Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NnsRT6xrxd4zWw7PRg74vro6UEk.cer
File:                     NnsRT6xrxd4zWw7PRg74vro6UEk.cer (raw, json)
Hash identifier:          M0xweZW/Sa8LwFyZIW+G0x5exNEtkW9IsmMFBlipYFw=
Subject key identifier:   36:7B:11:4F:AC:6B:C5:DE:33:5B:0E:CF:46:0E:F8:BE:BA:3A:50:49
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B7981A026C24CE1DFA913E18B6EDD9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6e/ef9b1a-a1e4-47cb-ac99-b6d4304b4369/1/NnsRT6xrxd4zWw7PRg74vro6UEk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6e/ef9b1a-a1e4-47cb-ac99-b6d4304b4369/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 146.19.133.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:98:1a:02:6c:24:ce:1d:fa:91:3e:18:b6:ed:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=367b114fac6bc5de335b0ecf460ef8beba3a5049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cc:8b:9d:5c:c0:dd:3b:32:87:4b:23:2a:b2:
                    41:ee:c6:29:11:12:1b:02:5c:7d:9b:d2:67:f4:29:
                    bd:06:21:09:96:b6:b3:c7:bc:d5:35:0a:d4:3f:ec:
                    91:a9:01:d9:59:54:0d:8e:d7:6b:66:b6:df:b9:8e:
                    04:88:da:21:c4:f9:0a:da:3d:bf:62:42:b0:c5:1a:
                    ae:65:5d:1f:62:fe:e9:54:b5:04:35:a0:34:6b:ed:
                    12:a1:c1:5f:c0:00:ca:e3:84:7a:c3:c5:d9:ee:c3:
                    5f:7b:e1:80:3d:dc:a4:98:e0:7f:fb:12:9d:e3:a6:
                    b2:cb:08:24:f4:32:37:0f:89:67:a4:2a:06:ae:da:
                    8f:5a:29:fb:2d:d6:26:28:d8:88:92:09:d3:98:52:
                    fd:ee:dd:32:04:b8:5b:86:62:4b:ca:1a:ce:4b:c3:
                    a5:c6:b6:73:ef:75:db:62:59:b0:c6:b3:86:a5:dc:
                    37:06:49:9c:c0:a1:d6:b9:4b:1f:06:46:ab:60:42:
                    74:a0:5f:ee:b7:a3:f3:64:69:6f:a5:61:4d:15:fe:
                    f5:eb:57:ee:39:9e:54:c1:fd:2c:77:21:72:82:8f:
                    fc:a5:79:8c:94:d3:84:e1:68:18:11:c2:9e:5e:fa:
                    75:a0:d9:06:cc:cb:8f:cc:3c:9e:d3:8b:45:6e:0e:
                    ab:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:7B:11:4F:AC:6B:C5:DE:33:5B:0E:CF:46:0E:F8:BE:BA:3A:50:49
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/ef9b1a-a1e4-47cb-ac99-b6d4304b4369/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/ef9b1a-a1e4-47cb-ac99-b6d4304b4369/1/NnsRT6xrxd4zWw7PRg74vro6UEk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:3b:ce:d7:e4:11:dd:6c:63:66:10:67:d2:eb:01:34:02:75:
         f2:58:5a:79:74:cb:48:28:ad:d9:85:73:9a:e5:cf:53:46:73:
         0d:ec:c5:e9:ee:37:91:fc:3a:1f:dc:4c:3e:ac:34:1a:5e:ad:
         9a:dc:1a:a7:ba:46:f1:30:b8:9f:81:db:d6:bd:5d:02:28:e9:
         25:d8:69:c8:b0:50:f5:60:5e:1b:c2:c3:ac:62:14:de:fb:1b:
         5e:7c:dd:d9:45:29:13:05:bd:74:96:7d:2a:44:66:de:12:ea:
         49:03:3e:ae:a9:ce:62:15:f8:bb:63:27:39:fd:b5:d1:d3:1c:
         1e:77:84:ed:e7:d2:ad:f3:8f:81:90:a3:de:73:9e:ec:d3:d4:
         76:b0:e9:e1:4e:66:78:58:02:4a:b1:35:f8:3c:94:ab:14:69:
         86:e3:ee:b6:3c:40:64:03:a9:ff:7e:83:a1:c4:bc:f4:25:96:
         09:c7:d0:16:1a:a3:28:d9:d8:f7:30:5c:6b:0b:f3:8c:5d:a9:
         4c:4d:ef:8a:4a:bd:67:94:07:be:2f:64:2f:84:6c:d0:93:6f:
         ba:69:01:3c:33:14:8f:90:cb:3e:95:fc:db:d0:48:e4:c6:88:
         79:68:8c:8b:43:c4:82:4a:1d:8c:7e:69:6e:26:ec:25:08:d6:
         5b:3f:44:23
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGt5gaAmwkzh36kT4Ytu3ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjdiMTE0ZmFjNmJjNWRlMzM1YjBlY2Y0NjBlZjhiZWJhM2E1MDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMyLnVzA3Tsyh0sjKrJB7sYpERIb
Alx9m9Jn9Cm9BiEJlrazx7zVNQrUP+yRqQHZWVQNjtdrZrbfuY4EiNohxPkK2j2/
YkKwxRquZV0fYv7pVLUENaA0a+0SocFfwADK44R6w8XZ7sNfe+GAPdykmOB/+xKd
46ayywgk9DI3D4lnpCoGrtqPWin7LdYmKNiIkgnTmFL97t0yBLhbhmJLyhrOS8Ol
xrZz73XbYlmwxrOGpdw3BkmcwKHWuUsfBkarYEJ0oF/ut6PzZGlvpWFNFf7161fu
OZ5Uwf0sdyFygo/8pXmMlNOE4WgYEcKeXvp1oNkGzMuPzDye04tFbg6rgQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFDZ7EU+sa8XeM1sOz0YO+L66OlBJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZlL2VmOWIx
YS1hMWU0LTQ3Y2ItYWM5OS1iNmQ0MzA0YjQzNjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmUvZWY5YjFh
LWExZTQtNDdjYi1hYzk5LWI2ZDQzMDRiNDM2OS8xL05uc1JUNnhyeGQ0eld3N1BS
Zzc0dnJvNlVFay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAkhOFMA0GCSqGSIb3DQEBCwUAA4IBAQBpO87X
5BHdbGNmEGfS6wE0AnXyWFp5dMtIKK3ZhXOa5c9TRnMN7MXp7jeR/Dof3Ew+rDQa
Xq2a3BqnukbxMLifgdvWvV0CKOkl2GnIsFD1YF4bwsOsYhTe+xtefN3ZRSkTBb10
ln0qRGbeEupJAz6uqc5iFfi7Yyc5/bXR0xwed4Tt59Kt84+BkKPec57s09R2sOnh
TmZ4WAJKsTX4PJSrFGmG4+62PEBkA6n/foOhxLz0JZYJx9AWGqMo2dj3MFxrC/OM
XalMTe+KSr1nlAe+L2QvhGzQk2+6aQE8MxSPkMs+lfzb0Ejkxoh5aIyLQ8SCSh2M
fmluJuwlCNZbP0Qj
-----END CERTIFICATE-----