Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NYx3zUAYPEEVsr8NznFuC8XQv9U.cer
File:                     NYx3zUAYPEEVsr8NznFuC8XQv9U.cer (raw, json)
Hash identifier:          Xx9LvVuxBmIQL/8uSOZvBjh8uQUO6xl/mS7jgQ085ac=
Subject key identifier:   35:8C:77:CD:40:18:3C:41:15:B2:BF:0D:CE:71:6E:0B:C5:D0:BF:D5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228D0858A79FEE120C001469B74650B8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4a/ea2b41-7dc6-45a4-aa08-3151a1794b97/1/NYx3zUAYPEEVsr8NznFuC8XQv9U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4a/ea2b41-7dc6-45a4-aa08-3151a1794b97/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:47:35 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 196849
                          IP: 91.206.91.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:08:58:a7:9f:ee:12:0c:00:14:69:b7:46:50:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=358c77cd40183c4115b2bf0dce716e0bc5d0bfd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c5:ae:e1:64:87:c1:0b:5a:29:db:7a:87:8c:
                    61:8c:a7:83:a5:16:f1:8a:3b:e5:5d:67:73:d7:6b:
                    0c:bd:9d:21:db:86:ee:6f:c6:40:46:98:b4:14:95:
                    0b:be:e4:7d:51:56:c5:16:36:46:79:ea:71:86:fb:
                    b5:9f:5c:0f:10:ee:86:75:9e:d6:60:ba:d0:a4:11:
                    14:46:f8:0f:fb:c6:10:33:43:9c:55:8d:ea:39:94:
                    fe:46:c0:5c:76:cc:f4:21:3b:60:53:40:b5:20:fe:
                    72:96:75:f1:58:e2:68:d3:55:03:af:ef:4b:59:91:
                    74:49:37:a8:e7:f3:8e:18:42:fd:d6:a4:3a:9a:e5:
                    c8:95:94:b7:07:d6:78:0e:09:54:0b:99:80:ab:20:
                    8a:10:11:04:2b:59:0c:5b:32:83:c6:9e:49:8d:63:
                    cd:96:45:24:a7:d8:bd:fe:d8:56:40:55:6d:77:be:
                    71:90:ee:a7:d4:d3:77:6c:ad:7b:9d:89:a0:74:38:
                    94:77:8b:71:04:2f:96:1a:66:7b:3f:4f:65:c9:29:
                    31:02:ad:ac:72:38:c8:1d:23:db:71:79:74:9f:53:
                    48:57:fd:88:5c:29:0d:c2:9e:91:6d:ed:94:af:ae:
                    77:23:77:cc:b2:4f:f9:e6:c3:dd:4a:1b:5c:44:26:
                    c2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:8C:77:CD:40:18:3C:41:15:B2:BF:0D:CE:71:6E:0B:C5:D0:BF:D5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea2b41-7dc6-45a4-aa08-3151a1794b97/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea2b41-7dc6-45a4-aa08-3151a1794b97/1/NYx3zUAYPEEVsr8NznFuC8XQv9U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.91.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  196849

    Signature Algorithm: sha256WithRSAEncryption
         5f:82:da:c6:ba:af:34:49:a0:8e:e9:7b:23:52:9a:e6:a5:23:
         6a:9a:ad:dc:d8:b6:da:e7:4f:9c:d8:ae:c7:1d:db:14:54:42:
         8b:cc:3c:f9:5a:80:8d:62:d7:3f:ff:e3:78:31:3f:d9:bc:59:
         7c:10:43:bc:08:15:4a:f1:e7:8c:e3:35:e1:78:0e:45:04:37:
         1d:09:19:24:5c:70:08:c0:dc:9e:30:24:f3:05:b3:f9:8e:e2:
         2c:15:b6:9e:d6:38:50:01:14:ce:6d:96:1e:9a:37:e5:7b:a7:
         b4:b6:ce:6c:64:2c:6b:ad:47:50:b3:22:81:43:e9:ea:66:89:
         a7:22:34:5c:7c:bb:a2:b1:65:a7:83:0d:2b:d9:c6:92:8f:bf:
         fe:b0:35:37:78:21:ac:cb:76:d5:9e:17:81:72:e9:a9:27:08:
         41:07:d6:63:2f:8f:3c:dc:41:8e:6a:16:51:18:e7:54:59:2b:
         67:33:1f:c2:51:52:03:af:32:f4:24:1b:70:8f:05:f8:34:b9:
         33:57:44:c4:7c:c7:03:84:99:40:10:08:f7:af:46:e1:bf:9c:
         a0:b4:06:1f:58:45:18:cd:05:1d:8b:b2:e2:9e:72:48:37:47:
         1c:dc:eb:4e:1d:89:5b:3d:4b:e3:42:cb:5b:a6:31:d9:64:50:
         62:bb:bc:53
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQijQhYp5/uEgwAFGm3RlC4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNThjNzdjZDQwMTgzYzQxMTViMmJmMGRjZTcxNmUwYmM1ZDBiZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMWu4WSHwQtaKdt6h4xhjKeDpRbx
ijvlXWdz12sMvZ0h24bub8ZARpi0FJULvuR9UVbFFjZGeepxhvu1n1wPEO6GdZ7W
YLrQpBEURvgP+8YQM0OcVY3qOZT+RsBcdsz0ITtgU0C1IP5ylnXxWOJo01UDr+9L
WZF0STeo5/OOGEL91qQ6muXIlZS3B9Z4DglUC5mAqyCKEBEEK1kMWzKDxp5JjWPN
lkUkp9i9/thWQFVtd75xkO6n1NN3bK17nYmgdDiUd4txBC+WGmZ7P09lySkxAq2s
cjjIHSPbcXl0n1NIV/2IXCkNwp6Rbe2Ur653I3fMsk/55sPdShtcRCbCVwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFDWMd81AGDxBFbK/Dc5xbgvF0L/VMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRhL2VhMmI0
MS03ZGM2LTQ1YTQtYWEwOC0zMTUxYTE3OTRiOTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEvZWEyYjQx
LTdkYzYtNDVhNC1hYTA4LTMxNTFhMTc5NGI5Ny8xL05ZeDN6VUFZUEVFVnNyOE56
bkZ1QzhYUXY5VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW85bMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMA8TANBgkqhkiG9w0BAQsFAAOCAQEAX4LaxrqvNEmgjul7I1Ka5qUjapqt3Ni2
2udPnNiuxx3bFFRCi8w8+VqAjWLXP//jeDE/2bxZfBBDvAgVSvHnjOM14XgORQQ3
HQkZJFxwCMDcnjAk8wWz+Y7iLBW2ntY4UAEUzm2WHpo35XuntLbObGQsa61HULMi
gUPp6maJpyI0XHy7orFlp4MNK9nGko+//rA1N3ghrMt21Z4XgXLpqScIQQfWYy+P
PNxBjmoWURjnVFkrZzMfwlFSA68y9CQbcI8F+DS5M1dExHzHA4SZQBAI969G4b+c
oLQGH1hFGM0FHYuy4p5ySDdHHNzrTh2JWz1L40LLW6Yx2WRQYru8Uw==
-----END CERTIFICATE-----