Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NKh-9PEuNt_cafTUydRQ7us_9tU.cer
File:                     NKh-9PEuNt_cafTUydRQ7us_9tU.cer (raw, json)
Hash identifier:          gMYpN7eDlioH6xKAnCWb5Lk/4VVujiQaswiZwDScrRA=
Subject key identifier:   34:A8:7E:F4:F1:2E:36:DF:DC:69:F4:D4:C9:D4:50:EE:EB:3F:F6:D5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26CFA362905E390BAC409FA5EB2C30F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/98/8c19ff-a757-41b4-83fd-d490b815503b/1/NKh-9PEuNt_cafTUydRQ7us_9tU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/98/8c19ff-a757-41b4-83fd-d490b815503b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 44834

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fa:36:29:05:e3:90:ba:c4:09:fa:5e:b2:c3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34a87ef4f12e36dfdc69f4d4c9d450eeeb3ff6d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f9:e1:c8:f4:1e:53:f1:2d:d0:8b:7e:68:bb:
                    7c:b3:fb:93:32:4c:7d:74:74:70:07:0d:0c:1d:38:
                    53:ca:4f:11:fe:a3:cd:41:fd:f7:c8:2a:a7:33:b0:
                    71:81:64:b2:00:22:d7:cf:34:be:5f:de:76:59:5a:
                    01:af:a0:24:a0:0c:2b:db:0d:87:0c:38:da:9f:10:
                    9c:2f:b2:6a:35:66:bb:00:8a:e1:ed:a4:ce:20:db:
                    a6:cc:ff:26:c1:f0:17:65:96:a9:03:fb:e3:9b:e0:
                    b9:63:22:78:6a:e4:8f:bd:32:47:9a:19:0e:33:6e:
                    f3:41:ac:f2:20:6d:d5:d4:db:88:0f:34:26:e8:83:
                    90:60:1e:66:80:28:87:15:9b:ca:5f:3a:b5:b0:89:
                    30:e6:e7:44:41:f1:34:c5:1d:bd:f1:ee:37:85:25:
                    1d:7b:dc:d6:04:c3:ff:4f:76:ec:57:69:04:ea:df:
                    90:bf:05:ae:ed:11:9d:8f:d5:21:68:da:f6:d7:b1:
                    ac:17:c0:58:83:f5:ae:07:97:1d:c5:2e:da:9d:91:
                    d2:0e:f7:b7:1d:9b:43:1b:4e:42:47:08:12:7e:d5:
                    e9:26:7c:da:3d:6d:3d:1c:7c:65:10:13:c3:77:f3:
                    11:3a:86:9a:13:13:3e:ed:db:9a:e8:2b:af:5d:46:
                    25:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A8:7E:F4:F1:2E:36:DF:DC:69:F4:D4:C9:D4:50:EE:EB:3F:F6:D5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8c19ff-a757-41b4-83fd-d490b815503b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8c19ff-a757-41b4-83fd-d490b815503b/1/NKh-9PEuNt_cafTUydRQ7us_9tU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  44834

    Signature Algorithm: sha256WithRSAEncryption
         92:af:fe:68:8b:4d:4c:b0:31:2d:bc:54:75:f9:ec:3d:34:54:
         aa:ec:d0:0d:db:03:4d:78:97:a6:64:73:a3:39:d5:d6:e6:c1:
         8e:7a:81:5a:64:63:25:8f:6a:0a:98:3c:44:6c:cb:70:ea:a6:
         91:df:1a:fe:e4:93:1d:c5:2c:d2:e8:ca:af:16:a2:d4:4a:fd:
         2e:76:01:db:18:c1:d4:32:d5:98:40:94:9c:9b:13:b9:d0:1b:
         30:49:8c:3a:b2:98:d7:bb:1e:b1:8c:9c:a2:36:d6:e9:59:6c:
         17:a2:30:e0:68:70:d7:7f:8d:74:b1:89:98:a0:b1:16:af:b1:
         53:39:8a:1c:d7:4d:06:06:c2:d3:94:da:a0:8e:6b:75:94:e9:
         2f:42:e4:64:f0:9a:15:0b:20:de:80:c8:71:30:77:7f:32:05:
         04:e6:4a:fe:7e:69:b2:36:60:a4:f2:cc:47:61:8a:64:d3:a5:
         f5:8d:71:82:d5:0f:c4:8e:fa:1a:a9:64:15:e7:2a:ae:1f:88:
         5e:5b:a1:a4:33:7d:5a:e1:4b:17:77:03:0d:0d:12:59:df:1e:
         f5:b3:5c:c5:d7:b0:e3:b8:08:d9:3d:7e:a3:30:73:9d:78:c0:
         2a:f9:93:29:59:b6:a7:13:6f:d8:ab:32:ba:89:3f:63:a7:0a:
         2f:85:1d:11
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzCbPo2KQXjkLrECfpessMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE4N2VmNGYxMmUzNmRmZGM2OWY0ZDRjOWQ0NTBlZWViM2ZmNmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/nhyPQeU/Et0It+aLt8s/uTMkx9
dHRwBw0MHThTyk8R/qPNQf33yCqnM7BxgWSyACLXzzS+X952WVoBr6AkoAwr2w2H
DDjanxCcL7JqNWa7AIrh7aTOINumzP8mwfAXZZapA/vjm+C5YyJ4auSPvTJHmhkO
M27zQazyIG3V1NuIDzQm6IOQYB5mgCiHFZvKXzq1sIkw5udEQfE0xR298e43hSUd
e9zWBMP/T3bsV2kE6t+QvwWu7RGdj9UhaNr217GsF8BYg/WuB5cdxS7anZHSDve3
HZtDG05CRwgSftXpJnzaPW09HHxlEBPDd/MROoaaExM+7dua6CuvXUYlOQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDSofvTxLjbf3Gn01MnUUO7rP/bVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4LzhjMTlm
Zi1hNzU3LTQxYjQtODNmZC1kNDkwYjgxNTUwM2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvOGMxOWZm
LWE3NTctNDFiNC04M2ZkLWQ0OTBiODE1NTAzYi8xL05LaC05UEV1TnRfY2FmVFV5
ZFJRN3VzXzl0VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCvIjANBgkqhkiG9w0BAQsFAAOCAQEAkq/+aItNTLAx
LbxUdfnsPTRUquzQDdsDTXiXpmRzoznV1ubBjnqBWmRjJY9qCpg8RGzLcOqmkd8a
/uSTHcUs0ujKrxai1Er9LnYB2xjB1DLVmECUnJsTudAbMEmMOrKY17sesYycojbW
6VlsF6Iw4Ghw13+NdLGJmKCxFq+xUzmKHNdNBgbC05TaoI5rdZTpL0LkZPCaFQsg
3oDIcTB3fzIFBOZK/n5psjZgpPLMR2GKZNOl9Y1xgtUPxI76GqlkFecqrh+IXluh
pDN9WuFLF3cDDQ0SWd8e9bNcxdew47gI2T1+ozBznXjAKvmTKVm2pxNv2Ksyuok/
Y6cKL4UdEQ==
-----END CERTIFICATE-----