Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.cer
File:                     NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.cer (raw, json)
Hash identifier:          k5KW5V3Jghie9uy1dU2Bvsv1jPmzIP0ItsVpFhpPpMM=
Subject key identifier:   36:A1:DA:EC:E1:C6:E8:78:54:6D:BD:13:33:DA:09:FE:B8:BF:F0:18
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0192512B4DA1A8B2E7FD0654BBDD0FCEBEEA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 03 Oct 2024 06:57:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.162.5.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:2b:4d:a1:a8:b2:e7:fd:06:54:bb:dd:0f:ce:be:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct  3 06:57:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36a1daece1c6e878546dbd1333da09feb8bff018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ce:53:d7:01:db:d4:ee:58:fa:66:58:46:eb:
                    76:e0:9d:f2:f7:6e:f3:65:fa:4c:61:3f:b4:25:9e:
                    b7:ad:84:59:64:da:19:1d:e6:8b:f8:73:bf:f6:51:
                    57:c6:41:a9:62:c8:b5:9d:b9:92:b0:e1:a6:92:64:
                    f6:77:35:6e:5e:d4:57:d9:33:a2:65:2e:88:9a:66:
                    40:29:6b:96:21:48:67:78:58:d1:fd:cd:1a:80:2d:
                    5e:cd:38:78:a2:9a:10:63:94:01:44:e5:8e:82:67:
                    2c:9d:46:77:23:8c:aa:34:3a:a5:95:0c:64:5e:3a:
                    9b:54:a0:23:5d:db:16:13:72:66:bd:0c:93:4a:3f:
                    0a:f0:b5:a8:af:ce:57:5b:cb:3f:b2:98:bd:f5:58:
                    bd:22:cf:b1:60:81:42:62:c7:57:e9:97:ac:95:7e:
                    21:28:31:2b:ed:87:12:0a:95:ab:83:a0:52:39:ee:
                    5a:fa:46:ae:7b:78:66:eb:42:e4:c7:e4:84:b6:18:
                    85:f5:da:87:2f:6e:37:88:75:0d:2c:cf:83:1f:8e:
                    90:0c:b2:e6:97:07:86:3d:53:3b:69:6f:89:b9:2c:
                    e6:72:0e:e7:7a:f0:89:d0:9a:31:1a:45:74:b2:0d:
                    50:67:1d:98:c9:01:56:6c:cf:4a:48:e6:5b:aa:e8:
                    b1:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A1:DA:EC:E1:C6:E8:78:54:6D:BD:13:33:DA:09:FE:B8:BF:F0:18
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:1d:34:38:89:69:71:13:cc:78:c2:e8:2d:7d:92:40:57:8f:
         62:03:d0:2a:9e:4e:56:a8:02:73:dd:1c:b7:de:f2:01:05:42:
         57:29:aa:a9:85:8c:6f:d3:64:f2:27:8e:c4:be:95:8b:ea:0f:
         73:a4:12:81:7e:4a:cb:79:4e:d6:60:e4:fd:2c:fc:2a:e9:a3:
         b1:55:1a:26:58:b3:69:47:a8:24:fa:ae:65:0f:f2:9c:bf:5a:
         2c:fe:6b:4c:78:4f:7e:b6:8e:99:b4:50:2c:98:3c:5f:45:6d:
         0e:ac:b3:b2:8c:b0:42:da:1d:34:8f:6e:0a:28:c1:0f:88:39:
         6c:32:a1:4e:d7:8c:ea:6d:dd:4a:f5:db:6d:87:bb:94:58:55:
         82:72:49:47:b7:ce:71:0b:37:26:eb:82:9e:8c:44:37:6a:78:
         af:ca:d8:a3:7a:bd:aa:19:30:1e:b4:86:b1:89:6d:83:14:ca:
         b8:6e:08:07:f7:79:25:3b:f5:32:f5:21:96:48:77:c4:89:bb:
         2e:54:fc:00:ea:fe:45:3b:88:85:93:69:0d:97:0e:7e:90:e8:
         e6:15:60:a5:64:51:b1:91:f9:b8:45:c0:77:96:bc:e3:9f:5c:
         ed:6c:45:93:4c:93:39:e9:08:ca:25:3e:0c:f4:af:aa:0f:fb:
         dd:c4:15:a9
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZJRK02hqLLn/QZUu90Pzr7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMDAzMDY1NzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmExZGFlY2UxYzZlODc4NTQ2ZGJkMTMzM2RhMDlmZWI4YmZmMDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsc5T1wHb1O5Y+mZYRut24J3y927z
ZfpMYT+0JZ63rYRZZNoZHeaL+HO/9lFXxkGpYsi1nbmSsOGmkmT2dzVuXtRX2TOi
ZS6ImmZAKWuWIUhneFjR/c0agC1ezTh4opoQY5QBROWOgmcsnUZ3I4yqNDqllQxk
XjqbVKAjXdsWE3JmvQyTSj8K8LWor85XW8s/spi99Vi9Is+xYIFCYsdX6ZeslX4h
KDEr7YcSCpWrg6BSOe5a+kaue3hm60Lkx+SEthiF9dqHL243iHUNLM+DH46QDLLm
lweGPVM7aW+JuSzmcg7nevCJ0JoxGkV0sg1QZx2YyQFWbM9KSOZbquixqwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFDah2uzhxuh4VG29EzPaCf64v/AYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdhLzc0NWM2
NS1iODc3LTQ1ZjItYjg5OC1iMzBiMGU1MjY1YTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2EvNzQ1YzY1
LWI4NzctNDVmMi1iODk4LWIzMGIwZTUyNjVhOC8xL05xSGE3T0hHNkhoVWJiMFRN
OW9KX3JpXzhCZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwaIFMA0GCSqGSIb3DQEBCwUAA4IBAQCBHTQ4
iWlxE8x4wugtfZJAV49iA9Aqnk5WqAJz3Ry33vIBBUJXKaqphYxv02TyJ47EvpWL
6g9zpBKBfkrLeU7WYOT9LPwq6aOxVRomWLNpR6gk+q5lD/Kcv1os/mtMeE9+to6Z
tFAsmDxfRW0OrLOyjLBC2h00j24KKMEPiDlsMqFO14zqbd1K9dtth7uUWFWCcklH
t85xCzcm64KejEQ3anivytijer2qGTAetIaxiW2DFMq4bggH93klO/Uy9SGWSHfE
ibsuVPwA6v5FO4iFk2kNlw5+kOjmFWClZFGxkfm4RcB3lrzjn1ztbEWTTJM56QjK
JT4M9K+qD/vdxBWp
-----END CERTIFICATE-----