Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NUgzKLASxNGWj8IF3gJK8vmx2rw.cer
File:                     NUgzKLASxNGWj8IF3gJK8vmx2rw.cer (raw, json)
Hash identifier:          uKfhvNgZFWLVPg2wMbhQEZyGZxaRmSupmZOrqFGvnV8=
Subject key identifier:   35:48:33:28:B0:12:C4:D1:96:8F:C2:05:DE:02:4A:F2:F9:B1:DA:BC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0193395C5F671AEF58F5CD6E5B5D9692D02A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/87/91070a-0a96-49df-acff-ec567575418b/1/NUgzKLASxNGWj8IF3gJK8vmx2rw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/87/91070a-0a96-49df-acff-ec567575418b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 17 Nov 2024 09:02:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213884

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:39:5c:5f:67:1a:ef:58:f5:cd:6e:5b:5d:96:92:d0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 17 09:02:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35483328b012c4d1968fc205de024af2f9b1dabc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:cc:81:b1:eb:29:86:47:c7:ad:0a:fe:2b:f2:
                    e3:47:af:2b:87:44:d3:e2:74:c2:1f:76:40:86:d7:
                    cf:2c:62:67:6b:39:62:5b:6a:bd:d7:8c:f6:16:0f:
                    ca:42:e0:cb:e6:6b:8d:89:03:54:33:78:dd:24:bc:
                    4e:a1:be:1f:76:44:40:b2:4e:85:9a:95:98:36:b2:
                    b7:52:33:3a:9d:81:d0:e1:cf:d1:8e:04:2b:15:30:
                    7f:b0:40:95:49:3c:cb:b5:63:3e:41:93:b4:ba:36:
                    da:ff:81:55:34:b4:59:75:34:fd:e7:ff:7c:b5:85:
                    7c:7e:34:9d:a9:73:3f:3d:51:80:c2:d2:5f:a6:fe:
                    f7:cf:39:f1:3e:f7:df:b8:b0:2f:cc:f0:06:f7:3f:
                    f6:48:ea:19:a6:ce:9c:01:ec:49:c3:bf:ef:e3:59:
                    4d:d5:8b:51:15:ad:a8:43:d0:0c:5b:5c:fc:3e:74:
                    f7:16:15:a4:6f:5d:05:52:38:9c:e3:3f:cc:96:08:
                    ee:38:fa:d8:a8:0e:5e:9c:b2:94:3e:9f:30:e1:b5:
                    4b:f1:d3:07:08:70:d0:43:aa:c2:83:b3:cd:d6:21:
                    59:e6:5f:32:d4:48:d6:4a:d2:b1:61:0a:fb:42:21:
                    ea:09:43:75:1d:69:c7:65:ed:9a:a3:f3:8d:18:40:
                    22:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:48:33:28:B0:12:C4:D1:96:8F:C2:05:DE:02:4A:F2:F9:B1:DA:BC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/91070a-0a96-49df-acff-ec567575418b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/91070a-0a96-49df-acff-ec567575418b/1/NUgzKLASxNGWj8IF3gJK8vmx2rw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213884

    Signature Algorithm: sha256WithRSAEncryption
         86:9f:b9:04:de:d3:7c:31:c2:fb:cb:4c:92:ff:85:53:06:d7:
         e3:fb:7f:a0:a4:ed:12:62:a5:19:e3:a0:d6:3a:d7:fc:88:d0:
         2c:e7:f8:33:42:a7:0f:6f:4f:45:8e:a4:25:bb:79:d9:94:f3:
         57:99:dd:f3:6e:ef:e9:82:76:cb:c8:e0:7b:a7:30:45:5a:0c:
         16:d5:b3:a2:e2:3a:c0:fb:3f:a5:b4:b0:08:70:dd:07:45:50:
         77:15:1d:9e:23:a9:9b:70:5b:28:3b:12:9b:6c:59:1d:36:9f:
         47:e3:bc:1b:99:49:39:20:18:60:39:3e:c5:91:17:3a:81:f1:
         22:0c:42:8c:12:c6:2c:93:a5:54:f6:9b:70:26:4d:2d:66:ec:
         0f:16:1d:29:e5:48:23:ec:ea:31:a5:37:84:56:6e:7d:1d:5f:
         8b:74:4b:c8:59:b4:18:dc:86:b4:8c:7d:c0:7f:70:f1:3c:e4:
         08:06:71:1b:5e:88:a7:ad:9c:7e:7d:6c:4c:8b:15:6c:1c:c7:
         f3:1c:51:56:ae:8c:73:a3:11:1a:6e:76:5e:39:83:a8:94:76:
         47:60:12:08:3f:6c:bd:cb:2f:5e:83:86:30:78:55:ea:6e:d1:
         3f:f7:74:3b:1c:e2:20:82:89:a0:10:58:eb:ca:a2:7f:ea:a3:
         0a:b7:46:93
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZM5XF9nGu9Y9c1uW12WktAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMTE3MDkwMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQ4MzMyOGIwMTJjNGQxOTY4ZmMyMDVkZTAyNGFmMmY5YjFkYWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4syBsesphkfHrQr+K/LjR68rh0TT
4nTCH3ZAhtfPLGJnazliW2q914z2Fg/KQuDL5muNiQNUM3jdJLxOob4fdkRAsk6F
mpWYNrK3UjM6nYHQ4c/RjgQrFTB/sECVSTzLtWM+QZO0ujba/4FVNLRZdTT95/98
tYV8fjSdqXM/PVGAwtJfpv73zznxPvffuLAvzPAG9z/2SOoZps6cAexJw7/v41lN
1YtRFa2oQ9AMW1z8PnT3FhWkb10FUjic4z/MlgjuOPrYqA5enLKUPp8w4bVL8dMH
CHDQQ6rCg7PN1iFZ5l8y1EjWStKxYQr7QiHqCUN1HWnHZe2ao/ONGEAipwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDVIMyiwEsTRlo/CBd4CSvL5sdq8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg3LzkxMDcw
YS0wYTk2LTQ5ZGYtYWNmZi1lYzU2NzU3NTQxOGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcvOTEwNzBh
LTBhOTYtNDlkZi1hY2ZmLWVjNTY3NTc1NDE4Yi8xL05VZ3pLTEFTeE5HV2o4SUYz
Z0pLOHZteDJydy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNDfDANBgkqhkiG9w0BAQsFAAOCAQEAhp+5BN7TfDHC
+8tMkv+FUwbX4/t/oKTtEmKlGeOg1jrX/IjQLOf4M0KnD29PRY6kJbt52ZTzV5nd
827v6YJ2y8jge6cwRVoMFtWzouI6wPs/pbSwCHDdB0VQdxUdniOpm3BbKDsSm2xZ
HTafR+O8G5lJOSAYYDk+xZEXOoHxIgxCjBLGLJOlVPabcCZNLWbsDxYdKeVII+zq
MaU3hFZufR1fi3RLyFm0GNyGtIx9wH9w8TzkCAZxG16Ip62cfn1sTIsVbBzH8xxR
Vq6Mc6MRGm52XjmDqJR2R2ASCD9svcsvXoOGMHhV6m7RP/d0OxziIIKJoBBY68qi
f+qjCrdGkw==
-----END CERTIFICATE-----