Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Nkzsrbv8vpYbQu0GJ3fIxWh8NnE.cer
File:                     Nkzsrbv8vpYbQu0GJ3fIxWh8NnE.cer (raw, json)
Hash identifier:          Zxi72HV42mnHQVpdkpidhBjCAag1tVa9wh9B8S+mBvE=
Subject key identifier:   36:4C:EC:AD:BB:FC:BE:96:1B:42:ED:06:27:77:C8:C5:68:7C:36:71
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EA7C1AC9E1708F089BD997C53E80D1DC4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4b/ce6274-b87b-4a5d-be24-35660e71ba38/1/Nkzsrbv8vpYbQu0GJ3fIxWh8NnE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4b/ce6274-b87b-4a5d-be24-35660e71ba38/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 04 Apr 2024 06:17:51 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215276

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a7:c1:ac:9e:17:08:f0:89:bd:99:7c:53:e8:0d:1d:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr  4 06:17:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=364cecadbbfcbe961b42ed062777c8c5687c3671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f4:7a:1a:a1:04:87:a1:05:70:20:62:0e:42:
                    c0:95:bd:0b:85:a6:e8:45:da:fc:9d:6d:bc:4b:81:
                    02:f8:a6:2a:27:56:42:b0:d3:d6:04:5c:24:6d:e8:
                    d0:c5:3f:27:49:e2:39:3f:7e:8b:2c:22:6b:78:44:
                    ad:61:c5:63:4e:53:c6:96:74:31:76:9c:2e:d7:d4:
                    eb:b6:6f:a5:94:0f:81:11:d8:ef:a7:b3:83:c5:5a:
                    4b:a5:56:de:b7:e3:2d:84:19:d1:fc:45:36:0b:c3:
                    db:d7:ad:cc:08:b3:45:8a:cb:46:5c:3a:ec:fe:e8:
                    77:cb:73:b8:a1:0b:02:ce:60:96:f5:5f:b9:aa:ff:
                    09:3d:26:94:0d:88:4e:2f:49:38:fd:de:55:ae:a9:
                    c0:41:0e:76:04:17:70:97:3f:6e:83:86:49:93:68:
                    ca:fb:91:b6:b7:8a:74:5d:76:ee:fe:1a:1c:b4:48:
                    94:5f:ec:93:7f:98:e8:8a:da:2b:09:fe:73:66:6f:
                    e8:d8:96:e0:36:78:e7:bc:11:94:65:45:f5:bb:44:
                    43:92:22:88:5f:69:d1:c5:9f:e2:b9:5d:b1:56:77:
                    63:ea:39:c1:85:62:ec:29:ef:21:49:70:d5:b5:f2:
                    17:57:aa:38:77:9f:4e:97:6e:28:c7:f5:9b:24:10:
                    17:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4C:EC:AD:BB:FC:BE:96:1B:42:ED:06:27:77:C8:C5:68:7C:36:71
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ce6274-b87b-4a5d-be24-35660e71ba38/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ce6274-b87b-4a5d-be24-35660e71ba38/1/Nkzsrbv8vpYbQu0GJ3fIxWh8NnE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215276

    Signature Algorithm: sha256WithRSAEncryption
         62:57:5b:4c:a6:02:ef:a8:20:f9:a1:55:c8:a3:c5:fb:16:05:
         1a:36:fb:7f:05:3f:58:08:61:59:d5:b6:b5:2e:c9:25:55:0d:
         f0:f8:e6:a1:73:32:bf:bd:4a:08:08:78:45:e1:39:c0:ab:9c:
         6d:e6:50:01:56:c3:73:a6:0a:d2:82:b3:ec:df:6d:48:b3:af:
         9c:29:36:0e:89:ce:c7:ce:68:d6:4a:1c:2d:e8:cc:b4:eb:9c:
         05:7b:4a:49:f7:99:e9:62:4e:a4:c8:dc:88:3a:35:c4:59:6a:
         6a:99:85:af:e9:c0:fc:ed:3a:4a:88:38:39:95:67:c9:a9:2e:
         62:ff:61:80:89:32:3c:31:0e:1b:78:5d:ed:ca:a4:d6:46:af:
         ad:ef:b5:b0:48:90:00:6c:24:bd:32:cb:67:1d:35:f3:48:71:
         c5:b3:1c:91:f4:6f:1b:0a:68:8c:0e:b8:85:d2:85:0d:6f:5c:
         61:ef:ee:c6:4d:aa:6f:6a:47:c7:3f:f0:54:d0:4f:08:8b:7b:
         c8:54:e8:6f:f4:7f:7b:79:11:df:12:55:18:55:07:3d:8d:40:
         5e:c5:97:c7:9b:40:e6:00:a0:cc:dd:c2:52:51:77:49:dc:71:
         df:9d:cd:e1:2f:bc:5d:7a:24:45:f7:4e:37:37:92:0a:88:f2:
         cc:71:3c:e6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY6nwayeFwjwib2ZfFPoDR3EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDA0MDYxNzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjRjZWNhZGJiZmNiZTk2MWI0MmVkMDYyNzc3YzhjNTY4N2MzNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fR6GqEEh6EFcCBiDkLAlb0Lhabo
Rdr8nW28S4EC+KYqJ1ZCsNPWBFwkbejQxT8nSeI5P36LLCJreEStYcVjTlPGlnQx
dpwu19Trtm+llA+BEdjvp7ODxVpLpVbet+MthBnR/EU2C8Pb163MCLNFistGXDrs
/uh3y3O4oQsCzmCW9V+5qv8JPSaUDYhOL0k4/d5VrqnAQQ52BBdwlz9ug4ZJk2jK
+5G2t4p0XXbu/hoctEiUX+yTf5joitorCf5zZm/o2JbgNnjnvBGUZUX1u0RDkiKI
X2nRxZ/iuV2xVndj6jnBhWLsKe8hSXDVtfIXV6o4d59Ol24ox/WbJBAXdwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDZM7K27/L6WG0LtBid3yMVofDZxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRiL2NlNjI3
NC1iODdiLTRhNWQtYmUyNC0zNTY2MGU3MWJhMzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGIvY2U2Mjc0
LWI4N2ItNGE1ZC1iZTI0LTM1NjYwZTcxYmEzOC8xL05renNyYnY4dnBZYlF1MEdK
M2ZJeFdoOE5uRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNI7DANBgkqhkiG9w0BAQsFAAOCAQEAYldbTKYC76gg
+aFVyKPF+xYFGjb7fwU/WAhhWdW2tS7JJVUN8PjmoXMyv71KCAh4ReE5wKucbeZQ
AVbDc6YK0oKz7N9tSLOvnCk2DonOx85o1kocLejMtOucBXtKSfeZ6WJOpMjciDo1
xFlqapmFr+nA/O06Sog4OZVnyakuYv9hgIkyPDEOG3hd7cqk1kavre+1sEiQAGwk
vTLLZx0180hxxbMckfRvGwpojA64hdKFDW9cYe/uxk2qb2pHxz/wVNBPCIt7yFTo
b/R/e3kR3xJVGFUHPY1AXsWXx5tA5gCgzN3CUlF3Sdxx353N4S+8XXokRfdONzeS
CojyzHE85g==
-----END CERTIFICATE-----