Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NxYpWi0WQ853rHom4CJke8R5Awc.cer
File:                     NxYpWi0WQ853rHom4CJke8R5Awc.cer (raw, json)
Hash identifier:          OUIN2Dz3jAy7RADJi3csE49ZWjNlgHy7JcYLf97re3I=
Subject key identifier:   37:16:29:5A:2D:16:43:CE:77:AC:7A:26:E0:22:64:7B:C4:79:03:07
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D524296D8A1CADC7AB8A8EFAF36F0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/23/627e0c-fe27-4f1c-aab6-ce252b9eebab/1/NxYpWi0WQ853rHom4CJke8R5Awc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/23/627e0c-fe27-4f1c-aab6-ce252b9eebab/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199830

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:52:42:96:d8:a1:ca:dc:7a:b8:a8:ef:af:36:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3716295a2d1643ce77ac7a26e022647bc4790307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:da:29:fd:6f:b3:33:07:09:11:31:74:ed:0c:
                    61:fe:81:64:8b:65:68:09:46:ff:2a:35:d0:b8:26:
                    15:3b:49:9f:96:62:d7:44:63:5f:49:2b:8d:fc:ba:
                    cd:77:cd:33:bd:9c:33:c5:13:15:8a:8f:08:bc:fa:
                    76:c3:7e:95:95:4a:63:b3:77:89:c6:03:be:3a:eb:
                    68:8d:ec:6e:9c:14:d5:e3:05:b5:77:04:68:14:4a:
                    fd:39:b9:33:4f:32:b0:39:a3:e3:8e:2f:ec:db:9a:
                    52:ab:c2:15:55:ce:0a:e8:36:0d:64:ea:30:ac:56:
                    5f:35:c8:7a:09:46:2b:60:3f:ed:c9:69:9a:de:ea:
                    25:f3:da:c0:dc:5a:a3:64:7f:da:74:5e:4b:25:25:
                    5e:d9:d7:5b:45:c6:bd:fa:1b:7c:b1:a1:11:57:38:
                    4e:a8:c6:66:d4:f4:54:7d:cc:67:31:2b:04:60:d2:
                    6f:66:d5:00:24:14:88:79:f8:d9:2d:e8:3b:a6:dc:
                    c6:15:3c:ab:46:2f:3c:61:b3:7d:dc:80:09:18:2f:
                    d5:2d:91:66:b6:c7:b2:7e:a1:72:7d:92:65:52:c2:
                    92:8c:98:e2:11:7c:29:d9:33:64:80:3e:a3:48:40:
                    91:c2:7d:1d:b3:88:42:52:ab:5b:07:2a:35:7e:53:
                    a3:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:16:29:5A:2D:16:43:CE:77:AC:7A:26:E0:22:64:7B:C4:79:03:07
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/627e0c-fe27-4f1c-aab6-ce252b9eebab/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/627e0c-fe27-4f1c-aab6-ce252b9eebab/1/NxYpWi0WQ853rHom4CJke8R5Awc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199830

    Signature Algorithm: sha256WithRSAEncryption
         a8:5f:87:ce:2a:72:c6:43:40:8d:a6:92:c0:3d:16:7f:89:e8:
         ea:ed:f8:5b:2d:09:54:f8:74:2c:82:52:1e:21:7a:7a:b4:cb:
         34:80:73:2a:e7:45:6a:f9:f1:51:c1:8b:a8:c1:6b:23:08:ac:
         ea:fa:5d:17:8a:b6:c0:4e:77:20:28:92:0c:72:3d:6c:2a:bb:
         f6:00:09:71:ed:ef:4d:b4:f1:c9:2a:16:41:63:59:38:44:e2:
         f0:9a:44:37:08:64:11:d3:a3:06:18:3e:b8:59:79:4e:53:bf:
         2e:27:8b:fc:ec:01:51:09:dd:67:36:1a:6f:44:c9:5f:40:14:
         96:be:e1:b1:e3:8e:82:3a:1d:4b:3b:23:10:20:2c:ca:fa:58:
         9d:6c:8c:bd:45:ac:7f:0e:5c:18:60:52:85:76:2c:45:2d:ce:
         c1:62:7b:09:87:70:c8:e1:64:82:4f:c0:66:a3:15:82:d6:58:
         b1:49:c7:6c:86:ed:7e:c7:6f:88:7b:de:16:7d:11:0b:0d:26:
         51:ee:5b:9c:df:54:53:66:8e:24:ad:f8:b6:cc:05:e9:f2:eb:
         ed:c9:40:03:ae:8f:3d:61:8c:67:e5:c8:0d:93:b3:eb:0e:d3:
         47:19:c4:f4:15:4e:49:d4:9c:9d:0c:88:36:af:21:cf:90:f8:
         8f:70:dd:7d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzCbVJCltihytx6uKjvrzbwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzE2Mjk1YTJkMTY0M2NlNzdhYzdhMjZlMDIyNjQ3YmM0NzkwMzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudop/W+zMwcJETF07Qxh/oFki2Vo
CUb/KjXQuCYVO0mflmLXRGNfSSuN/LrNd80zvZwzxRMVio8IvPp2w36VlUpjs3eJ
xgO+OutojexunBTV4wW1dwRoFEr9ObkzTzKwOaPjji/s25pSq8IVVc4K6DYNZOow
rFZfNch6CUYrYD/tyWma3uol89rA3FqjZH/adF5LJSVe2ddbRca9+ht8saERVzhO
qMZm1PRUfcxnMSsEYNJvZtUAJBSIefjZLeg7ptzGFTyrRi88YbN93IAJGC/VLZFm
tseyfqFyfZJlUsKSjJjiEXwp2TNkgD6jSECRwn0ds4hCUqtbByo1flOj3QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDcWKVotFkPOd6x6JuAiZHvEeQMHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIzLzYyN2Uw
Yy1mZTI3LTRmMWMtYWFiNi1jZTI1MmI5ZWViYWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvNjI3ZTBj
LWZlMjctNGYxYy1hYWI2LWNlMjUyYjllZWJhYi8xL054WXBXaTBXUTg1M3JIb200
Q0prZThSNUF3Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMMljANBgkqhkiG9w0BAQsFAAOCAQEAqF+HzipyxkNA
jaaSwD0Wf4no6u34Wy0JVPh0LIJSHiF6erTLNIBzKudFavnxUcGLqMFrIwis6vpd
F4q2wE53ICiSDHI9bCq79gAJce3vTbTxySoWQWNZOETi8JpENwhkEdOjBhg+uFl5
TlO/LieL/OwBUQndZzYab0TJX0AUlr7hseOOgjodSzsjECAsyvpYnWyMvUWsfw5c
GGBShXYsRS3OwWJ7CYdwyOFkgk/AZqMVgtZYsUnHbIbtfsdviHveFn0RCw0mUe5b
nN9UU2aOJK34tswF6fLr7clAA66PPWGMZ+XIDZOz6w7TRxnE9BVOSdScnQyINq8h
z5D4j3DdfQ==
-----END CERTIFICATE-----