Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NKh-9PEuNt_cafTUydRQ7us_9tU.cer
File:                     NKh-9PEuNt_cafTUydRQ7us_9tU.cer (raw, json)
Hash identifier:          6lSZC/4iHbEMXBVlSmLZ2ptERCUlhUB+jYg3V4Y3XkY=
Subject key identifier:   34:A8:7E:F4:F1:2E:36:DF:DC:69:F4:D4:C9:D4:50:EE:EB:3F:F6:D5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258FC8486225EBD7B55BAF14059A7187
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/98/8c19ff-a757-41b4-83fd-d490b815503b/1/NKh-9PEuNt_cafTUydRQ7us_9tU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/98/8c19ff-a757-41b4-83fd-d490b815503b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:27 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 44834
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:c8:48:62:25:eb:d7:b5:5b:af:14:05:9a:71:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34a87ef4f12e36dfdc69f4d4c9d450eeeb3ff6d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f9:e1:c8:f4:1e:53:f1:2d:d0:8b:7e:68:bb:
                    7c:b3:fb:93:32:4c:7d:74:74:70:07:0d:0c:1d:38:
                    53:ca:4f:11:fe:a3:cd:41:fd:f7:c8:2a:a7:33:b0:
                    71:81:64:b2:00:22:d7:cf:34:be:5f:de:76:59:5a:
                    01:af:a0:24:a0:0c:2b:db:0d:87:0c:38:da:9f:10:
                    9c:2f:b2:6a:35:66:bb:00:8a:e1:ed:a4:ce:20:db:
                    a6:cc:ff:26:c1:f0:17:65:96:a9:03:fb:e3:9b:e0:
                    b9:63:22:78:6a:e4:8f:bd:32:47:9a:19:0e:33:6e:
                    f3:41:ac:f2:20:6d:d5:d4:db:88:0f:34:26:e8:83:
                    90:60:1e:66:80:28:87:15:9b:ca:5f:3a:b5:b0:89:
                    30:e6:e7:44:41:f1:34:c5:1d:bd:f1:ee:37:85:25:
                    1d:7b:dc:d6:04:c3:ff:4f:76:ec:57:69:04:ea:df:
                    90:bf:05:ae:ed:11:9d:8f:d5:21:68:da:f6:d7:b1:
                    ac:17:c0:58:83:f5:ae:07:97:1d:c5:2e:da:9d:91:
                    d2:0e:f7:b7:1d:9b:43:1b:4e:42:47:08:12:7e:d5:
                    e9:26:7c:da:3d:6d:3d:1c:7c:65:10:13:c3:77:f3:
                    11:3a:86:9a:13:13:3e:ed:db:9a:e8:2b:af:5d:46:
                    25:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A8:7E:F4:F1:2E:36:DF:DC:69:F4:D4:C9:D4:50:EE:EB:3F:F6:D5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8c19ff-a757-41b4-83fd-d490b815503b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8c19ff-a757-41b4-83fd-d490b815503b/1/NKh-9PEuNt_cafTUydRQ7us_9tU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  44834

    Signature Algorithm: sha256WithRSAEncryption
         a8:2f:7e:55:9a:d5:4d:44:53:24:8e:d3:90:71:b0:65:b2:f9:
         b9:74:18:50:e0:90:94:b3:58:ba:f3:da:18:9c:05:65:3c:c3:
         82:b0:06:68:64:da:c9:95:7f:da:48:27:52:8e:48:7e:99:8f:
         fa:02:ea:b2:60:41:fc:4a:7a:02:69:33:2a:09:f6:20:e7:a6:
         7e:fe:0b:31:d2:2d:e3:6a:90:b3:99:60:39:6a:31:90:d3:c1:
         b5:70:2e:a0:c6:95:e6:95:e6:c6:22:ce:12:17:35:8c:83:e9:
         58:03:ec:40:65:95:65:e0:60:68:80:ea:a7:f9:58:04:c7:9e:
         5f:98:78:89:fe:1d:9b:21:8b:96:54:81:6d:ab:3e:02:c5:52:
         6d:b4:dc:c9:e8:98:83:10:37:f1:a9:aa:4d:55:e5:7a:58:a3:
         87:70:b4:0b:63:35:aa:9b:80:87:06:68:71:e8:26:17:b3:cc:
         ac:1b:f5:2d:be:ba:84:e0:4a:c0:f1:58:d6:15:99:0c:e5:e7:
         e6:bf:76:7f:b6:9e:8d:00:a4:59:9c:ff:1b:6c:c5:14:1b:8a:
         b1:14:4d:6b:52:ef:a9:67:96:a2:fe:78:e5:e5:4e:9b:31:28:
         48:69:1d:9f:d5:c2:ed:51:bf:51:ca:56:41:23:22:2b:da:7d:
         9c:0e:67:32
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQlj8hIYiXr17VbrxQFmnGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE4N2VmNGYxMmUzNmRmZGM2OWY0ZDRjOWQ0NTBlZWViM2ZmNmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/nhyPQeU/Et0It+aLt8s/uTMkx9
dHRwBw0MHThTyk8R/qPNQf33yCqnM7BxgWSyACLXzzS+X952WVoBr6AkoAwr2w2H
DDjanxCcL7JqNWa7AIrh7aTOINumzP8mwfAXZZapA/vjm+C5YyJ4auSPvTJHmhkO
M27zQazyIG3V1NuIDzQm6IOQYB5mgCiHFZvKXzq1sIkw5udEQfE0xR298e43hSUd
e9zWBMP/T3bsV2kE6t+QvwWu7RGdj9UhaNr217GsF8BYg/WuB5cdxS7anZHSDve3
HZtDG05CRwgSftXpJnzaPW09HHxlEBPDd/MROoaaExM+7dua6CuvXUYlOQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDSofvTxLjbf3Gn01MnUUO7rP/bVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4LzhjMTlm
Zi1hNzU3LTQxYjQtODNmZC1kNDkwYjgxNTUwM2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvOGMxOWZm
LWE3NTctNDFiNC04M2ZkLWQ0OTBiODE1NTAzYi8xL05LaC05UEV1TnRfY2FmVFV5
ZFJRN3VzXzl0VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCvIjANBgkqhkiG9w0BAQsFAAOCAQEAqC9+VZrVTURT
JI7TkHGwZbL5uXQYUOCQlLNYuvPaGJwFZTzDgrAGaGTayZV/2kgnUo5IfpmP+gLq
smBB/Ep6AmkzKgn2IOemfv4LMdIt42qQs5lgOWoxkNPBtXAuoMaV5pXmxiLOEhc1
jIPpWAPsQGWVZeBgaIDqp/lYBMeeX5h4if4dmyGLllSBbas+AsVSbbTcyeiYgxA3
8amqTVXlelijh3C0C2M1qpuAhwZocegmF7PMrBv1Lb66hOBKwPFY1hWZDOXn5r92
f7aejQCkWZz/G2zFFBuKsRRNa1LvqWeWov545eVOmzEoSGkdn9XC7VG/UcpWQSMi
K9p9nA5nMg==
-----END CERTIFICATE-----