Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nwSzzyTPS4GyIhFGoA8id7w0h4A.cer
File:                     nwSzzyTPS4GyIhFGoA8id7w0h4A.cer (raw, json)
Hash identifier:          e6hicncaY4sD7jFLbudFS/5zYJc6pm5YGsNpmPj3Nh8=
Subject key identifier:   9F:04:B3:CF:24:CF:4B:81:B2:22:11:46:A0:0F:22:77:BC:34:87:80
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56E9D3F8505C07BF534742C6991FBAB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/nwSzzyTPS4GyIhFGoA8id7w0h4A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 204567
                          IP: 185.175.220.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:9d:3f:85:05:c0:7b:f5:34:74:2c:69:91:fb:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f04b3cf24cf4b81b2221146a00f2277bc348780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:14:57:a0:0b:67:f2:c2:e1:aa:c3:b3:b6:dd:
                    80:c7:da:86:2a:f7:c8:3b:88:da:1e:a0:03:d0:94:
                    67:e7:ee:29:7f:d9:e5:70:1a:e8:0e:6e:07:36:d8:
                    29:35:5b:c7:28:ac:74:9d:c5:c2:31:d3:1b:8b:6f:
                    51:b3:f7:a1:12:e2:2b:40:fa:37:9f:5d:17:b0:03:
                    d9:f8:02:10:16:c4:ce:bb:7c:cd:7c:bd:19:6d:b0:
                    38:2b:f4:c3:0b:69:d4:50:2d:b3:15:79:2c:8b:0b:
                    01:a4:75:b4:55:8e:e8:b2:38:74:33:ba:21:e8:32:
                    06:63:7c:e2:08:76:96:10:56:da:f1:db:77:b3:2e:
                    eb:99:dc:03:b7:94:e5:5a:d0:88:86:44:24:90:2c:
                    60:82:44:0f:bc:bc:d9:5c:fd:81:00:79:21:10:c7:
                    cf:ad:fa:04:f3:3a:a7:f2:11:11:59:7b:48:81:23:
                    a5:36:1a:4c:68:47:b0:67:dd:2f:49:2e:25:4d:39:
                    43:a5:6a:58:fd:f6:2f:e4:41:56:b3:07:9a:bd:8c:
                    89:b6:c4:fe:14:57:9b:36:5a:dd:3c:45:47:b6:6b:
                    2e:f7:96:ed:cd:19:61:3d:dc:d3:0c:bf:38:79:f3:
                    05:34:c1:ae:93:b5:d6:43:66:1a:91:41:5d:23:57:
                    1b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:04:B3:CF:24:CF:4B:81:B2:22:11:46:A0:0F:22:77:BC:34:87:80
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/nwSzzyTPS4GyIhFGoA8id7w0h4A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.220.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204567

    Signature Algorithm: sha256WithRSAEncryption
         90:d0:7b:c8:34:36:a5:70:c2:ab:df:36:54:3b:a8:c3:53:a6:
         32:37:50:8b:e3:75:43:24:00:9d:a3:07:f6:8d:27:11:9f:de:
         02:9b:02:a8:80:15:b1:9e:6a:18:6d:9f:66:67:57:b5:1c:0d:
         d4:9d:63:8d:61:d8:96:80:1f:db:c6:cf:c7:07:00:80:d0:0b:
         92:93:c5:f6:22:ff:72:0a:4f:17:ec:1b:13:24:d4:bd:26:7b:
         cf:8d:b6:5e:6c:82:84:65:d2:2b:c0:b0:98:10:d0:82:cf:d6:
         2c:d2:e2:ac:f8:60:50:4a:ca:6b:25:53:a3:99:b8:d6:92:22:
         c0:2f:14:64:0f:21:c7:88:95:0e:27:11:39:c3:db:68:06:6a:
         c8:0c:33:a6:76:54:dc:53:38:cb:07:70:e6:40:6e:42:38:05:
         82:e3:bc:80:f1:9b:ab:91:ff:75:a3:2c:78:81:6f:7a:45:74:
         15:b3:19:b2:33:d6:28:ac:7d:cd:3e:b2:0a:67:2a:92:c9:13:
         85:86:81:e2:9e:a8:24:da:17:84:a6:c4:80:67:ca:ee:0e:87:
         22:79:41:0f:87:b3:1a:13:8b:52:b4:fd:18:18:8b:8a:6f:ff:
         83:8f:90:70:f4:35:12:a1:70:73:7e:93:da:a4:c1:43:d1:5d:
         ab:5b:88:b5
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFbp0/hQXAe/U0dCxpkfurMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjA0YjNjZjI0Y2Y0YjgxYjIyMjExNDZhMDBmMjI3N2JjMzQ4NzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxRXoAtn8sLhqsOztt2Ax9qGKvfI
O4jaHqAD0JRn5+4pf9nlcBroDm4HNtgpNVvHKKx0ncXCMdMbi29Rs/ehEuIrQPo3
n10XsAPZ+AIQFsTOu3zNfL0ZbbA4K/TDC2nUUC2zFXksiwsBpHW0VY7osjh0M7oh
6DIGY3ziCHaWEFba8dt3sy7rmdwDt5TlWtCIhkQkkCxggkQPvLzZXP2BAHkhEMfP
rfoE8zqn8hERWXtIgSOlNhpMaEewZ90vSS4lTTlDpWpY/fYv5EFWsweavYyJtsT+
FFebNlrdPEVHtmsu95btzRlhPdzTDL84efMFNMGuk7XWQ2YakUFdI1cbPwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJ8Es88kz0uBsiIRRqAPIne8NIeAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NmL2RhMzU4
Yy0yZTQ3LTQ0ZWMtYjBjNS0yYWQ5NjhiMzYyZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2YvZGEzNThj
LTJlNDctNDRlYy1iMGM1LTJhZDk2OGIzNjJkZS8xL253U3p6eVRQUzRHeUloRkdv
QThpZDd3MGg0QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCua/cMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMfFzANBgkqhkiG9w0BAQsFAAOCAQEAkNB7yDQ2pXDCq982VDuow1OmMjdQi+N1
QyQAnaMH9o0nEZ/eApsCqIAVsZ5qGG2fZmdXtRwN1J1jjWHYloAf28bPxwcAgNAL
kpPF9iL/cgpPF+wbEyTUvSZ7z422XmyChGXSK8CwmBDQgs/WLNLirPhgUErKayVT
o5m41pIiwC8UZA8hx4iVDicROcPbaAZqyAwzpnZU3FM4ywdw5kBuQjgFguO8gPGb
q5H/daMseIFvekV0FbMZsjPWKKx9zT6yCmcqkskThYaB4p6oJNoXhKbEgGfK7g6H
InlBD4ezGhOLUrT9GBiLim//g4+QcPQ1EqFwc36T2qTBQ9Fdq1uItQ==
-----END CERTIFICATE-----