Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nXZQ5FO5j29N0zNjOv-ruiwMj4o.cer
File:                     nXZQ5FO5j29N0zNjOv-ruiwMj4o.cer (raw, json)
Hash identifier:          AZK7v7MLmWKe+eVnjlrB8+MJ1rY7SUbptAA/zq4M2gk=
Subject key identifier:   9D:76:50:E4:53:B9:8F:6F:4D:D3:33:63:3A:FF:AB:BA:2C:0C:8F:8A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196B5BFFBF74693A3FBE0B071981119645B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/88/6bfe53-80c3-4a35-9ecb-d241f9ec5041/1/nXZQ5FO5j29N0zNjOv-ruiwMj4o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/88/6bfe53-80c3-4a35-9ecb-d241f9ec5041/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 09 May 2025 15:53:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208723
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b5:bf:fb:f7:46:93:a3:fb:e0:b0:71:98:11:19:64:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May  9 15:53:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d7650e453b98f6f4dd333633affabba2c0c8f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:52:32:91:6d:4a:d0:60:ff:a3:37:39:ce:1d:
                    03:1d:c9:70:d3:19:dd:08:d5:46:20:c9:06:78:e5:
                    bb:17:65:65:59:d2:60:e0:50:91:ce:ce:f8:a8:d5:
                    21:3e:e7:3f:8a:e1:64:c0:08:f6:c4:2e:1b:03:1a:
                    b3:c3:e0:58:97:6f:68:9a:f5:9e:cd:95:62:39:76:
                    e2:e8:d8:71:d6:d3:38:42:05:47:78:9f:2b:67:3e:
                    12:cd:f7:bc:cf:c1:9b:4d:b5:8c:34:04:2d:eb:13:
                    d5:21:8e:3d:a9:61:26:e0:8f:75:77:01:4c:61:0c:
                    41:92:65:e3:ab:a5:67:36:07:02:b0:92:27:20:95:
                    f6:46:cd:76:4e:f2:4c:f3:b4:71:0d:0b:bc:d3:24:
                    9d:32:3c:bb:94:16:e8:ca:32:3b:fb:df:3c:f8:8c:
                    4b:4b:af:20:00:52:0d:e0:13:e5:63:4c:f8:19:da:
                    07:01:0f:b1:ec:c4:50:02:fb:ee:09:a8:5e:1e:38:
                    78:b0:19:86:b6:5d:1f:b4:51:6d:f0:60:23:d4:0a:
                    c2:3f:73:b3:06:e4:91:7d:b7:dd:a9:73:c1:84:45:
                    da:75:d9:1c:9c:83:e6:8f:cc:f7:be:20:aa:68:e1:
                    7c:4c:26:3a:ba:31:fd:6d:57:83:67:65:d1:73:4e:
                    dd:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:76:50:E4:53:B9:8F:6F:4D:D3:33:63:3A:FF:AB:BA:2C:0C:8F:8A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/6bfe53-80c3-4a35-9ecb-d241f9ec5041/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/6bfe53-80c3-4a35-9ecb-d241f9ec5041/1/nXZQ5FO5j29N0zNjOv-ruiwMj4o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208723

    Signature Algorithm: sha256WithRSAEncryption
         5b:ad:48:ee:f5:02:5d:52:34:28:27:84:32:e9:36:13:43:df:
         3e:de:4e:67:c3:56:c1:9d:af:14:43:0a:d4:1c:9c:ad:4c:c8:
         ab:6e:b9:4f:96:4c:3d:d0:8d:ff:a6:6f:a9:85:b7:b8:99:f6:
         43:06:85:48:8c:9e:27:f6:77:38:d4:89:19:ae:2e:7c:c5:25:
         d8:97:74:c3:db:c7:e6:70:e8:27:d7:dd:51:ab:35:b3:89:ed:
         65:6c:0c:4a:be:1b:c9:d5:87:f7:4e:fe:97:8e:95:19:8d:8d:
         0f:5d:8d:e8:6d:12:08:12:4b:5e:23:93:86:92:78:da:e3:45:
         55:37:77:44:74:2e:4b:e9:3b:2f:ee:d8:bc:3e:e8:06:c2:37:
         c2:50:05:6a:ac:94:de:ce:55:4c:73:33:b4:57:7f:df:93:97:
         d6:ae:4e:cb:e5:a9:37:1c:13:51:6c:f7:b8:2a:1d:49:c9:c9:
         a4:3b:7f:a0:d0:d1:e3:10:f9:a4:38:e5:0d:af:de:d1:b5:d4:
         45:0f:bb:cc:c2:f7:55:34:54:34:1e:d1:7b:af:f1:de:36:9b:
         d9:8b:68:dd:06:4c:99:b0:85:2b:29:6e:30:c3:3e:a0:1d:93:
         38:0a:62:8c:d8:d0:f5:a3:b3:01:0e:ec:1f:70:0b:68:f4:69:
         c5:ca:a9:ec
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZa1v/v3RpOj++CwcZgRGWRbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTA5MTU1MzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDc2NTBlNDUzYjk4ZjZmNGRkMzMzNjMzYWZmYWJiYTJjMGM4ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFIykW1K0GD/ozc5zh0DHclw0xnd
CNVGIMkGeOW7F2VlWdJg4FCRzs74qNUhPuc/iuFkwAj2xC4bAxqzw+BYl29omvWe
zZViOXbi6Nhx1tM4QgVHeJ8rZz4Szfe8z8GbTbWMNAQt6xPVIY49qWEm4I91dwFM
YQxBkmXjq6VnNgcCsJInIJX2Rs12TvJM87RxDQu80ySdMjy7lBboyjI7+988+IxL
S68gAFIN4BPlY0z4GdoHAQ+x7MRQAvvuCaheHjh4sBmGtl0ftFFt8GAj1ArCP3Oz
BuSRfbfdqXPBhEXaddkcnIPmj8z3viCqaOF8TCY6ujH9bVeDZ2XRc07dhwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJ12UORTuY9vTdMzYzr/q7osDI+KMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg4LzZiZmU1
My04MGMzLTRhMzUtOWVjYi1kMjQxZjllYzUwNDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgvNmJmZTUz
LTgwYzMtNGEzNS05ZWNiLWQyNDFmOWVjNTA0MS8xL25YWlE1Rk81ajI5TjB6TmpP
di1ydWl3TWo0by5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMvUzANBgkqhkiG9w0BAQsFAAOCAQEAW61I7vUCXVI0
KCeEMuk2E0PfPt5OZ8NWwZ2vFEMK1BycrUzIq265T5ZMPdCN/6ZvqYW3uJn2QwaF
SIyeJ/Z3ONSJGa4ufMUl2Jd0w9vH5nDoJ9fdUas1s4ntZWwMSr4bydWH907+l46V
GY2ND12N6G0SCBJLXiOThpJ42uNFVTd3RHQuS+k7L+7YvD7oBsI3wlAFaqyU3s5V
THMztFd/35OX1q5Oy+WpNxwTUWz3uCodScnJpDt/oNDR4xD5pDjlDa/e0bXURQ+7
zML3VTRUNB7Re6/x3jab2Yto3QZMmbCFKyluMMM+oB2TOApijNjQ9aOzAQ7sH3AL
aPRpxcqp7A==
-----END CERTIFICATE-----