Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nKMZ6lHIADqtlKjifOaUkqouM6g.cer
File:                     nKMZ6lHIADqtlKjifOaUkqouM6g.cer (raw, json)
Hash identifier:          8JKzmoVkAA/p/g5v4B06FIB3v0We41+w9pGr64KflR4=
Subject key identifier:   9C:A3:19:EA:51:C8:00:3A:AD:94:A8:E2:7C:E6:94:92:AA:2E:33:A8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BB387F8A68DE21E4C7C9256136F59B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/nKMZ6lHIADqtlKjifOaUkqouM6g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:32:19 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 34578
                          IP: 2a00:9480::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:38:7f:8a:68:de:21:e4:c7:c9:25:61:36:f5:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ca319ea51c8003aad94a8e27ce69492aa2e33a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2d:e1:b9:99:a3:5f:54:fb:fa:22:a6:e9:03:
                    bb:27:47:d6:58:66:3d:1d:39:df:87:51:4f:8e:73:
                    f5:35:d1:c1:48:75:0c:a4:4e:15:e9:f7:cd:ef:67:
                    e7:f1:27:80:a1:4a:3d:4d:61:45:53:4c:92:82:6e:
                    ca:58:99:8d:8f:04:a3:3a:e0:4e:6f:e7:64:1e:8c:
                    a5:ec:ca:53:52:31:d3:f0:d3:30:c6:84:52:83:50:
                    5f:e9:73:ab:e6:1c:ac:10:59:05:d6:02:0c:22:5c:
                    c9:b6:ce:75:60:d4:03:12:4a:83:c2:6f:96:b2:a0:
                    a2:73:ab:d2:0d:5f:47:e4:0d:b1:c2:c7:13:1e:f0:
                    d0:b6:83:c9:57:e9:24:2e:f0:66:d2:9e:6e:56:2c:
                    6f:e3:d7:2e:99:41:cf:87:11:8b:fc:2b:44:f1:7f:
                    f3:47:57:1d:d8:9e:55:70:72:cb:90:43:c9:f0:14:
                    ab:7e:d2:dc:83:34:6e:c4:ef:79:62:09:29:28:be:
                    6c:6a:93:0b:41:49:eb:6b:28:74:dc:9b:3d:5a:79:
                    19:7c:89:64:71:6c:c0:59:2d:b9:b8:44:6c:c4:f6:
                    ca:ee:32:35:3a:da:c5:ae:17:a5:bc:9c:10:62:f0:
                    4a:33:4e:ff:eb:88:32:85:53:c8:42:30:6d:77:28:
                    bb:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A3:19:EA:51:C8:00:3A:AD:94:A8:E2:7C:E6:94:92:AA:2E:33:A8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/nKMZ6lHIADqtlKjifOaUkqouM6g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:9480::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34578

    Signature Algorithm: sha256WithRSAEncryption
         32:fd:89:73:0e:e5:2c:e9:8d:ca:29:62:43:5f:80:7e:df:79:
         36:cb:ee:25:7d:dd:67:7d:3b:f0:8d:66:ef:62:ce:1d:8b:2f:
         e2:88:d1:45:47:f7:2e:e6:92:e5:3a:99:0a:76:ff:06:de:6e:
         7f:6f:cd:8d:b0:fe:de:4f:2b:8a:04:b3:7f:9e:1c:bc:d0:f3:
         ab:ab:3a:94:c3:ca:f6:2f:2c:9d:66:2a:10:57:e7:74:5b:14:
         39:54:46:92:8f:12:ed:38:e4:9a:dd:cf:8e:92:f4:42:c4:bf:
         28:cf:f6:2e:1b:a0:6d:ad:90:91:40:96:db:ce:18:ca:76:ba:
         06:d9:85:f2:2b:2d:9a:0e:86:45:32:29:f6:4b:67:f3:da:8f:
         50:38:03:f9:14:0a:14:6e:ea:98:98:b0:00:1e:28:04:88:ac:
         21:79:04:d3:3c:0b:7f:8e:e6:ee:0d:ec:49:93:17:95:08:e5:
         69:b5:8e:64:e7:fd:fa:98:22:a8:9d:8b:c1:e8:e8:ec:63:dc:
         69:4e:76:3e:d2:4f:5c:ba:2c:9b:a4:72:71:4e:f9:18:11:62:
         85:78:a6:d3:ed:42:50:f7:46:63:69:26:ba:f2:7c:b5:17:a2:
         22:d6:2b:07:dd:86:0f:d7:c3:1a:35:1c:8d:ce:b5:6f:5e:b2:
         64:75:c9:ce
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYzJuzh/imjeIeTHySVhNvWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2EzMTllYTUxYzgwMDNhYWQ5NGE4ZTI3Y2U2OTQ5MmFhMmUzM2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri3huZmjX1T7+iKm6QO7J0fWWGY9
HTnfh1FPjnP1NdHBSHUMpE4V6ffN72fn8SeAoUo9TWFFU0ySgm7KWJmNjwSjOuBO
b+dkHoyl7MpTUjHT8NMwxoRSg1Bf6XOr5hysEFkF1gIMIlzJts51YNQDEkqDwm+W
sqCic6vSDV9H5A2xwscTHvDQtoPJV+kkLvBm0p5uVixv49cumUHPhxGL/CtE8X/z
R1cd2J5VcHLLkEPJ8BSrftLcgzRuxO95YgkpKL5sapMLQUnrayh03Js9WnkZfIlk
cWzAWS25uERsxPbK7jI1OtrFrhelvJwQYvBKM07/64gyhVPIQjBtdyi7twIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFJyjGepRyAA6rZSo4nzmlJKqLjOoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwLzYxNDk0
Yy0wNzQ0LTQ5OTEtYWI2Ny0wYWQzYzc5NjJjMDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvNjE0OTRj
LTA3NDQtNDk5MS1hYjY3LTBhZDNjNzk2MmMwOS8xL25LTVo2bEhJQURxdGxLamlm
T2FVa3FvdU02Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUAKgCUgDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMAhxIwDQYJKoZIhvcNAQELBQADggEBADL9iXMO5SzpjcopYkNfgH7feTbL7iV9
3Wd9O/CNZu9izh2LL+KI0UVH9y7mkuU6mQp2/wbebn9vzY2w/t5PK4oEs3+eHLzQ
86urOpTDyvYvLJ1mKhBX53RbFDlURpKPEu045Jrdz46S9ELEvyjP9i4boG2tkJFA
ltvOGMp2ugbZhfIrLZoOhkUyKfZLZ/Paj1A4A/kUChRu6piYsAAeKASIrCF5BNM8
C3+O5u4N7EmTF5UI5Wm1jmTn/fqYIqidi8Ho6Oxj3GlOdj7ST1y6LJukcnFO+RgR
YoV4ptPtQlD3RmNpJrryfLUXoiLWKwfdhg/Xwxo1HI3OtW9esmR1yc4=
-----END CERTIFICATE-----