Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NoTy9VGkNSosFNf45pMpqdxD_eA.cer
File:                     NoTy9VGkNSosFNf45pMpqdxD_eA.cer (raw, json)
Hash identifier:          QTNR6mh1fr8FaO47EtRzT8o7wH7MQdbKpfpX7BbFJTI=
Subject key identifier:   36:84:F2:F5:51:A4:35:2A:2C:14:D7:F8:E6:93:29:A9:DC:43:FD:E0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01946A2B3C12E5891533EEB799E28C4EBA35
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/60/9762d8-8952-4c39-b474-29abee3efbb7/1/NoTy9VGkNSosFNf45pMpqdxD_eA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/60/9762d8-8952-4c39-b474-29abee3efbb7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 15 Jan 2025 13:33:25 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 48552
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6a:2b:3c:12:e5:89:15:33:ee:b7:99:e2:8c:4e:ba:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 15 13:33:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3684f2f551a4352a2c14d7f8e69329a9dc43fde0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8e:31:e2:d2:93:08:42:d8:05:9d:9d:57:fa:
                    68:40:19:e3:b0:67:bf:3f:f7:8a:3e:de:4a:4e:ea:
                    34:84:c4:ac:4c:b7:17:dc:6b:98:0d:44:66:29:4e:
                    b2:40:bf:ce:56:10:cb:71:1e:5e:8f:3a:27:b7:59:
                    d7:83:59:a1:b9:b3:42:96:e9:d9:6c:a3:52:c7:96:
                    ba:c1:c2:fb:f5:f0:ca:dc:f5:1c:a6:c3:8e:73:36:
                    6e:72:aa:a2:2e:0c:4a:af:af:9f:b2:1c:60:21:db:
                    76:06:1c:19:db:62:f0:81:f8:bb:86:50:c0:b9:cc:
                    39:d0:e6:5d:d6:a5:1b:1e:bc:b1:f2:17:94:87:91:
                    ff:d3:1b:a1:10:48:50:74:17:25:51:84:5e:1a:d1:
                    6f:49:94:59:33:38:40:e3:6e:98:63:0e:f7:11:2f:
                    fd:d2:da:cd:ee:52:e6:0d:c1:66:81:55:f9:cb:ce:
                    63:4e:4c:bf:76:71:b9:9e:b9:ed:d7:68:58:43:b9:
                    15:02:69:cb:c6:1f:df:53:7d:17:3c:09:5f:a9:9d:
                    e8:c7:65:2b:f4:ee:7f:16:df:10:07:37:6f:7c:66:
                    a4:77:04:f6:d0:bc:78:f4:52:10:2f:30:91:76:cc:
                    d1:9e:99:81:19:8a:7d:ce:03:28:07:19:8d:53:3a:
                    bc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:84:F2:F5:51:A4:35:2A:2C:14:D7:F8:E6:93:29:A9:DC:43:FD:E0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/9762d8-8952-4c39-b474-29abee3efbb7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/9762d8-8952-4c39-b474-29abee3efbb7/1/NoTy9VGkNSosFNf45pMpqdxD_eA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48552

    Signature Algorithm: sha256WithRSAEncryption
         04:fc:a2:a4:da:b5:22:70:42:02:bd:15:ed:f0:e7:c3:ce:d3:
         2f:b6:cd:84:31:a5:e9:cb:71:ec:3a:fa:56:48:87:7e:ce:4a:
         b5:d3:03:7b:50:17:7c:c7:15:9c:8d:7e:c3:4f:71:be:e3:29:
         c8:cd:ed:26:58:a8:14:d3:37:39:a6:03:19:7f:d7:7a:b1:cb:
         c3:d6:ec:fc:67:1f:47:6b:6b:92:d4:12:08:cf:55:c5:ef:a6:
         e9:4e:28:3e:66:e9:4c:5f:38:77:52:f4:38:36:58:d3:79:b8:
         8b:8b:69:b5:b9:f7:5a:b1:c2:5e:ae:2f:36:14:14:a2:7f:94:
         c1:70:bd:d8:e1:95:3d:f1:df:bb:2f:92:35:ca:ad:0d:12:eb:
         38:56:68:48:36:c3:f1:16:7d:5a:8c:1a:95:4e:fa:b6:03:9e:
         29:45:5a:f7:53:e2:82:0f:47:ef:69:02:51:c6:c0:5d:15:41:
         0b:31:48:ea:55:bc:d6:12:48:7d:c4:d2:9e:19:10:36:ae:1e:
         e5:4f:2a:f2:99:bd:c1:4a:1d:c4:5c:72:4a:f0:83:9f:df:19:
         2e:79:92:6a:e7:3d:ff:bc:3d:27:1f:8d:51:74:3c:d5:28:d5:
         d2:14:de:2c:73:6e:20:62:01:a5:0c:9d:f2:e4:27:6b:40:95:
         e7:69:c5:cd
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZRqKzwS5YkVM+63meKMTro1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTE1MTMzMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjg0ZjJmNTUxYTQzNTJhMmMxNGQ3ZjhlNjkzMjlhOWRjNDNmZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtI4x4tKTCELYBZ2dV/poQBnjsGe/
P/eKPt5KTuo0hMSsTLcX3GuYDURmKU6yQL/OVhDLcR5ejzont1nXg1mhubNClunZ
bKNSx5a6wcL79fDK3PUcpsOOczZucqqiLgxKr6+fshxgIdt2BhwZ22Lwgfi7hlDA
ucw50OZd1qUbHryx8heUh5H/0xuhEEhQdBclUYReGtFvSZRZMzhA426YYw73ES/9
0trN7lLmDcFmgVX5y85jTky/dnG5nrnt12hYQ7kVAmnLxh/fU30XPAlfqZ3ox2Ur
9O5/Ft8QBzdvfGakdwT20Lx49FIQLzCRdszRnpmBGYp9zgMoBxmNUzq8oQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDaE8vVRpDUqLBTX+OaTKancQ/3gMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYwLzk3NjJk
OC04OTUyLTRjMzktYjQ3NC0yOWFiZWUzZWZiYjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAvOTc2MmQ4
LTg5NTItNGMzOS1iNDc0LTI5YWJlZTNlZmJiNy8xL05vVHk5VkdrTlNvc0ZOZjQ1
cE1wcWR4RF9lQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwC9qDANBgkqhkiG9w0BAQsFAAOCAQEABPyipNq1InBC
Ar0V7fDnw87TL7bNhDGl6ctx7Dr6VkiHfs5KtdMDe1AXfMcVnI1+w09xvuMpyM3t
JlioFNM3OaYDGX/XerHLw9bs/GcfR2trktQSCM9Vxe+m6U4oPmbpTF84d1L0ODZY
03m4i4tptbn3WrHCXq4vNhQUon+UwXC92OGVPfHfuy+SNcqtDRLrOFZoSDbD8RZ9
WowalU76tgOeKUVa91Pigg9H72kCUcbAXRVBCzFI6lW81hJIfcTSnhkQNq4e5U8q
8pm9wUodxFxySvCDn98ZLnmSauc9/7w9Jx+NUXQ81SjV0hTeLHNuIGIBpQyd8uQn
a0CV52nFzQ==
-----END CERTIFICATE-----