5e/c3e3ad-51eb-4e96-98b2-0b1d09498534/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:43 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.216.182.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b3:f9:90:f3:0c:5b:a2:62:71:72:17:df:d4:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f39966863d82fa8bd1ca3936905fa1e24a9a0bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:07:f3:40:95:e9:d6:43:15:53:80:5d:bc:8b:
                    b6:8d:68:2a:4f:1c:81:27:dc:53:e1:ed:bb:fc:b5:
                    07:2a:cd:d7:9b:d2:e0:d5:62:b5:6c:be:d8:2d:d9:
                    1d:8d:cc:ad:61:23:95:7a:2b:44:3b:17:29:b8:d6:
                    7e:77:ee:db:91:6c:33:05:ea:36:36:ef:fe:b4:50:
                    fc:40:05:8c:b3:f9:4e:42:4b:63:b5:2e:7f:60:13:
                    04:cf:84:c6:d0:bf:ae:aa:a5:7e:84:4d:0c:fc:05:
                    e9:09:8b:8f:c1:70:03:a3:e4:82:fb:92:70:f1:a9:
                    99:fe:3d:df:d9:f1:31:6b:7f:0e:da:5e:81:28:5c:
                    15:c0:4b:1d:6e:81:73:5c:15:84:f3:9d:99:76:57:
                    bd:80:55:11:46:87:af:5f:cd:ba:ab:5f:6c:ac:82:
                    b0:ff:de:a7:ca:1d:4c:4d:8b:21:0b:68:83:8d:47:
                    1c:ef:7c:0b:24:09:32:e1:79:79:44:e4:a1:d9:2f:
                    18:38:09:10:63:65:88:4c:ac:38:1a:b1:e3:b6:21:
                    aa:25:53:b1:61:69:e1:23:76:a7:94:3b:7b:2e:a6:
                    c5:ca:15:aa:19:0b:f1:58:c9:27:cc:04:45:eb:cd:
                    3a:fe:d7:1a:f2:ca:12:b2:85:7b:cc:98:d9:cc:a9:
                    79:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:39:96:68:63:D8:2F:A8:BD:1C:A3:93:69:05:FA:1E:24:A9:A0:BF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/c3e3ad-51eb-4e96-98b2-0b1d09498534/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/c3e3ad-51eb-4e96-98b2-0b1d09498534/1/nzmWaGPYL6i9HKOTaQX6HiSpoL8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:53:83:a1:ba:a3:b9:82:19:89:a7:14:31:61:99:10:d7:cf:
         b8:3e:a3:00:25:4b:07:cb:0c:5a:b2:ea:d0:5d:3c:98:16:b1:
         01:8b:26:4c:03:65:2c:89:c2:89:cf:55:2a:b9:8f:10:1b:94:
         a1:c1:40:66:cb:ff:72:02:4f:a4:c4:50:db:05:75:e9:cc:e5:
         51:b0:11:6f:72:d7:e6:8f:f4:b7:47:86:77:ee:e5:ff:09:9c:
         58:8a:ea:a7:ad:ae:34:ec:39:14:7b:10:08:0a:95:4e:d9:7a:
         ef:69:c5:67:63:61:8f:d2:1d:fc:36:cf:e6:e9:dc:df:02:eb:
         9b:d7:90:dc:55:9b:bf:3c:87:29:0e:da:e9:06:06:7e:ed:d7:
         8e:80:2e:d6:0f:58:b0:5c:a2:5d:79:be:30:b5:11:c5:b0:13:
         8a:f1:58:6d:a7:10:57:7e:7e:21:5c:c0:75:8d:30:8f:15:b0:
         2b:3d:fb:64:63:e8:fd:11:83:34:93:ef:4d:4c:50:8e:37:a4:
         36:9e:ab:06:24:1d:f3:f4:6e:50:39:b2:bf:51:38:c2:98:81:
         3c:4a:c7:f5:0a:33:e2:a0:15:fe:74:8d:3f:b6:d1:14:7c:34:
         75:ac:91:c6:cf:85:cc:1d:ef:5a:87:f0:ba:ea:5c:d2:0a:60:
         f1:0c:07:02
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQg1bP5kPMMW6JicXIX39ToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjM5OTY2ODYzZDgyZmE4YmQxY2EzOTM2OTA1ZmExZTI0YTlhMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wfzQJXp1kMVU4BdvIu2jWgqTxyB
J9xT4e27/LUHKs3Xm9Lg1WK1bL7YLdkdjcytYSOVeitEOxcpuNZ+d+7bkWwzBeo2
Nu/+tFD8QAWMs/lOQktjtS5/YBMEz4TG0L+uqqV+hE0M/AXpCYuPwXADo+SC+5Jw
8amZ/j3f2fExa38O2l6BKFwVwEsdboFzXBWE852Zdle9gFURRoevX826q19srIKw
/96nyh1MTYshC2iDjUcc73wLJAky4Xl5ROSh2S8YOAkQY2WITKw4GrHjtiGqJVOx
YWnhI3anlDt7LqbFyhWqGQvxWMknzARF6806/tca8soSsoV7zJjZzKl5TwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJ85lmhj2C+ovRyjk2kF+h4kqaC/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVlL2MzZTNh
ZC01MWViLTRlOTYtOThiMi0wYjFkMDk0OTg1MzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUvYzNlM2Fk
LTUxZWItNGU5Ni05OGIyLTBiMWQwOTQ5ODUzNC8xL256bVdhR1BZTDZpOUhLT1Rh
UVg2SGlTcG9MOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9i2MA0GCSqGSIb3DQEBCwUAA4IBAQAxU4Oh
uqO5ghmJpxQxYZkQ18+4PqMAJUsHywxasurQXTyYFrEBiyZMA2UsicKJz1UquY8Q
G5ShwUBmy/9yAk+kxFDbBXXpzOVRsBFvctfmj/S3R4Z37uX/CZxYiuqnra407DkU
exAICpVO2XrvacVnY2GP0h38Ns/m6dzfAuub15DcVZu/PIcpDtrpBgZ+7deOgC7W
D1iwXKJdeb4wtRHFsBOK8VhtpxBXfn4hXMB1jTCPFbArPftkY+j9EYM0k+9NTFCO
N6Q2nqsGJB3z9G5QObK/UTjCmIE8Ssf1CjPioBX+dI0/ttEUfDR1rJHGz4XMHe9a
h/C66lzSCmDxDAcC
-----END CERTIFICATE-----