Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nPMilEsEi3BX5F7SyzQbVg4KxsM.cer
File:                     nPMilEsEi3BX5F7SyzQbVg4KxsM.cer (raw, json)
Hash identifier:          7v33H/HXmUr5z/DkdDnjWY9Wp3qk0gUg9i4hfbRQo/M=
Subject key identifier:   9C:F3:22:94:4B:04:8B:70:57:E4:5E:D2:CB:34:1B:56:0E:0A:C6:C3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C534D5FA8C4229F930FFC7684A936
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fd/fad06c-f368-46ab-ae79-b3c5c0933d97/1/nPMilEsEi3BX5F7SyzQbVg4KxsM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fd/fad06c-f368-46ab-ae79-b3c5c0933d97/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:57 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 57149
                          IP: 91.229.2.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:53:4d:5f:a8:c4:22:9f:93:0f:fc:76:84:a9:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cf322944b048b7057e45ed2cb341b560e0ac6c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d3:a2:c9:8a:eb:f2:bb:b1:6b:9f:88:de:80:
                    bb:9a:60:f2:a5:b5:68:42:c4:69:f4:83:84:97:17:
                    04:5c:cc:bd:b4:a2:3f:dd:64:ac:f8:59:99:ed:64:
                    d1:69:24:a3:91:51:b0:2b:13:79:0a:4c:3f:28:16:
                    21:e0:ba:57:03:91:d9:34:69:7f:35:26:e2:05:14:
                    90:68:9a:91:f4:b2:21:3d:76:14:e5:12:5b:4f:00:
                    ac:f9:b6:c6:ee:ef:3e:94:3e:2d:3a:d6:26:1d:2e:
                    80:b3:7e:d0:9d:c7:9d:0d:77:03:89:c0:38:30:3c:
                    c5:27:37:1f:33:e1:2e:5e:45:19:7c:72:72:bb:c9:
                    45:c8:72:06:e6:5e:8a:dd:24:0a:f0:25:35:c6:b2:
                    07:9a:33:50:f9:21:05:df:d2:07:89:04:ef:3f:25:
                    79:e8:02:54:1b:fb:25:53:a6:5c:aa:e2:fa:72:67:
                    11:7d:b1:7d:ee:2c:1d:fd:cd:fc:4a:b9:44:e5:4b:
                    b5:fb:d6:a9:84:fc:42:54:ef:27:dc:9a:01:ad:ff:
                    be:62:93:f8:6a:54:48:af:f6:9d:66:7a:bd:55:ff:
                    3f:99:63:f5:39:24:b9:b2:86:34:8c:e5:b1:a6:03:
                    65:b2:0c:41:55:86:8d:1a:80:c9:8e:39:08:0b:a4:
                    bc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:F3:22:94:4B:04:8B:70:57:E4:5E:D2:CB:34:1B:56:0E:0A:C6:C3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fad06c-f368-46ab-ae79-b3c5c0933d97/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fad06c-f368-46ab-ae79-b3c5c0933d97/1/nPMilEsEi3BX5F7SyzQbVg4KxsM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.2.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57149

    Signature Algorithm: sha256WithRSAEncryption
         72:f3:8f:f3:e7:08:e9:ee:6d:4f:0f:58:21:39:ae:8d:28:cb:
         09:fc:fd:72:f8:dc:74:88:6c:2d:a9:32:f3:5d:86:59:d0:65:
         fc:56:4c:ed:5a:86:b0:72:08:90:fd:e2:3a:d5:3b:18:86:7c:
         9b:c2:da:0e:d8:28:41:4c:c0:5e:99:aa:b1:9c:f6:de:09:a2:
         69:b3:eb:28:e6:ac:97:27:41:6c:61:fd:49:10:73:3d:bb:71:
         3a:5b:a0:80:ba:3a:ad:2a:57:e1:2e:ac:2c:af:97:6b:55:b2:
         bc:76:de:db:7a:aa:0c:e8:77:63:ec:59:47:08:26:88:fe:ff:
         72:e6:cb:4a:de:92:fc:f6:e3:3c:eb:fc:84:e2:45:e1:8c:5a:
         61:ad:d6:6b:5a:22:d3:11:47:f8:6a:5b:8a:8b:46:48:6b:47:
         c0:7c:d5:59:10:73:9f:71:eb:0b:e6:a7:7d:f0:9a:be:6d:86:
         9c:09:c4:2d:71:01:f2:45:3d:5c:5b:44:eb:a1:b2:43:12:15:
         5f:9b:6d:47:fc:2f:4f:47:3c:b1:25:ef:b0:a5:17:40:98:30:
         c4:a8:bc:fc:a1:f5:de:44:96:af:15:22:a8:c9:93:2c:d7:81:
         15:01:f3:39:f1:6d:91:07:79:d5:65:35:fc:36:69:fd:f2:cb:
         83:4f:59:38
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQfjFNNX6jEIp+TD/x2hKk2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2YzMjI5NDRiMDQ4YjcwNTdlNDVlZDJjYjM0MWI1NjBlMGFjNmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9OiyYrr8ruxa5+I3oC7mmDypbVo
QsRp9IOElxcEXMy9tKI/3WSs+FmZ7WTRaSSjkVGwKxN5Ckw/KBYh4LpXA5HZNGl/
NSbiBRSQaJqR9LIhPXYU5RJbTwCs+bbG7u8+lD4tOtYmHS6As37QncedDXcDicA4
MDzFJzcfM+EuXkUZfHJyu8lFyHIG5l6K3SQK8CU1xrIHmjNQ+SEF39IHiQTvPyV5
6AJUG/slU6ZcquL6cmcRfbF97iwd/c38SrlE5Uu1+9aphPxCVO8n3JoBrf++YpP4
alRIr/adZnq9Vf8/mWP1OSS5soY0jOWxpgNlsgxBVYaNGoDJjjkIC6S8LwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJzzIpRLBItwV+Re0ss0G1YOCsbDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZkL2ZhZDA2
Yy1mMzY4LTQ2YWItYWU3OS1iM2M1YzA5MzNkOTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQvZmFkMDZj
LWYzNjgtNDZhYi1hZTc5LWIzYzVjMDkzM2Q5Ny8xL25QTWlsRXNFaTNCWDVGN1N5
elFiVmc0S3hzTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+UCMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDfPTANBgkqhkiG9w0BAQsFAAOCAQEAcvOP8+cI6e5tTw9YITmujSjLCfz9cvjc
dIhsLaky812GWdBl/FZM7VqGsHIIkP3iOtU7GIZ8m8LaDtgoQUzAXpmqsZz23gmi
abPrKOaslydBbGH9SRBzPbtxOluggLo6rSpX4S6sLK+Xa1WyvHbe23qqDOh3Y+xZ
RwgmiP7/cubLSt6S/PbjPOv8hOJF4YxaYa3Wa1oi0xFH+GpbiotGSGtHwHzVWRBz
n3HrC+anffCavm2GnAnELXEB8kU9XFtE66GyQxIVX5ttR/wvT0c8sSXvsKUXQJgw
xKi8/KH13kSWrxUiqMmTLNeBFQHzOfFtkQd51WU1/DZp/fLLg09ZOA==
-----END CERTIFICATE-----