Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Nj4UU4ftpbCKowDWO0_DXlmDZP0.cer
File:                     Nj4UU4ftpbCKowDWO0_DXlmDZP0.cer (raw, json)
Hash identifier:          3yAl84a5QRtD8+FGDoZyzGdN4oLnDvK73HQBKVtwAoo=
Subject key identifier:   36:3E:14:53:87:ED:A5:B0:8A:A3:00:D6:3B:4F:C3:5E:59:83:64:FD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC492459F02C7790E48A75FF89CF250D2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/Nj4UU4ftpbCKowDWO0_DXlmDZP0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:29:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 203631

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:45:9f:02:c7:79:0e:48:a7:5f:f8:9c:f2:50:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=363e145387eda5b08aa300d63b4fc35e598364fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fb:0f:8b:fb:99:53:7b:47:77:00:42:be:98:
                    fc:8c:89:b9:d1:23:15:d3:c4:ab:e5:be:8c:d0:4f:
                    b0:dd:1b:89:eb:81:c0:fe:61:bd:c4:4e:67:50:2f:
                    1f:a4:01:3e:10:87:af:0a:9d:eb:b5:25:3e:bc:4e:
                    b7:b6:dd:ac:aa:c8:c6:04:20:ed:c6:3f:f6:11:fc:
                    aa:f7:29:a6:e6:f2:99:e3:3e:44:5c:ec:97:cc:6b:
                    56:81:c8:90:7a:b5:c3:bf:33:d5:9c:33:37:96:5b:
                    0e:7e:fa:a9:fb:09:a6:60:38:13:ed:e6:7f:a7:97:
                    8e:12:da:a0:29:ba:6b:92:db:e9:85:e3:04:64:0c:
                    d0:d6:d3:31:3d:cf:bd:de:9f:ae:30:86:9c:10:fa:
                    05:06:fd:39:d1:35:4b:72:38:4c:47:ff:87:cd:f4:
                    56:2f:10:34:3a:12:6c:48:3d:d9:6d:0c:f4:09:e4:
                    12:68:26:33:e7:3f:b3:6c:c3:09:9e:c0:c3:be:62:
                    58:ab:d7:43:d3:35:44:41:e1:17:18:38:3f:a8:3e:
                    05:70:d9:a7:bd:7c:5d:b8:b8:ab:a5:67:fb:6c:15:
                    10:c9:af:23:37:a0:96:c5:9a:f2:88:86:93:bd:c1:
                    9f:1a:f8:d5:9f:1b:db:a4:9f:6b:89:25:4e:49:92:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:3E:14:53:87:ED:A5:B0:8A:A3:00:D6:3B:4F:C3:5E:59:83:64:FD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/83afa0-64d2-4c1f-aa18-ec3d00e33bca/1/Nj4UU4ftpbCKowDWO0_DXlmDZP0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203631

    Signature Algorithm: sha256WithRSAEncryption
         1a:91:33:0b:a5:fb:81:f7:54:f1:d5:61:09:b0:30:a4:22:bf:
         8e:23:79:94:ee:fe:17:86:b3:a7:7f:af:e6:31:80:c4:fa:69:
         8d:5c:7c:60:43:a5:37:77:35:d2:a3:f0:64:6c:23:1f:32:f4:
         a5:da:8a:4c:a1:c5:f3:04:97:a5:ca:fc:90:1f:d7:6f:66:f2:
         3e:39:ee:3d:8e:08:4f:b5:f1:c9:1b:10:ae:bb:36:b8:f7:02:
         b2:c7:be:47:bb:5e:cf:50:fa:3e:30:b4:46:da:04:75:6e:b3:
         92:4b:dd:5b:8b:dc:bb:06:5b:97:b4:4a:36:49:6d:00:0c:be:
         10:be:c4:26:67:25:db:7a:f9:95:2e:68:c3:88:4a:0c:b1:68:
         35:f5:18:24:73:56:64:1b:4b:ac:6f:b6:47:2a:80:61:8d:fb:
         ed:1b:c0:30:ca:d4:71:ed:66:a4:9e:d8:0d:5e:89:24:4e:38:
         6c:a5:14:f9:62:fa:c5:2d:ce:f9:e6:f3:27:73:ab:fa:c1:6f:
         02:f9:18:bb:1f:28:ad:d5:24:9a:91:cc:f7:6a:6c:f0:1b:95:
         1e:0f:1b:d7:76:f0:be:e9:d9:ef:41:c7:5d:6e:31:d8:6c:f0:
         ae:2e:8f:86:91:a4:aa:cf:41:9e:34:9d:54:ff:63:95:a2:dd:
         ad:f1:28:b2
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzEkkWfAsd5DkinX/ic8lDSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjNlMTQ1Mzg3ZWRhNWIwOGFhMzAwZDYzYjRmYzM1ZTU5ODM2NGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovsPi/uZU3tHdwBCvpj8jIm50SMV
08Sr5b6M0E+w3RuJ64HA/mG9xE5nUC8fpAE+EIevCp3rtSU+vE63tt2sqsjGBCDt
xj/2Efyq9ymm5vKZ4z5EXOyXzGtWgciQerXDvzPVnDM3llsOfvqp+wmmYDgT7eZ/
p5eOEtqgKbprktvpheMEZAzQ1tMxPc+93p+uMIacEPoFBv050TVLcjhMR/+HzfRW
LxA0OhJsSD3ZbQz0CeQSaCYz5z+zbMMJnsDDvmJYq9dD0zVEQeEXGDg/qD4FcNmn
vXxduLirpWf7bBUQya8jN6CWxZryiIaTvcGfGvjVnxvbpJ9riSVOSZJEzwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDY+FFOH7aWwiqMA1jtPw15Zg2T9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlkLzgzYWZh
MC02NGQyLTRjMWYtYWExOC1lYzNkMDBlMzNiY2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvODNhZmEw
LTY0ZDItNGMxZi1hYTE4LWVjM2QwMGUzM2JjYS8xL05qNFVVNGZ0cGJDS293RFdP
MF9EWGxtRFpQMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMbbzANBgkqhkiG9w0BAQsFAAOCAQEAGpEzC6X7gfdU
8dVhCbAwpCK/jiN5lO7+F4azp3+v5jGAxPppjVx8YEOlN3c10qPwZGwjHzL0pdqK
TKHF8wSXpcr8kB/Xb2byPjnuPY4IT7XxyRsQrrs2uPcCsse+R7tez1D6PjC0RtoE
dW6zkkvdW4vcuwZbl7RKNkltAAy+EL7EJmcl23r5lS5ow4hKDLFoNfUYJHNWZBtL
rG+2RyqAYY377RvAMMrUce1mpJ7YDV6JJE44bKUU+WL6xS3O+ebzJ3Or+sFvAvkY
ux8ordUkmpHM92ps8BuVHg8b13bwvunZ70HHXW4x2Gzwri6PhpGkqs9BnjSdVP9j
laLdrfEosg==
-----END CERTIFICATE-----