Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Nj4UU4ftpbCKowDWO0_DXlmDZP0.cer
File:                     Nj4UU4ftpbCKowDWO0_DXlmDZP0.cer (raw, json)
Hash identifier:          7z3ZZdIStGdUeJouqCtg+2gQ2wruV4v/JpE2Lr/v4jI=
Subject key identifier:   36:3E:14:53:87:ED:A5:B0:8A:A3:00:D6:3B:4F:C3:5E:59:83:64:FD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942067D9A5395E25D02A634A39FBF348B7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/Nj4UU4ftpbCKowDWO0_DXlmDZP0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 203631
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d9:a5:39:5e:25:d0:2a:63:4a:39:fb:f3:48:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=363e145387eda5b08aa300d63b4fc35e598364fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fb:0f:8b:fb:99:53:7b:47:77:00:42:be:98:
                    fc:8c:89:b9:d1:23:15:d3:c4:ab:e5:be:8c:d0:4f:
                    b0:dd:1b:89:eb:81:c0:fe:61:bd:c4:4e:67:50:2f:
                    1f:a4:01:3e:10:87:af:0a:9d:eb:b5:25:3e:bc:4e:
                    b7:b6:dd:ac:aa:c8:c6:04:20:ed:c6:3f:f6:11:fc:
                    aa:f7:29:a6:e6:f2:99:e3:3e:44:5c:ec:97:cc:6b:
                    56:81:c8:90:7a:b5:c3:bf:33:d5:9c:33:37:96:5b:
                    0e:7e:fa:a9:fb:09:a6:60:38:13:ed:e6:7f:a7:97:
                    8e:12:da:a0:29:ba:6b:92:db:e9:85:e3:04:64:0c:
                    d0:d6:d3:31:3d:cf:bd:de:9f:ae:30:86:9c:10:fa:
                    05:06:fd:39:d1:35:4b:72:38:4c:47:ff:87:cd:f4:
                    56:2f:10:34:3a:12:6c:48:3d:d9:6d:0c:f4:09:e4:
                    12:68:26:33:e7:3f:b3:6c:c3:09:9e:c0:c3:be:62:
                    58:ab:d7:43:d3:35:44:41:e1:17:18:38:3f:a8:3e:
                    05:70:d9:a7:bd:7c:5d:b8:b8:ab:a5:67:fb:6c:15:
                    10:c9:af:23:37:a0:96:c5:9a:f2:88:86:93:bd:c1:
                    9f:1a:f8:d5:9f:1b:db:a4:9f:6b:89:25:4e:49:92:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:3E:14:53:87:ED:A5:B0:8A:A3:00:D6:3B:4F:C3:5E:59:83:64:FD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/Nj4UU4ftpbCKowDWO0_DXlmDZP0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203631

    Signature Algorithm: sha256WithRSAEncryption
         5a:ef:9c:f2:fa:0d:4e:35:dd:7c:48:48:53:4e:b7:bd:08:6e:
         5a:f6:2f:83:be:1d:5f:56:df:56:4b:4b:c8:a7:a6:3b:b0:bc:
         bc:04:e4:6f:9c:e7:ea:bd:80:a2:11:76:31:91:dc:58:05:0f:
         a3:21:51:0d:d3:d6:78:c8:b9:ac:a0:a0:30:98:44:9a:e0:18:
         b4:7f:bd:1c:59:e6:a1:d9:2f:d6:bd:87:08:41:5f:7e:05:41:
         d8:f6:f6:52:aa:88:60:6d:6c:63:a4:95:84:a7:41:f6:88:bc:
         65:06:79:7e:37:a9:2f:47:7b:ec:fd:ec:62:78:5c:54:1c:f1:
         e2:68:4d:f9:91:6b:39:b3:bb:26:9e:92:50:21:3a:b2:d7:eb:
         df:81:16:11:17:34:42:f4:c3:6d:99:b1:f3:4b:84:ab:69:39:
         a0:75:a6:04:c3:48:b5:1d:0a:93:66:06:d0:c6:cc:07:db:d3:
         1c:f3:52:b7:1f:67:e3:ae:92:41:1a:66:67:54:b8:5c:f0:bd:
         de:8f:38:d7:97:9b:a1:80:b6:0f:77:09:d5:76:33:37:17:da:
         bc:e0:04:46:91:ae:dd:c5:3e:a0:9e:e0:19:24:7b:76:d5:18:
         8d:c8:da:a2:1a:f1:d7:05:28:85:8e:16:e4:74:93:b6:13:e7:
         8f:c7:fe:65
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQgZ9mlOV4l0CpjSjn780i3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjNlMTQ1Mzg3ZWRhNWIwOGFhMzAwZDYzYjRmYzM1ZTU5ODM2NGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovsPi/uZU3tHdwBCvpj8jIm50SMV
08Sr5b6M0E+w3RuJ64HA/mG9xE5nUC8fpAE+EIevCp3rtSU+vE63tt2sqsjGBCDt
xj/2Efyq9ymm5vKZ4z5EXOyXzGtWgciQerXDvzPVnDM3llsOfvqp+wmmYDgT7eZ/
p5eOEtqgKbprktvpheMEZAzQ1tMxPc+93p+uMIacEPoFBv050TVLcjhMR/+HzfRW
LxA0OhJsSD3ZbQz0CeQSaCYz5z+zbMMJnsDDvmJYq9dD0zVEQeEXGDg/qD4FcNmn
vXxduLirpWf7bBUQya8jN6CWxZryiIaTvcGfGvjVnxvbpJ9riSVOSZJEzwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDY+FFOH7aWwiqMA1jtPw15Zg2T9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlkLzgzYWZh
MC02NGQyLTRjMWYtYWExOC1lYzNkMDBlMzNiY2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvODNhZmEw
LTY0ZDItNGMxZi1hYTE4LWVjM2QwMGUzM2JjYS8xL05qNFVVNGZ0cGJDS293RFdP
MF9EWGxtRFpQMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMbbzANBgkqhkiG9w0BAQsFAAOCAQEAWu+c8voNTjXd
fEhIU063vQhuWvYvg74dX1bfVktLyKemO7C8vATkb5zn6r2AohF2MZHcWAUPoyFR
DdPWeMi5rKCgMJhEmuAYtH+9HFnmodkv1r2HCEFffgVB2Pb2UqqIYG1sY6SVhKdB
9oi8ZQZ5fjepL0d77P3sYnhcVBzx4mhN+ZFrObO7Jp6SUCE6stfr34EWERc0QvTD
bZmx80uEq2k5oHWmBMNItR0Kk2YG0MbMB9vTHPNStx9n466SQRpmZ1S4XPC93o84
15eboYC2D3cJ1XYzNxfavOAERpGu3cU+oJ7gGSR7dtUYjcjaohrx1wUohY4W5HST
thPnj8f+ZQ==
-----END CERTIFICATE-----