Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Nkzsrbv8vpYbQu0GJ3fIxWh8NnE.cer
File:                     Nkzsrbv8vpYbQu0GJ3fIxWh8NnE.cer (raw, json)
Hash identifier:          iaDokuRLRq994okzNb+obJtwhk0FcNvkL36T875cpvI=
Subject key identifier:   36:4C:EC:AD:BB:FC:BE:96:1B:42:ED:06:27:77:C8:C5:68:7C:36:71
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FC2AA89E371C8304D80E4ADBFF04A3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4b/ce6274-b87b-4a5d-be24-35660e71ba38/1/Nkzsrbv8vpYbQu0GJ3fIxWh8NnE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4b/ce6274-b87b-4a5d-be24-35660e71ba38/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:58 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215276
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:2a:a8:9e:37:1c:83:04:d8:0e:4a:db:ff:04:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=364cecadbbfcbe961b42ed062777c8c5687c3671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f4:7a:1a:a1:04:87:a1:05:70:20:62:0e:42:
                    c0:95:bd:0b:85:a6:e8:45:da:fc:9d:6d:bc:4b:81:
                    02:f8:a6:2a:27:56:42:b0:d3:d6:04:5c:24:6d:e8:
                    d0:c5:3f:27:49:e2:39:3f:7e:8b:2c:22:6b:78:44:
                    ad:61:c5:63:4e:53:c6:96:74:31:76:9c:2e:d7:d4:
                    eb:b6:6f:a5:94:0f:81:11:d8:ef:a7:b3:83:c5:5a:
                    4b:a5:56:de:b7:e3:2d:84:19:d1:fc:45:36:0b:c3:
                    db:d7:ad:cc:08:b3:45:8a:cb:46:5c:3a:ec:fe:e8:
                    77:cb:73:b8:a1:0b:02:ce:60:96:f5:5f:b9:aa:ff:
                    09:3d:26:94:0d:88:4e:2f:49:38:fd:de:55:ae:a9:
                    c0:41:0e:76:04:17:70:97:3f:6e:83:86:49:93:68:
                    ca:fb:91:b6:b7:8a:74:5d:76:ee:fe:1a:1c:b4:48:
                    94:5f:ec:93:7f:98:e8:8a:da:2b:09:fe:73:66:6f:
                    e8:d8:96:e0:36:78:e7:bc:11:94:65:45:f5:bb:44:
                    43:92:22:88:5f:69:d1:c5:9f:e2:b9:5d:b1:56:77:
                    63:ea:39:c1:85:62:ec:29:ef:21:49:70:d5:b5:f2:
                    17:57:aa:38:77:9f:4e:97:6e:28:c7:f5:9b:24:10:
                    17:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4C:EC:AD:BB:FC:BE:96:1B:42:ED:06:27:77:C8:C5:68:7C:36:71
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ce6274-b87b-4a5d-be24-35660e71ba38/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ce6274-b87b-4a5d-be24-35660e71ba38/1/Nkzsrbv8vpYbQu0GJ3fIxWh8NnE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215276

    Signature Algorithm: sha256WithRSAEncryption
         2d:bc:dd:47:eb:cc:da:45:ad:22:d6:8e:ed:82:d0:02:8c:33:
         87:04:9c:c6:88:df:38:1a:6e:d4:73:cd:f1:b2:24:6e:f3:9d:
         1d:6a:dd:c6:df:4a:a8:ef:38:e1:e2:bd:39:2d:e1:29:c6:6d:
         d3:d0:d3:78:c8:80:73:51:ea:17:51:2f:84:2a:91:d6:57:d1:
         e9:c6:d4:70:e7:a3:2f:05:2f:2f:96:56:7c:c0:0c:ba:21:04:
         f0:94:37:25:a6:a8:2c:d4:ef:37:61:af:2d:dd:3b:e9:ea:71:
         e1:84:27:37:24:92:24:2d:bf:68:74:e8:ef:d4:f2:8e:e2:82:
         c7:68:5a:57:e4:fe:50:1d:ca:f2:a3:a4:6e:90:29:4d:00:45:
         0c:5c:bf:ea:20:65:bd:be:36:31:89:59:48:9c:3f:78:5e:69:
         78:ae:05:18:89:5c:32:32:a7:aa:dc:59:72:25:85:5d:4f:21:
         da:f9:94:c9:11:56:cb:ab:a0:ba:ca:41:3a:02:be:76:36:ed:
         8f:2d:cd:88:60:48:9e:c1:63:d8:98:ec:58:7f:77:24:b8:d1:
         f7:89:87:61:23:b4:7d:22:62:7c:af:fa:a0:cf:6f:26:7e:dd:
         fc:5d:35:09:24:db:29:e0:18:af:e6:b1:2d:3c:29:2c:61:ab:
         e0:35:a3:6d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQi/CqonjccgwTYDkrb/wSjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjRjZWNhZGJiZmNiZTk2MWI0MmVkMDYyNzc3YzhjNTY4N2MzNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fR6GqEEh6EFcCBiDkLAlb0Lhabo
Rdr8nW28S4EC+KYqJ1ZCsNPWBFwkbejQxT8nSeI5P36LLCJreEStYcVjTlPGlnQx
dpwu19Trtm+llA+BEdjvp7ODxVpLpVbet+MthBnR/EU2C8Pb163MCLNFistGXDrs
/uh3y3O4oQsCzmCW9V+5qv8JPSaUDYhOL0k4/d5VrqnAQQ52BBdwlz9ug4ZJk2jK
+5G2t4p0XXbu/hoctEiUX+yTf5joitorCf5zZm/o2JbgNnjnvBGUZUX1u0RDkiKI
X2nRxZ/iuV2xVndj6jnBhWLsKe8hSXDVtfIXV6o4d59Ol24ox/WbJBAXdwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDZM7K27/L6WG0LtBid3yMVofDZxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRiL2NlNjI3
NC1iODdiLTRhNWQtYmUyNC0zNTY2MGU3MWJhMzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGIvY2U2Mjc0
LWI4N2ItNGE1ZC1iZTI0LTM1NjYwZTcxYmEzOC8xL05renNyYnY4dnBZYlF1MEdK
M2ZJeFdoOE5uRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNI7DANBgkqhkiG9w0BAQsFAAOCAQEALbzdR+vM2kWt
ItaO7YLQAowzhwScxojfOBpu1HPN8bIkbvOdHWrdxt9KqO844eK9OS3hKcZt09DT
eMiAc1HqF1EvhCqR1lfR6cbUcOejLwUvL5ZWfMAMuiEE8JQ3JaaoLNTvN2GvLd07
6epx4YQnNySSJC2/aHTo79TyjuKCx2haV+T+UB3K8qOkbpApTQBFDFy/6iBlvb42
MYlZSJw/eF5peK4FGIlcMjKnqtxZciWFXU8h2vmUyRFWy6uguspBOgK+djbtjy3N
iGBInsFj2JjsWH93JLjR94mHYSO0fSJifK/6oM9vJn7d/F01CSTbKeAYr+axLTwp
LGGr4DWjbQ==
-----END CERTIFICATE-----