Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nj8Vea4XZmLWY6ODTA_vgkzuAzw.cer
File:                     nj8Vea4XZmLWY6ODTA_vgkzuAzw.cer (raw, json)
Hash identifier:          Bsmi+EPnxa0S4b6Yt0X88eYfnXeK0glZZ5jxcVTWm20=
Subject key identifier:   9E:3F:15:79:AE:17:66:62:D6:63:A3:83:4C:0F:EF:82:4C:EE:03:3C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228E35E9B4AD8BEC079A8A126C9D0E60
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/39/962840-5169-4ff3-89f9-480734e38da8/1/nj8Vea4XZmLWY6ODTA_vgkzuAzw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/39/962840-5169-4ff3-89f9-480734e38da8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:52 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214154
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:35:e9:b4:ad:8b:ec:07:9a:8a:12:6c:9d:0e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e3f1579ae176662d663a3834c0fef824cee033c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:bd:7b:1d:51:c2:96:b1:30:d5:27:20:27:aa:
                    16:f8:d6:1f:58:fb:1d:b9:55:dd:a0:21:a6:2c:60:
                    a1:b1:7e:ec:26:c9:94:ae:6b:a5:47:da:a6:b1:f6:
                    c5:53:0e:ad:c6:86:76:db:c6:13:2a:f4:c6:d8:c9:
                    c9:6d:53:ed:4d:6b:08:35:92:0b:5a:4c:e3:31:88:
                    e6:07:67:67:c7:4c:84:79:e7:70:e3:23:7f:e6:15:
                    4e:6c:28:25:5b:dd:06:4e:09:8b:29:89:67:2b:a7:
                    88:61:5f:99:61:92:a8:34:5f:b3:7d:74:56:d3:e5:
                    b6:92:9a:66:53:91:f3:43:01:e7:80:ea:76:37:46:
                    be:52:97:09:39:70:42:c7:9a:a0:d2:10:5f:c4:cc:
                    10:15:e5:7c:fb:9e:e1:85:23:a9:00:86:79:51:6c:
                    1f:11:98:35:99:66:01:8f:e1:be:a5:df:f2:9a:aa:
                    7b:fb:58:a2:00:dc:7d:e9:50:f1:d4:a0:5a:c7:6f:
                    4c:72:6a:f7:d9:d1:3c:8f:00:4f:78:77:93:66:ed:
                    7a:f2:ff:0f:23:a6:68:3b:0a:24:08:e7:f6:ef:b4:
                    4d:08:dc:02:5f:13:78:80:13:b3:fc:ec:45:06:f3:
                    35:0d:43:78:ae:7e:b9:be:cb:4e:8e:aa:a4:73:1d:
                    72:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:3F:15:79:AE:17:66:62:D6:63:A3:83:4C:0F:EF:82:4C:EE:03:3C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/962840-5169-4ff3-89f9-480734e38da8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/962840-5169-4ff3-89f9-480734e38da8/1/nj8Vea4XZmLWY6ODTA_vgkzuAzw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214154

    Signature Algorithm: sha256WithRSAEncryption
         a7:32:79:96:39:01:11:77:e6:37:3f:51:64:8c:94:22:7f:f8:
         40:dc:15:a7:0c:6c:78:32:a3:16:5c:83:67:5b:b1:a9:f9:14:
         52:05:c0:d7:9a:68:fc:f9:ab:5d:fb:fb:76:e0:8f:f3:ac:a5:
         c4:9c:16:aa:2b:1e:c6:89:ca:f3:91:b1:ef:64:26:5c:71:2a:
         9f:31:59:1a:7c:ca:02:5f:e4:82:af:c0:16:88:a9:36:0e:fe:
         34:4d:d8:f4:7f:9b:ba:3d:58:97:47:ba:ff:a5:6e:f8:40:3e:
         56:da:9c:ae:14:bb:d0:3d:04:c3:20:18:05:d5:3b:04:6f:3a:
         28:a8:ff:5a:8e:5e:b3:9f:02:ee:f6:38:65:dc:52:f2:67:c7:
         d1:d3:f8:9c:7b:58:ff:cd:45:e9:77:7c:7f:aa:44:a5:e1:08:
         9a:19:85:43:4a:06:01:31:db:f5:d7:64:f5:b4:b9:4d:ca:3f:
         40:a1:d3:47:7d:f1:b7:b6:45:a3:cc:ac:6f:0a:a0:d5:72:9c:
         66:9a:9b:97:fc:c7:3c:69:b6:c5:42:b2:fe:c1:20:83:34:4d:
         94:93:b7:d6:7b:13:67:c3:2d:69:c5:c7:da:45:92:a0:dc:d9:
         2f:20:80:a4:85:8f:0a:83:68:c9:17:5f:51:6f:63:a3:28:8f:
         52:b8:07:e6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQijjXptK2L7AeaihJsnQ5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTNmMTU3OWFlMTc2NjYyZDY2M2EzODM0YzBmZWY4MjRjZWUwMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmb17HVHClrEw1ScgJ6oW+NYfWPsd
uVXdoCGmLGChsX7sJsmUrmulR9qmsfbFUw6txoZ228YTKvTG2MnJbVPtTWsINZIL
WkzjMYjmB2dnx0yEeedw4yN/5hVObCglW90GTgmLKYlnK6eIYV+ZYZKoNF+zfXRW
0+W2kppmU5HzQwHngOp2N0a+UpcJOXBCx5qg0hBfxMwQFeV8+57hhSOpAIZ5UWwf
EZg1mWYBj+G+pd/ymqp7+1iiANx96VDx1KBax29Mcmr32dE8jwBPeHeTZu168v8P
I6ZoOwokCOf277RNCNwCXxN4gBOz/OxFBvM1DUN4rn65vstOjqqkcx1yCQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJ4/FXmuF2Zi1mOjg0wP74JM7gM8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM5Lzk2Mjg0
MC01MTY5LTRmZjMtODlmOS00ODA3MzRlMzhkYTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkvOTYyODQw
LTUxNjktNGZmMy04OWY5LTQ4MDczNGUzOGRhOC8xL25qOFZlYTRYWm1MV1k2T0RU
QV92Z2t6dUF6dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNEijANBgkqhkiG9w0BAQsFAAOCAQEApzJ5ljkBEXfm
Nz9RZIyUIn/4QNwVpwxseDKjFlyDZ1uxqfkUUgXA15po/PmrXfv7duCP86ylxJwW
qisexonK85Gx72QmXHEqnzFZGnzKAl/kgq/AFoipNg7+NE3Y9H+buj1Yl0e6/6Vu
+EA+VtqcrhS70D0EwyAYBdU7BG86KKj/Wo5es58C7vY4ZdxS8mfH0dP4nHtY/81F
6Xd8f6pEpeEImhmFQ0oGATHb9ddk9bS5Tco/QKHTR33xt7ZFo8ysbwqg1XKcZpqb
l/zHPGm2xUKy/sEggzRNlJO31nsTZ8MtacXH2kWSoNzZLyCApIWPCoNoyRdfUW9j
oyiPUrgH5g==
-----END CERTIFICATE-----