Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NgxZNeUf5wbCRHUZ2bX5WuNjwYY.cer
File:                     NgxZNeUf5wbCRHUZ2bX5WuNjwYY.cer (raw, json)
Hash identifier:          zfbOozIpnke43arV8hMjAarmzxSElzccPjSMPAWiHX4=
Subject key identifier:   36:0C:59:35:E5:1F:E7:06:C2:44:75:19:D9:B5:F9:5A:E3:63:C1:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56DFB9DF0DBE0D3C953B0ABE2C648E8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/47/758203-d529-48a7-98f4-e51a90907226/1/NgxZNeUf5wbCRHUZ2bX5WuNjwYY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/47/758203-d529-48a7-98f4-e51a90907226/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211964
                          IP: 195.128.35.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fb:9d:f0:db:e0:d3:c9:53:b0:ab:e2:c6:48:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=360c5935e51fe706c2447519d9b5f95ae363c186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:08:d8:58:49:ab:86:f7:ce:b4:a8:64:7f:cc:
                    99:0c:30:a6:83:2b:57:88:be:d4:c5:00:59:a8:e2:
                    8f:4f:98:3c:03:4a:50:90:da:4c:3a:f5:f1:0b:82:
                    92:95:7e:a3:3d:87:71:f2:7c:b3:d7:9a:45:af:02:
                    0b:11:69:df:a0:24:cd:82:4e:ad:e7:2a:c8:84:10:
                    ca:49:f0:f5:cc:78:a0:67:4e:c8:ff:6e:86:04:2a:
                    22:45:fb:a6:0c:c8:29:ca:b4:66:a8:a8:54:6d:ea:
                    f1:e7:5d:58:b3:c8:b3:ad:d6:f3:69:c6:1d:ad:93:
                    a8:06:ca:79:7d:fb:e5:0b:e1:43:6f:10:33:bb:47:
                    4b:5e:9c:30:2a:2b:ce:c0:b7:9c:27:7a:32:99:80:
                    83:6e:13:5a:68:b0:05:4d:9a:6a:b3:e2:61:8e:ae:
                    21:df:a9:62:1d:fb:66:38:6f:b2:f3:c4:70:bb:41:
                    bf:b7:18:d0:48:41:0a:a2:ba:52:09:63:74:44:bd:
                    7e:8d:19:2e:21:c9:41:22:02:84:fa:14:5a:20:b3:
                    62:e3:e3:fb:4e:20:1b:12:9d:96:55:90:04:45:01:
                    ca:84:d8:d2:7d:47:82:3d:91:3c:c4:86:86:21:f3:
                    9a:a0:d7:14:36:74:d6:89:3c:f0:87:37:9e:8e:e5:
                    32:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:0C:59:35:E5:1F:E7:06:C2:44:75:19:D9:B5:F9:5A:E3:63:C1:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/758203-d529-48a7-98f4-e51a90907226/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/758203-d529-48a7-98f4-e51a90907226/1/NgxZNeUf5wbCRHUZ2bX5WuNjwYY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.35.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211964

    Signature Algorithm: sha256WithRSAEncryption
         8f:40:99:fc:28:31:25:7b:dd:f3:93:e4:20:5e:a8:79:cc:9b:
         74:00:2f:ab:16:bb:9f:0b:de:50:56:ec:3c:e9:b6:f1:ce:15:
         c4:4c:70:6c:de:56:bf:a6:ff:a3:20:ad:37:ad:17:68:c5:cd:
         b1:53:a0:08:b0:3a:7f:03:4f:47:a0:60:08:12:85:8c:7c:4b:
         dc:05:35:ef:1f:c1:3f:1a:d2:b0:37:e8:cc:fa:22:7a:cb:76:
         af:b4:64:58:98:ae:25:90:b1:f7:04:eb:ef:e1:f7:b3:9e:62:
         89:b4:de:ae:b1:0c:11:e4:4c:6e:70:37:8c:8c:66:70:28:74:
         11:65:0a:d9:de:36:5e:35:ea:55:9b:1c:a6:6d:82:40:d9:c2:
         79:79:b3:aa:8d:4b:68:df:55:68:70:5f:37:92:3f:22:55:13:
         4c:de:7d:ef:1f:1c:94:b4:5a:e4:c6:fb:42:5c:0e:81:9d:b5:
         ae:bd:25:11:88:c7:b6:6f:39:6e:a2:2c:be:f2:6d:47:59:84:
         09:1f:29:86:a7:82:44:43:e5:64:89:42:d2:88:01:9f:bc:23:
         91:e7:7f:50:51:d6:1e:04:a7:b7:4c:3e:7d:76:74:8c:95:84:
         05:c0:8e:8c:39:52:df:8d:7d:fc:81:09:23:ae:1d:2a:f5:1c:
         df:b4:2d:38
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFbfud8Nvg08lTsKvixkjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjBjNTkzNWU1MWZlNzA2YzI0NDc1MTlkOWI1Zjk1YWUzNjNjMTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6wjYWEmrhvfOtKhkf8yZDDCmgytX
iL7UxQBZqOKPT5g8A0pQkNpMOvXxC4KSlX6jPYdx8nyz15pFrwILEWnfoCTNgk6t
5yrIhBDKSfD1zHigZ07I/26GBCoiRfumDMgpyrRmqKhUberx511Ys8izrdbzacYd
rZOoBsp5ffvlC+FDbxAzu0dLXpwwKivOwLecJ3oymYCDbhNaaLAFTZpqs+Jhjq4h
36liHftmOG+y88Rwu0G/txjQSEEKorpSCWN0RL1+jRkuIclBIgKE+hRaILNi4+P7
TiAbEp2WVZAERQHKhNjSfUeCPZE8xIaGIfOaoNcUNnTWiTzwhzeejuUyVQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFDYMWTXlH+cGwkR1Gdm1+VrjY8GGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ3Lzc1ODIw
My1kNTI5LTQ4YTctOThmNC1lNTFhOTA5MDcyMjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDcvNzU4MjAz
LWQ1MjktNDhhNy05OGY0LWU1MWE5MDkwNzIyNi8xL05neFpOZVVmNXdiQ1JIVVoy
Ylg1V3VOandZWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw4AjMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM7/DANBgkqhkiG9w0BAQsFAAOCAQEAj0CZ/CgxJXvd85PkIF6oecybdAAvqxa7
nwveUFbsPOm28c4VxExwbN5Wv6b/oyCtN60XaMXNsVOgCLA6fwNPR6BgCBKFjHxL
3AU17x/BPxrSsDfozPoiest2r7RkWJiuJZCx9wTr7+H3s55iibTerrEMEeRMbnA3
jIxmcCh0EWUK2d42XjXqVZscpm2CQNnCeXmzqo1LaN9VaHBfN5I/IlUTTN597x8c
lLRa5Mb7QlwOgZ21rr0lEYjHtm85bqIsvvJtR1mECR8phqeCREPlZIlC0ogBn7wj
ked/UFHWHgSnt0w+fXZ0jJWEBcCOjDlS3419/IEJI64dKvUc37QtOA==
-----END CERTIFICATE-----