Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NsqBo3iofgQ8SIP73vTunxOgJKc.cer
File:                     NsqBo3iofgQ8SIP73vTunxOgJKc.cer (raw, json)
Hash identifier:          tpE6721e01KRYvaE4LXacSvSz1/8qhZNfc+9QVqByN8=
Subject key identifier:   36:CA:81:A3:78:A8:7E:04:3C:48:83:FB:DE:F4:EE:9F:13:A0:24:A7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4245F953A93CE967484B29EA2DB3987
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/50/58b206-5744-439d-be73-473660b31b16/1/NsqBo3iofgQ8SIP73vTunxOgJKc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/50/58b206-5744-439d-be73-473660b31b16/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.244.161.0/24
                          IP: 2a12:41c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5f:95:3a:93:ce:96:74:84:b2:9e:a2:db:39:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36ca81a378a87e043c4883fbdef4ee9f13a024a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:24:dd:6f:07:db:a6:cb:b4:1a:95:70:36:fa:
                    7f:00:ea:ce:3e:3d:b7:0e:a0:32:4d:a6:b8:31:30:
                    76:9c:85:7c:0b:8a:08:af:7a:57:6e:62:d2:e4:32:
                    af:47:c3:7a:d4:e8:3d:8b:bd:b9:59:28:26:c3:d4:
                    50:d9:e0:d5:23:bc:9b:7b:e4:4f:3a:cc:b5:d4:6b:
                    c5:9e:06:ff:c5:a2:0e:e6:48:71:3a:2e:5f:19:f9:
                    88:23:83:e6:16:72:01:d3:7b:7d:6b:eb:da:92:a7:
                    12:cd:7e:cf:42:8a:85:bf:dc:be:b2:8c:7d:6a:4b:
                    e3:59:3b:4c:31:37:67:d5:79:91:66:28:5e:ce:e4:
                    2a:74:23:06:8d:63:c4:36:40:af:55:75:a3:00:b3:
                    a8:31:4c:0e:5b:4f:07:f0:b2:d3:bb:6d:3e:24:67:
                    51:ad:ce:ca:48:a3:96:70:0d:19:d7:4b:27:e9:0a:
                    fa:8d:8a:1d:5a:7f:82:12:96:91:2a:3e:22:cd:5d:
                    ec:54:18:6f:e0:55:06:0c:dd:6a:8a:7c:3e:98:c1:
                    3a:21:68:64:1b:e6:7c:be:63:c1:7b:69:81:6a:e2:
                    f1:63:6a:ff:b6:30:b6:d4:93:7a:7e:34:a4:3a:b8:
                    f9:a6:2e:4d:90:c3:a7:69:c0:77:13:8d:6e:d2:6c:
                    cf:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:CA:81:A3:78:A8:7E:04:3C:48:83:FB:DE:F4:EE:9F:13:A0:24:A7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/58b206-5744-439d-be73-473660b31b16/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/58b206-5744-439d-be73-473660b31b16/1/NsqBo3iofgQ8SIP73vTunxOgJKc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.161.0/24
                IPv6:
                  2a12:41c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:e5:3d:5a:1e:36:4a:e8:16:ae:b4:51:cb:f2:fe:85:f1:16:
         62:7b:4b:cb:fc:73:6a:cb:cd:e5:f7:14:06:66:00:41:36:90:
         ec:83:27:79:dd:7c:5e:ef:24:e9:aa:6f:fb:ed:ff:e0:01:4b:
         f4:99:e7:f4:26:a4:d7:e6:83:66:4f:a3:f4:bc:b6:92:c6:98:
         27:5e:48:39:83:23:1d:2e:d6:95:0e:f4:a6:e6:e8:43:39:c2:
         e8:de:7a:c4:20:73:f3:98:25:df:50:df:29:04:73:9b:91:b2:
         2f:47:a1:09:37:77:a0:60:e3:7d:20:52:32:cc:8f:8e:da:32:
         20:92:9d:96:f1:ad:7c:09:2b:0b:86:33:3b:21:37:39:67:93:
         e2:40:26:90:0b:d9:64:12:7e:37:53:08:31:f7:fe:1f:62:32:
         3b:1a:05:28:47:99:40:93:ae:6b:87:7d:fc:ea:44:c7:2b:15:
         a3:2e:a2:0e:e4:f7:fb:28:7f:7d:cc:a6:08:34:22:f0:ae:df:
         73:3e:ec:ea:a9:93:c8:b6:15:ca:97:d7:ea:3c:3b:81:f6:26:
         97:a4:8b:2c:57:37:01:62:a0:9d:2d:a2:f1:4c:a6:cc:f2:19:
         d7:95:8f:99:c0:4a:c4:85:99:11:9f:73:05:03:9d:0d:c9:95:
         27:c5:1f:1b
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzEJF+VOpPOlnSEsp6i2zmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmNhODFhMzc4YTg3ZTA0M2M0ODgzZmJkZWY0ZWU5ZjEzYTAyNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyTdbwfbpsu0GpVwNvp/AOrOPj23
DqAyTaa4MTB2nIV8C4oIr3pXbmLS5DKvR8N61Og9i725WSgmw9RQ2eDVI7ybe+RP
Osy11GvFngb/xaIO5khxOi5fGfmII4PmFnIB03t9a+vakqcSzX7PQoqFv9y+sox9
akvjWTtMMTdn1XmRZihezuQqdCMGjWPENkCvVXWjALOoMUwOW08H8LLTu20+JGdR
rc7KSKOWcA0Z10sn6Qr6jYodWn+CEpaRKj4izV3sVBhv4FUGDN1qinw+mME6IWhk
G+Z8vmPBe2mBauLxY2r/tjC21JN6fjSkOrj5pi5NkMOnacB3E41u0mzPtQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDbKgaN4qH4EPEiD+9707p8ToCSnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUwLzU4YjIw
Ni01NzQ0LTQzOWQtYmU3My00NzM2NjBiMzFiMTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTAvNThiMjA2
LTU3NDQtNDM5ZC1iZTczLTQ3MzY2MGIzMWIxNi8xL05zcUJvM2lvZmdROFNJUDcz
dlR1bnhPZ0pLYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAufShMA0EAgACMAcDBQMqEkHAMA0GCSqGSIb3
DQEBCwUAA4IBAQCG5T1aHjZK6BautFHL8v6F8RZie0vL/HNqy83l9xQGZgBBNpDs
gyd53Xxe7yTpqm/77f/gAUv0mef0JqTX5oNmT6P0vLaSxpgnXkg5gyMdLtaVDvSm
5uhDOcLo3nrEIHPzmCXfUN8pBHObkbIvR6EJN3egYON9IFIyzI+O2jIgkp2W8a18
CSsLhjM7ITc5Z5PiQCaQC9lkEn43Uwgx9/4fYjI7GgUoR5lAk65rh3386kTHKxWj
LqIO5Pf7KH99zKYINCLwrt9zPuzqqZPIthXKl9fqPDuB9iaXpIssVzcBYqCdLaLx
TKbM8hnXlY+ZwErEhZkRn3MFA50NyZUnxR8b
-----END CERTIFICATE-----