Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NpABg88IpuW8gHhGKUpGBi4ZDjs.cer
File:                     NpABg88IpuW8gHhGKUpGBi4ZDjs.cer (raw, json)
Hash identifier:          +f1aT8AR+f+osGOJTuLkx8qg7zbz0B1fWWUT45YArpw=
Subject key identifier:   36:90:01:83:CF:08:A6:E5:BC:80:78:46:29:4A:46:06:2E:19:0E:3B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0190DA0F31F98A848C9FE918364AC439C2EC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/10/5a32bc-0836-47ec-b5b3-2f5b6a83faf3/1/NpABg88IpuW8gHhGKUpGBi4ZDjs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/10/5a32bc-0836-47ec-b5b3-2f5b6a83faf3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 22 Jul 2024 10:49:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 80.91.218.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:da:0f:31:f9:8a:84:8c:9f:e9:18:36:4a:c4:39:c2:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 22 10:49:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36900183cf08a6e5bc807846294a46062e190e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9d:93:9a:af:dc:2c:b4:a3:4b:79:01:25:52:
                    32:fd:48:89:83:e1:0c:0d:84:d8:07:41:7c:1f:6a:
                    d0:15:cd:cf:3e:29:4c:1e:c9:b9:9e:95:93:8b:21:
                    6a:db:6a:6a:ff:38:f9:46:e9:a7:86:b9:10:d3:cf:
                    cc:dd:d4:b2:97:31:ce:7e:40:d8:58:50:87:74:a6:
                    99:94:33:82:34:13:3b:d5:d7:8f:93:6c:09:6f:e4:
                    37:62:20:69:1c:a7:cd:ed:21:29:cf:27:bf:b0:91:
                    c3:f8:38:d4:0f:69:ed:66:a7:a6:90:47:e2:1e:b2:
                    b1:95:04:b0:ba:3f:f7:59:b1:b3:74:fc:3f:e3:de:
                    5a:7c:26:08:92:dc:31:94:d3:95:fb:7e:3d:69:25:
                    d7:80:e3:78:13:d7:70:b4:1e:fe:94:d4:58:ba:64:
                    72:a2:33:75:cb:d5:e3:9d:4d:b1:84:73:86:e1:61:
                    1e:17:e4:69:36:f6:b5:4f:db:4c:3b:c5:48:95:16:
                    2c:7b:fc:a6:5c:83:63:f8:6c:d8:7d:91:32:47:9a:
                    08:88:c1:0d:ef:ee:ef:5e:de:e6:18:3f:e9:76:c6:
                    44:8d:e7:d8:03:a0:68:5e:4a:b9:2f:e8:38:91:ca:
                    f9:cc:c4:81:93:83:46:8b:7e:d6:cb:33:8f:5a:42:
                    59:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:90:01:83:CF:08:A6:E5:BC:80:78:46:29:4A:46:06:2E:19:0E:3B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/5a32bc-0836-47ec-b5b3-2f5b6a83faf3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/5a32bc-0836-47ec-b5b3-2f5b6a83faf3/1/NpABg88IpuW8gHhGKUpGBi4ZDjs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:fe:58:fc:4f:4a:0b:26:d6:df:69:5f:0d:2d:db:6b:99:e9:
         0c:d9:6a:0b:d9:fe:e6:f6:36:d0:61:67:14:9e:e5:35:71:a6:
         1a:60:0e:34:56:be:8b:aa:df:72:d5:1c:58:37:03:f2:a2:23:
         83:b1:ba:4f:fb:4a:80:3c:d5:6c:b1:19:e8:fe:7c:46:94:a8:
         7f:02:7b:2f:75:be:8b:d0:bf:ae:30:0c:78:33:f9:3a:df:4a:
         a8:ed:6a:84:2b:a7:1c:4f:ae:92:1f:bb:fe:9c:5a:d5:72:4d:
         eb:47:f9:0e:d0:dc:e4:4a:21:04:c8:98:fc:8f:da:c4:21:c0:
         f7:16:f0:d2:60:24:b8:e9:d2:c8:45:94:a9:14:1f:c5:c1:76:
         ff:68:f6:6f:f5:a9:b0:92:27:ad:64:e5:1f:70:3c:52:de:c2:
         64:2c:9d:67:77:57:63:78:fd:2f:3c:9a:27:9b:c2:57:b0:42:
         14:5b:05:db:7f:8b:0b:5d:53:ca:c5:27:3f:21:3e:d9:0e:bf:
         e4:43:8d:49:74:04:b1:ed:ca:69:28:f0:dc:a9:ac:bb:3f:cc:
         ae:4a:11:16:ad:58:d5:2c:64:30:45:1c:55:e0:9c:6d:2a:5f:
         cc:61:41:19:14:ac:ac:bc:b1:2f:28:af:8c:0c:5f:8b:77:54:
         44:73:98:b7
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZDaDzH5ioSMn+kYNkrEOcLsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzIyMTA0OTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjkwMDE4M2NmMDhhNmU1YmM4MDc4NDYyOTRhNDYwNjJlMTkwZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA152Tmq/cLLSjS3kBJVIy/UiJg+EM
DYTYB0F8H2rQFc3PPilMHsm5npWTiyFq22pq/zj5RumnhrkQ08/M3dSylzHOfkDY
WFCHdKaZlDOCNBM71dePk2wJb+Q3YiBpHKfN7SEpzye/sJHD+DjUD2ntZqemkEfi
HrKxlQSwuj/3WbGzdPw/495afCYIktwxlNOV+349aSXXgON4E9dwtB7+lNRYumRy
ojN1y9XjnU2xhHOG4WEeF+RpNva1T9tMO8VIlRYse/ymXINj+GzYfZEyR5oIiMEN
7+7vXt7mGD/pdsZEjefYA6BoXkq5L+g4kcr5zMSBk4NGi37WyzOPWkJZvwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFDaQAYPPCKblvIB4RilKRgYuGQ47MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEwLzVhMzJi
Yy0wODM2LTQ3ZWMtYjViMy0yZjViNmE4M2ZhZjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAvNWEzMmJj
LTA4MzYtNDdlYy1iNWIzLTJmNWI2YTgzZmFmMy8xL05wQUJnODhJcHVXOGdIaEdL
VXBHQmk0WkRqcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAUFvaMA0GCSqGSIb3DQEBCwUAA4IBAQBS/lj8
T0oLJtbfaV8NLdtrmekM2WoL2f7m9jbQYWcUnuU1caYaYA40Vr6Lqt9y1RxYNwPy
oiODsbpP+0qAPNVssRno/nxGlKh/Ansvdb6L0L+uMAx4M/k630qo7WqEK6ccT66S
H7v+nFrVck3rR/kO0NzkSiEEyJj8j9rEIcD3FvDSYCS46dLIRZSpFB/FwXb/aPZv
9amwkietZOUfcDxS3sJkLJ1nd1djeP0vPJonm8JXsEIUWwXbf4sLXVPKxSc/IT7Z
Dr/kQ41JdASx7cppKPDcqay7P8yuShEWrVjVLGQwRRxV4JxtKl/MYUEZFKysvLEv
KK+MDF+Ld1REc5i3
-----END CERTIFICATE-----