Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nLxTKkq1Xwb3wbZwGSJPjczaZTQ.cer
File:                     nLxTKkq1Xwb3wbZwGSJPjczaZTQ.cer (raw, json)
Hash identifier:          z2o2cn2p5B1uDkQwRd1EVih8FXuZg4Ci2EG69BuPCIA=
Subject key identifier:   9C:BC:53:2A:4A:B5:5F:06:F7:C1:B6:70:19:22:4F:8D:CC:DA:65:34
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FB87D7E35F29C5BF99902439C26932
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/81/da5c0d-5944-4963-adec-fb66742045ed/1/nLxTKkq1Xwb3wbZwGSJPjczaZTQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/81/da5c0d-5944-4963-adec-fb66742045ed/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 207810
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:87:d7:e3:5f:29:c5:bf:99:90:24:39:c2:69:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cbc532a4ab55f06f7c1b67019224f8dccda6534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:cc:f3:d3:fe:8c:c7:05:61:34:9d:13:45:dd:
                    0d:62:6b:27:06:61:36:31:55:34:a3:6f:5d:c0:3d:
                    2b:ed:5f:d7:ee:04:4d:d7:91:05:81:23:33:8c:56:
                    c9:b7:3d:67:97:ff:5b:f0:e1:14:01:d8:3d:19:0b:
                    0f:90:16:a0:0b:75:0f:17:dc:4f:d1:71:53:36:67:
                    58:60:6e:a1:15:bd:6e:8e:ae:4a:eb:84:c2:85:29:
                    0b:e6:ea:a6:d8:4d:50:aa:ad:0f:bc:35:40:30:7c:
                    78:11:52:3d:8e:5e:f6:47:a5:49:e8:40:69:cf:35:
                    a3:44:cf:5b:dd:13:21:c0:a6:61:ce:3e:26:8b:dc:
                    b9:c1:96:13:82:c1:02:44:6a:cb:75:26:d3:18:e8:
                    90:42:53:48:dd:32:4e:66:64:ac:dc:43:b6:e5:ac:
                    6c:06:f8:98:f3:42:e2:54:29:c2:4f:bf:22:a1:0f:
                    00:03:a9:b5:01:77:b9:b2:04:2d:44:56:76:20:53:
                    2a:28:59:a1:24:a4:de:2e:0a:16:73:f2:19:bc:23:
                    f9:32:4d:9b:47:32:78:17:76:df:a3:cb:46:64:a0:
                    fd:61:46:12:ff:92:94:6b:c8:3e:36:e8:43:17:52:
                    e5:1a:ba:17:7d:81:f4:bd:aa:45:d4:4a:e7:26:81:
                    6c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:BC:53:2A:4A:B5:5F:06:F7:C1:B6:70:19:22:4F:8D:CC:DA:65:34
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/da5c0d-5944-4963-adec-fb66742045ed/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/da5c0d-5944-4963-adec-fb66742045ed/1/nLxTKkq1Xwb3wbZwGSJPjczaZTQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207810

    Signature Algorithm: sha256WithRSAEncryption
         6c:13:c6:03:c3:ec:df:ee:c5:06:d9:87:cb:8e:5b:6a:65:3a:
         89:64:15:62:6c:99:6c:9e:2a:e0:21:93:f5:79:d6:f2:fb:2e:
         97:8d:dc:6b:65:57:7f:3e:1c:85:af:af:d6:55:b0:6d:3e:2d:
         0b:b0:c0:6a:05:9c:1b:0f:ea:70:8a:d0:73:d9:4f:48:81:b9:
         c1:1f:37:e7:76:e4:1f:6e:af:6c:5e:61:2b:01:1b:3d:9b:97:
         40:8f:a2:1e:35:a4:46:ad:80:ad:b6:46:50:f7:ba:61:b2:3f:
         a6:ca:7b:7e:04:bd:9a:26:ad:37:cd:a3:7b:cd:74:fc:e8:75:
         28:ab:e0:b3:ce:3f:b4:9e:4d:25:24:a6:8a:28:94:83:2c:0b:
         37:b1:a2:1e:63:0e:fe:ac:52:93:64:36:c4:44:bd:7a:a8:4f:
         35:2f:67:ed:f2:5b:0a:7e:0b:bf:66:62:f7:c4:fd:53:f0:73:
         1e:13:a0:f0:f4:de:83:0d:2b:93:cd:71:a2:dc:89:d0:0e:1e:
         97:06:20:89:84:08:60:20:52:10:30:a7:7a:88:55:a2:88:6d:
         d9:5b:e4:ab:94:c0:4b:7c:37:98:7b:58:0f:df:8d:5e:8f:9b:
         da:90:11:bc:7b:00:5b:82:db:6c:86:75:d8:8d:15:9f:10:00:
         3d:84:42:e0
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQi+4fX418pxb+ZkCQ5wmkyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2JjNTMyYTRhYjU1ZjA2ZjdjMWI2NzAxOTIyNGY4ZGNjZGE2NTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48zz0/6MxwVhNJ0TRd0NYmsnBmE2
MVU0o29dwD0r7V/X7gRN15EFgSMzjFbJtz1nl/9b8OEUAdg9GQsPkBagC3UPF9xP
0XFTNmdYYG6hFb1ujq5K64TChSkL5uqm2E1Qqq0PvDVAMHx4EVI9jl72R6VJ6EBp
zzWjRM9b3RMhwKZhzj4mi9y5wZYTgsECRGrLdSbTGOiQQlNI3TJOZmSs3EO25axs
BviY80LiVCnCT78ioQ8AA6m1AXe5sgQtRFZ2IFMqKFmhJKTeLgoWc/IZvCP5Mk2b
RzJ4F3bfo8tGZKD9YUYS/5KUa8g+NuhDF1LlGroXfYH0vapF1ErnJoFsQwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJy8UypKtV8G98G2cBkiT43M2mU0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgxL2RhNWMw
ZC01OTQ0LTQ5NjMtYWRlYy1mYjY2NzQyMDQ1ZWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODEvZGE1YzBk
LTU5NDQtNDk2My1hZGVjLWZiNjY3NDIwNDVlZC8xL25MeFRLa3ExWHdiM3diWndH
U0pQamN6YVpUUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMrwjANBgkqhkiG9w0BAQsFAAOCAQEAbBPGA8Ps3+7F
BtmHy45bamU6iWQVYmyZbJ4q4CGT9XnW8vsul43ca2VXfz4cha+v1lWwbT4tC7DA
agWcGw/qcIrQc9lPSIG5wR8353bkH26vbF5hKwEbPZuXQI+iHjWkRq2ArbZGUPe6
YbI/psp7fgS9miatN82je810/Oh1KKvgs84/tJ5NJSSmiiiUgywLN7GiHmMO/qxS
k2Q2xES9eqhPNS9n7fJbCn4Lv2Zi98T9U/BzHhOg8PTegw0rk81xotyJ0A4elwYg
iYQIYCBSEDCneohVooht2Vvkq5TAS3w3mHtYD9+NXo+b2pARvHsAW4LbbIZ12I0V
nxAAPYRC4A==
-----END CERTIFICATE-----