Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nA1VQL3NMwUrwA__JmM4vzzIKoA.cer
File:                     nA1VQL3NMwUrwA__JmM4vzzIKoA.cer (raw, json)
Hash identifier:          cPnP4FvssChzCtYrbHOaoeRATHtUS/HGY4MBp1h0/+M=
Subject key identifier:   9C:0D:55:40:BD:CD:33:05:2B:C0:0F:FF:26:63:38:BF:3C:C8:2A:80
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D7D45E300BE8DF494F17C64C5EE8A1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/nA1VQL3NMwUrwA__JmM4vzzIKoA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:48:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 195.96.137.0/24
                          IP: 2a12:c800::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 20:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:d4:5e:30:0b:e8:df:49:4f:17:c6:4c:5e:e8:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c0d5540bdcd33052bc00fff266338bf3cc82a80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3f:5a:8c:a0:65:69:e4:12:72:eb:bb:1e:37:
                    28:45:15:56:ec:70:93:a1:05:b7:9f:02:cc:d8:e5:
                    1b:a2:44:81:35:64:c3:ee:6c:bd:c4:66:bb:40:a6:
                    39:0e:7c:f5:88:d3:52:e8:a5:7e:96:26:59:41:9e:
                    54:89:58:e7:85:d3:be:94:44:63:bb:00:fe:a3:e4:
                    4e:a6:53:d1:9b:99:ce:05:a7:c6:f2:39:b1:f2:a9:
                    f6:93:b5:36:63:4e:af:01:e0:a3:65:ac:2a:31:a2:
                    bb:92:ba:9c:b5:62:58:7d:1e:0e:bf:02:96:c8:22:
                    09:92:5d:ea:76:24:eb:c9:49:6d:3e:e5:a8:6d:6e:
                    82:af:ca:99:50:c0:05:e9:90:25:ab:38:ce:89:64:
                    23:8b:4b:cc:9f:f1:0d:a1:9b:70:fb:84:b8:49:9d:
                    4c:35:ac:c8:ab:3c:67:52:54:4e:f1:d4:27:68:5b:
                    6e:be:34:e4:bc:13:2f:6f:2e:ad:9a:dc:48:1f:db:
                    94:73:3d:37:de:de:be:76:82:ca:5b:e2:67:da:c4:
                    94:60:7d:6d:53:d0:16:d0:d3:d3:de:56:5c:63:f5:
                    65:ca:7b:72:11:f9:8d:fe:c6:2e:95:b1:2e:5a:40:
                    ce:80:b3:6f:9b:5c:36:77:74:9d:c5:2f:83:3c:b7:
                    8b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:0D:55:40:BD:CD:33:05:2B:C0:0F:FF:26:63:38:BF:3C:C8:2A:80
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/nA1VQL3NMwUrwA__JmM4vzzIKoA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.137.0/24
                IPv6:
                  2a12:c800::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:77:4f:5a:a3:88:45:25:71:7c:72:76:41:c8:15:5f:4b:47:
         2c:5d:9d:cb:6a:40:25:0e:4b:33:f5:04:c3:04:af:e7:f1:85:
         bc:15:87:e9:e4:f2:85:aa:56:ad:a2:96:cc:ad:63:b0:dd:8f:
         16:cb:14:71:be:3d:9e:27:02:af:fe:33:ec:dc:d8:4f:17:a7:
         9f:8d:98:43:6a:20:6c:30:44:60:14:29:7c:67:a1:c6:8c:da:
         5f:94:50:df:2d:79:0c:71:98:b7:76:29:6e:0f:0b:f8:50:bf:
         34:8a:86:c1:84:80:0f:86:cf:71:18:37:ac:cd:87:36:ca:ba:
         fe:ce:cf:84:65:b1:62:bf:4d:bc:5a:c4:bf:25:53:9c:84:ea:
         66:28:d5:83:9a:b1:eb:ce:b4:1c:e0:90:6a:43:6c:69:8a:56:
         6a:26:dd:fe:90:cc:7e:42:05:be:74:3c:0a:d8:e7:46:3a:43:
         8a:93:1b:67:24:63:75:c4:52:7e:48:d2:9a:f8:ba:7b:5a:74:
         0a:64:ec:42:21:ee:ac:e9:fb:a2:b7:c3:d9:d5:d8:ba:84:86:
         94:bf:b3:bc:d2:71:f6:47:2c:67:0c:b2:15:95:19:29:81:89:
         0f:f1:f7:f2:18:44:c3:cc:1f:34:9a:d0:66:ca:e8:a2:83:96:
         8f:67:f7:e2
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQj19ReMAvo30lPF8ZMXuihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzBkNTU0MGJkY2QzMzA1MmJjMDBmZmYyNjYzMzhiZjNjYzgyYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj9ajKBlaeQScuu7HjcoRRVW7HCT
oQW3nwLM2OUbokSBNWTD7my9xGa7QKY5Dnz1iNNS6KV+liZZQZ5UiVjnhdO+lERj
uwD+o+ROplPRm5nOBafG8jmx8qn2k7U2Y06vAeCjZawqMaK7krqctWJYfR4OvwKW
yCIJkl3qdiTryUltPuWobW6Cr8qZUMAF6ZAlqzjOiWQji0vMn/ENoZtw+4S4SZ1M
NazIqzxnUlRO8dQnaFtuvjTkvBMvby6tmtxIH9uUcz033t6+doLKW+Jn2sSUYH1t
U9AW0NPT3lZcY/VlyntyEfmN/sYulbEuWkDOgLNvm1w2d3SdxS+DPLeLQQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJwNVUC9zTMFK8AP/yZjOL88yCqAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEyLzcwZGRj
NC1mOWM0LTQ5OGItODVlZS0xNmZjOWQ0NGVjN2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIvNzBkZGM0
LWY5YzQtNDk4Yi04NWVlLTE2ZmM5ZDQ0ZWM3ZC8xL25BMVZRTDNOTXdVcndBX19K
bU00dnp6SUtvQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAw2CJMA0EAgACMAcDBQMqEsgAMA0GCSqGSIb3
DQEBCwUAA4IBAQBqd09ao4hFJXF8cnZByBVfS0csXZ3LakAlDksz9QTDBK/n8YW8
FYfp5PKFqlatopbMrWOw3Y8WyxRxvj2eJwKv/jPs3NhPF6efjZhDaiBsMERgFCl8
Z6HGjNpflFDfLXkMcZi3diluDwv4UL80iobBhIAPhs9xGDeszYc2yrr+zs+EZbFi
v028WsS/JVOchOpmKNWDmrHrzrQc4JBqQ2xpilZqJt3+kMx+QgW+dDwK2OdGOkOK
kxtnJGN1xFJ+SNKa+Lp7WnQKZOxCIe6s6fuit8PZ1di6hIaUv7O80nH2RyxnDLIV
lRkpgYkP8ffyGETDzB80mtBmyuiig5aPZ/fi
-----END CERTIFICATE-----