Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.cer
File:                     NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.cer (raw, json)
Hash identifier:          YBVHvQN5zpRXsgG3yyzbpGcDSaUWf1HmQXTrU4Zv7jw=
Subject key identifier:   36:A1:DA:EC:E1:C6:E8:78:54:6D:BD:13:33:DA:09:FE:B8:BF:F0:18
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D996D2A92702A9E32AFCD1E80C4971
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:41 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.162.5.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:96:d2:a9:27:02:a9:e3:2a:fc:d1:e8:0c:49:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36a1daece1c6e878546dbd1333da09feb8bff018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ce:53:d7:01:db:d4:ee:58:fa:66:58:46:eb:
                    76:e0:9d:f2:f7:6e:f3:65:fa:4c:61:3f:b4:25:9e:
                    b7:ad:84:59:64:da:19:1d:e6:8b:f8:73:bf:f6:51:
                    57:c6:41:a9:62:c8:b5:9d:b9:92:b0:e1:a6:92:64:
                    f6:77:35:6e:5e:d4:57:d9:33:a2:65:2e:88:9a:66:
                    40:29:6b:96:21:48:67:78:58:d1:fd:cd:1a:80:2d:
                    5e:cd:38:78:a2:9a:10:63:94:01:44:e5:8e:82:67:
                    2c:9d:46:77:23:8c:aa:34:3a:a5:95:0c:64:5e:3a:
                    9b:54:a0:23:5d:db:16:13:72:66:bd:0c:93:4a:3f:
                    0a:f0:b5:a8:af:ce:57:5b:cb:3f:b2:98:bd:f5:58:
                    bd:22:cf:b1:60:81:42:62:c7:57:e9:97:ac:95:7e:
                    21:28:31:2b:ed:87:12:0a:95:ab:83:a0:52:39:ee:
                    5a:fa:46:ae:7b:78:66:eb:42:e4:c7:e4:84:b6:18:
                    85:f5:da:87:2f:6e:37:88:75:0d:2c:cf:83:1f:8e:
                    90:0c:b2:e6:97:07:86:3d:53:3b:69:6f:89:b9:2c:
                    e6:72:0e:e7:7a:f0:89:d0:9a:31:1a:45:74:b2:0d:
                    50:67:1d:98:c9:01:56:6c:cf:4a:48:e6:5b:aa:e8:
                    b1:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A1:DA:EC:E1:C6:E8:78:54:6D:BD:13:33:DA:09:FE:B8:BF:F0:18
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:a4:3c:3a:ca:3f:72:03:4c:39:1f:34:61:61:ac:27:b9:b8:
         f7:2e:76:20:17:f9:e9:5f:13:04:c8:3d:8e:a0:f5:20:b7:c5:
         e9:78:6c:b3:45:3f:2b:21:3d:b4:96:76:ae:db:1f:8f:6c:42:
         89:07:28:d0:55:13:57:a4:2f:78:ce:2c:ec:a1:bd:16:d7:81:
         d6:a1:cc:76:bf:cb:e3:18:03:3b:d3:a9:14:4d:c7:00:fb:d4:
         9f:12:7c:84:7f:9f:b8:49:16:01:87:44:61:b8:5a:9a:cd:85:
         02:1b:88:2a:6c:f0:52:6f:f6:d8:ce:43:00:e8:4d:c0:27:45:
         ca:33:ce:94:11:96:b3:67:9e:7a:d7:93:11:06:70:4a:bf:63:
         6c:ad:c1:c7:be:f6:c5:73:0f:d8:53:57:ec:7b:2c:2f:c2:eb:
         1c:02:36:ae:46:ac:6d:9e:93:4d:0f:e8:35:c9:0d:2d:da:9e:
         18:9e:d6:5f:9f:13:c7:fd:17:5a:80:04:81:68:93:23:16:7c:
         98:a1:9a:86:f2:7d:24:fc:a8:70:79:1c:3f:d3:cb:a4:74:77:
         7c:fb:98:54:1f:15:19:5b:0e:6d:2c:01:b9:44:b2:2e:be:fd:
         28:0e:30:84:7d:32:b4:cb:07:31:62:4b:ae:a4:3b:05:04:1e:
         da:11:32:08
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQm2ZbSqScCqeMq/NHoDElxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmExZGFlY2UxYzZlODc4NTQ2ZGJkMTMzM2RhMDlmZWI4YmZmMDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsc5T1wHb1O5Y+mZYRut24J3y927z
ZfpMYT+0JZ63rYRZZNoZHeaL+HO/9lFXxkGpYsi1nbmSsOGmkmT2dzVuXtRX2TOi
ZS6ImmZAKWuWIUhneFjR/c0agC1ezTh4opoQY5QBROWOgmcsnUZ3I4yqNDqllQxk
XjqbVKAjXdsWE3JmvQyTSj8K8LWor85XW8s/spi99Vi9Is+xYIFCYsdX6ZeslX4h
KDEr7YcSCpWrg6BSOe5a+kaue3hm60Lkx+SEthiF9dqHL243iHUNLM+DH46QDLLm
lweGPVM7aW+JuSzmcg7nevCJ0JoxGkV0sg1QZx2YyQFWbM9KSOZbquixqwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFDah2uzhxuh4VG29EzPaCf64v/AYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdhLzc0NWM2
NS1iODc3LTQ1ZjItYjg5OC1iMzBiMGU1MjY1YTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2EvNzQ1YzY1
LWI4NzctNDVmMi1iODk4LWIzMGIwZTUyNjVhOC8xL05xSGE3T0hHNkhoVWJiMFRN
OW9KX3JpXzhCZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwaIFMA0GCSqGSIb3DQEBCwUAA4IBAQCWpDw6
yj9yA0w5HzRhYawnubj3LnYgF/npXxMEyD2OoPUgt8XpeGyzRT8rIT20lnau2x+P
bEKJByjQVRNXpC94zizsob0W14HWocx2v8vjGAM706kUTccA+9SfEnyEf5+4SRYB
h0RhuFqazYUCG4gqbPBSb/bYzkMA6E3AJ0XKM86UEZazZ55615MRBnBKv2NsrcHH
vvbFcw/YU1fseywvwuscAjauRqxtnpNND+g1yQ0t2p4YntZfnxPH/RdagASBaJMj
FnyYoZqG8n0k/KhweRw/08ukdHd8+5hUHxUZWw5tLAG5RLIuvv0oDjCEfTK0ywcx
YkuupDsFBB7aETII
-----END CERTIFICATE-----