Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Nj4UU4ftpbCKowDWO0_DXlmDZP0.cer
File:                     Nj4UU4ftpbCKowDWO0_DXlmDZP0.cer (raw, json)
Hash identifier:          Csu+qCBV2QeTABUhYLaJkqj9bm1Wq8xCfRSr+XJ99is=
Subject key identifier:   36:3E:14:53:87:ED:A5:B0:8A:A3:00:D6:3B:4F:C3:5E:59:83:64:FD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B76EB45E314E3E0BA7C2CB2569CF063B1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/Nj4UU4ftpbCKowDWO0_DXlmDZP0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 00:18:08 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 203631
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:45:e3:14:e3:e0:ba:7c:2c:b2:56:9c:f0:63:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=363e145387eda5b08aa300d63b4fc35e598364fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fb:0f:8b:fb:99:53:7b:47:77:00:42:be:98:
                    fc:8c:89:b9:d1:23:15:d3:c4:ab:e5:be:8c:d0:4f:
                    b0:dd:1b:89:eb:81:c0:fe:61:bd:c4:4e:67:50:2f:
                    1f:a4:01:3e:10:87:af:0a:9d:eb:b5:25:3e:bc:4e:
                    b7:b6:dd:ac:aa:c8:c6:04:20:ed:c6:3f:f6:11:fc:
                    aa:f7:29:a6:e6:f2:99:e3:3e:44:5c:ec:97:cc:6b:
                    56:81:c8:90:7a:b5:c3:bf:33:d5:9c:33:37:96:5b:
                    0e:7e:fa:a9:fb:09:a6:60:38:13:ed:e6:7f:a7:97:
                    8e:12:da:a0:29:ba:6b:92:db:e9:85:e3:04:64:0c:
                    d0:d6:d3:31:3d:cf:bd:de:9f:ae:30:86:9c:10:fa:
                    05:06:fd:39:d1:35:4b:72:38:4c:47:ff:87:cd:f4:
                    56:2f:10:34:3a:12:6c:48:3d:d9:6d:0c:f4:09:e4:
                    12:68:26:33:e7:3f:b3:6c:c3:09:9e:c0:c3:be:62:
                    58:ab:d7:43:d3:35:44:41:e1:17:18:38:3f:a8:3e:
                    05:70:d9:a7:bd:7c:5d:b8:b8:ab:a5:67:fb:6c:15:
                    10:c9:af:23:37:a0:96:c5:9a:f2:88:86:93:bd:c1:
                    9f:1a:f8:d5:9f:1b:db:a4:9f:6b:89:25:4e:49:92:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:3E:14:53:87:ED:A5:B0:8A:A3:00:D6:3B:4F:C3:5E:59:83:64:FD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/Nj4UU4ftpbCKowDWO0_DXlmDZP0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203631

    Signature Algorithm: sha256WithRSAEncryption
         11:6e:92:f2:87:0f:72:59:ed:65:08:a4:b2:6a:71:5e:d2:e5:
         f7:52:ba:8e:2c:2e:37:16:06:01:5e:05:d8:67:6b:4a:04:8d:
         7c:ce:42:58:57:8b:b6:31:1b:04:de:1e:ac:ee:b6:a3:e2:7a:
         0c:41:41:a8:05:22:83:ab:6b:64:2b:07:bf:eb:08:29:6d:ab:
         2c:74:10:50:8a:11:c2:95:cb:03:d5:99:69:9b:4a:e8:2b:b1:
         6f:ef:bf:4d:b3:10:29:ce:ee:c3:c2:f9:4d:ef:66:9d:31:a8:
         10:12:35:e3:64:98:8c:97:18:65:7c:fb:df:6d:1b:6c:7f:95:
         46:2d:7e:1e:b6:1c:a9:28:3a:35:09:71:b6:51:63:cd:2c:58:
         87:fc:a7:9d:ad:95:05:07:8c:e7:82:99:49:3e:29:57:b6:38:
         3f:97:52:2f:f6:70:d6:20:d1:bc:ba:c9:0c:f6:19:97:a3:52:
         18:9e:06:f3:3a:f1:13:fb:ca:a5:8b:2a:ca:ba:08:b3:80:17:
         cf:23:71:22:f5:bf:43:06:55:28:68:81:87:32:74:5b:29:92:
         bd:e1:bf:91:53:18:fb:f2:68:f6:71:98:fb:20:4c:64:6c:c0:
         e1:36:39:fc:79:e4:a9:0a:d8:ae:1a:28:80:de:dd:a9:d1:59:
         0e:67:53:c3
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt260XjFOPgunwsslac8GOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDAxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjNlMTQ1Mzg3ZWRhNWIwOGFhMzAwZDYzYjRmYzM1ZTU5ODM2NGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovsPi/uZU3tHdwBCvpj8jIm50SMV
08Sr5b6M0E+w3RuJ64HA/mG9xE5nUC8fpAE+EIevCp3rtSU+vE63tt2sqsjGBCDt
xj/2Efyq9ymm5vKZ4z5EXOyXzGtWgciQerXDvzPVnDM3llsOfvqp+wmmYDgT7eZ/
p5eOEtqgKbprktvpheMEZAzQ1tMxPc+93p+uMIacEPoFBv050TVLcjhMR/+HzfRW
LxA0OhJsSD3ZbQz0CeQSaCYz5z+zbMMJnsDDvmJYq9dD0zVEQeEXGDg/qD4FcNmn
vXxduLirpWf7bBUQya8jN6CWxZryiIaTvcGfGvjVnxvbpJ9riSVOSZJEzwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDY+FFOH7aWwiqMA1jtPw15Zg2T9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlkLzgzYWZh
MC02NGQyLTRjMWYtYWExOC1lYzNkMDBlMzNiY2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvODNhZmEw
LTY0ZDItNGMxZi1hYTE4LWVjM2QwMGUzM2JjYS8xL05qNFVVNGZ0cGJDS293RFdP
MF9EWGxtRFpQMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMbbzANBgkqhkiG9w0BAQsFAAOCAQEAEW6S8ocPclnt
ZQiksmpxXtLl91K6jiwuNxYGAV4F2GdrSgSNfM5CWFeLtjEbBN4erO62o+J6DEFB
qAUig6trZCsHv+sIKW2rLHQQUIoRwpXLA9WZaZtK6Cuxb++/TbMQKc7uw8L5Te9m
nTGoEBI142SYjJcYZXz7320bbH+VRi1+HrYcqSg6NQlxtlFjzSxYh/ynna2VBQeM
54KZST4pV7Y4P5dSL/Zw1iDRvLrJDPYZl6NSGJ4G8zrxE/vKpYsqyroIs4AXzyNx
IvW/QwZVKGiBhzJ0WymSveG/kVMY+/Jo9nGY+yBMZGzA4TY5/HnkqQrYrhoogN7d
qdFZDmdTww==
-----END CERTIFICATE-----