Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nKMZ6lHIADqtlKjifOaUkqouM6g.cer
File:                     nKMZ6lHIADqtlKjifOaUkqouM6g.cer (raw, json)
Hash identifier:          EPskQbRm35rQhFciFMK28gEWm0kmxgPEvQSR1DWSie0=
Subject key identifier:   9C:A3:19:EA:51:C8:00:3A:AD:94:A8:E2:7C:E6:94:92:AA:2E:33:A8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D61719DDC532C7B10EB5D1FF975FE3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/nKMZ6lHIADqtlKjifOaUkqouM6g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 34578
                          IP: 2a00:9480::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:17:19:dd:c5:32:c7:b1:0e:b5:d1:ff:97:5f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ca319ea51c8003aad94a8e27ce69492aa2e33a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2d:e1:b9:99:a3:5f:54:fb:fa:22:a6:e9:03:
                    bb:27:47:d6:58:66:3d:1d:39:df:87:51:4f:8e:73:
                    f5:35:d1:c1:48:75:0c:a4:4e:15:e9:f7:cd:ef:67:
                    e7:f1:27:80:a1:4a:3d:4d:61:45:53:4c:92:82:6e:
                    ca:58:99:8d:8f:04:a3:3a:e0:4e:6f:e7:64:1e:8c:
                    a5:ec:ca:53:52:31:d3:f0:d3:30:c6:84:52:83:50:
                    5f:e9:73:ab:e6:1c:ac:10:59:05:d6:02:0c:22:5c:
                    c9:b6:ce:75:60:d4:03:12:4a:83:c2:6f:96:b2:a0:
                    a2:73:ab:d2:0d:5f:47:e4:0d:b1:c2:c7:13:1e:f0:
                    d0:b6:83:c9:57:e9:24:2e:f0:66:d2:9e:6e:56:2c:
                    6f:e3:d7:2e:99:41:cf:87:11:8b:fc:2b:44:f1:7f:
                    f3:47:57:1d:d8:9e:55:70:72:cb:90:43:c9:f0:14:
                    ab:7e:d2:dc:83:34:6e:c4:ef:79:62:09:29:28:be:
                    6c:6a:93:0b:41:49:eb:6b:28:74:dc:9b:3d:5a:79:
                    19:7c:89:64:71:6c:c0:59:2d:b9:b8:44:6c:c4:f6:
                    ca:ee:32:35:3a:da:c5:ae:17:a5:bc:9c:10:62:f0:
                    4a:33:4e:ff:eb:88:32:85:53:c8:42:30:6d:77:28:
                    bb:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A3:19:EA:51:C8:00:3A:AD:94:A8:E2:7C:E6:94:92:AA:2E:33:A8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/nKMZ6lHIADqtlKjifOaUkqouM6g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:9480::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34578

    Signature Algorithm: sha256WithRSAEncryption
         5b:32:de:c1:9b:01:af:eb:e9:a3:d6:e1:30:1f:89:25:b9:1e:
         54:3a:fb:49:82:fc:0e:5a:87:0d:cc:b6:cc:73:64:0f:46:3b:
         c8:3e:84:8f:0d:73:be:27:92:1a:b6:be:09:23:d2:a9:f5:f7:
         7d:2f:07:2b:95:fe:36:49:8a:e4:75:98:26:fa:6e:7f:c5:9d:
         18:00:fe:82:22:08:0a:13:8a:28:58:83:5b:64:45:76:6c:e5:
         90:7b:4f:53:ec:54:e9:ea:af:17:f0:fe:5a:dc:ec:1c:38:90:
         b5:74:91:93:87:c5:5a:46:d8:48:6b:14:81:16:ee:34:37:e4:
         ed:5e:77:bc:55:d3:d1:30:6a:64:fb:e0:50:6b:1b:80:12:52:
         dd:e8:18:12:0a:fa:c4:46:7a:f7:6b:03:3f:03:66:6b:73:1c:
         5a:27:48:49:e2:45:c7:98:bc:07:4c:f0:1a:59:0e:c2:3b:f0:
         24:58:d1:50:51:4d:7d:79:d5:4f:64:c5:1f:3d:31:f9:0c:c9:
         ec:56:63:0c:26:1d:00:72:60:e9:fe:fe:04:7f:d1:d3:8b:ce:
         ee:c5:80:c9:98:8e:60:b9:5f:01:b0:4b:3b:fe:ea:c1:69:2f:
         4b:fb:66:16:4b:de:1a:31:8e:d5:d1:b6:e5:d5:6a:f3:73:3c:
         9c:e5:96:97
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZQg1hcZ3cUyx7EOtdH/l1/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2EzMTllYTUxYzgwMDNhYWQ5NGE4ZTI3Y2U2OTQ5MmFhMmUzM2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri3huZmjX1T7+iKm6QO7J0fWWGY9
HTnfh1FPjnP1NdHBSHUMpE4V6ffN72fn8SeAoUo9TWFFU0ySgm7KWJmNjwSjOuBO
b+dkHoyl7MpTUjHT8NMwxoRSg1Bf6XOr5hysEFkF1gIMIlzJts51YNQDEkqDwm+W
sqCic6vSDV9H5A2xwscTHvDQtoPJV+kkLvBm0p5uVixv49cumUHPhxGL/CtE8X/z
R1cd2J5VcHLLkEPJ8BSrftLcgzRuxO95YgkpKL5sapMLQUnrayh03Js9WnkZfIlk
cWzAWS25uERsxPbK7jI1OtrFrhelvJwQYvBKM07/64gyhVPIQjBtdyi7twIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFJyjGepRyAA6rZSo4nzmlJKqLjOoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwLzYxNDk0
Yy0wNzQ0LTQ5OTEtYWI2Ny0wYWQzYzc5NjJjMDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvNjE0OTRj
LTA3NDQtNDk5MS1hYjY3LTBhZDNjNzk2MmMwOS8xL25LTVo2bEhJQURxdGxLamlm
T2FVa3FvdU02Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUAKgCUgDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMAhxIwDQYJKoZIhvcNAQELBQADggEBAFsy3sGbAa/r6aPW4TAfiSW5HlQ6+0mC
/A5ahw3MtsxzZA9GO8g+hI8Nc74nkhq2vgkj0qn1930vByuV/jZJiuR1mCb6bn/F
nRgA/oIiCAoTiihYg1tkRXZs5ZB7T1PsVOnqrxfw/lrc7Bw4kLV0kZOHxVpG2Ehr
FIEW7jQ35O1ed7xV09EwamT74FBrG4ASUt3oGBIK+sRGevdrAz8DZmtzHFonSEni
RceYvAdM8BpZDsI78CRY0VBRTX151U9kxR89MfkMyexWYwwmHQByYOn+/gR/0dOL
zu7FgMmYjmC5XwGwSzv+6sFpL0v7ZhZL3hoxjtXRtuXVavNzPJzllpc=
-----END CERTIFICATE-----