Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NW2albrOGXhcQGR2Y_MdkFYmHC8.cer
File:                     NW2albrOGXhcQGR2Y_MdkFYmHC8.cer (raw, json)
Hash identifier:          ZZA8I0o8wlUF+j13RHo2WbZBtRtB6G5VFlZxeg1WGyU=
Subject key identifier:   35:6D:9A:95:BA:CE:19:78:5C:40:64:76:63:F3:1D:90:56:26:1C:2F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01977CE25D78CB7323CEAAFD9269D6A8498A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/NW2albrOGXhcQGR2Y_MdkFYmHC8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 17 Jun 2025 07:54:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.32.192.0/22
                          IP: 2a04:5840::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 06:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7c:e2:5d:78:cb:73:23:ce:aa:fd:92:69:d6:a8:49:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 17 07:54:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=356d9a95bace19785c40647663f31d9056261c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:47:13:f8:80:e6:ad:96:b2:a5:3a:22:30:f4:
                    4a:51:d2:3e:ed:43:8a:dd:14:c7:8b:1a:99:fe:f7:
                    4a:a7:0a:84:24:01:73:c3:b9:b7:2f:7b:55:9b:5a:
                    36:69:7f:0a:48:a8:fa:75:28:7d:e9:89:99:16:59:
                    eb:f0:f9:10:36:e9:a1:40:cf:79:31:e5:2f:86:f1:
                    0b:28:82:82:a1:ea:ec:b9:bf:dd:12:0d:b0:9d:f9:
                    85:97:9a:77:98:5f:b2:43:8f:90:d3:f0:d1:de:77:
                    24:9f:b1:5c:92:01:ab:0b:6c:8a:c6:12:dc:6a:d1:
                    50:08:90:8f:60:de:82:e1:c3:7c:7e:28:90:d4:8b:
                    d8:8f:9b:c9:15:4a:bd:8d:13:96:2d:c5:ba:90:ef:
                    28:a6:f1:cb:f9:6d:f4:df:7b:d2:0a:ab:5c:07:ed:
                    93:e9:fd:be:82:b8:82:13:17:14:32:29:3c:ab:33:
                    07:d3:80:70:31:a2:89:91:89:cd:f0:9d:52:88:53:
                    66:87:98:a5:bf:9f:73:ae:12:64:52:24:2d:cc:cc:
                    d9:c0:38:71:07:88:8a:d8:8a:7a:f0:f5:92:a7:dc:
                    92:60:a0:1f:5f:7d:cf:7c:db:8e:7d:78:14:4f:b0:
                    9a:b2:10:ee:f4:6a:12:e0:f3:a6:19:64:dc:2a:2b:
                    ad:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:6D:9A:95:BA:CE:19:78:5C:40:64:76:63:F3:1D:90:56:26:1C:2F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/NW2albrOGXhcQGR2Y_MdkFYmHC8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.192.0/22
                IPv6:
                  2a04:5840::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:ac:3f:30:30:8f:d0:e7:37:62:d4:35:c4:b1:d5:c7:b3:2a:
         8f:ed:d2:08:85:6b:38:0b:65:81:8a:e6:9a:df:b7:66:1b:e6:
         32:ff:dc:0c:85:d7:a5:f0:a2:84:22:2f:e1:9e:5b:29:be:fb:
         67:7c:f0:02:24:99:fd:62:d8:42:25:0b:42:2f:c0:f2:5c:a1:
         cf:42:46:9e:f7:41:79:1e:24:1f:37:bb:e0:72:92:60:8e:d9:
         55:ac:13:2e:21:fc:e4:29:5f:4d:f8:83:3b:a0:6b:b7:19:19:
         a1:af:fc:0f:1c:03:85:2b:6a:b4:a9:d0:e5:af:2b:5b:42:0d:
         39:99:55:26:41:22:e1:e0:8d:d4:03:ad:21:bc:07:b5:2b:e0:
         e1:80:5d:79:1a:c9:d2:30:84:72:50:b4:42:c5:db:60:23:dd:
         db:40:78:49:38:33:8c:5b:a2:bf:42:78:de:5e:6c:96:2e:37:
         05:a6:f1:3e:6e:17:73:dd:aa:7d:e3:b0:a4:78:27:21:ef:67:
         be:92:17:b2:7c:f3:55:5d:0c:4a:8c:b1:7d:b5:96:3d:8a:8e:
         6c:e0:57:a2:d3:1a:94:81:2d:12:de:e1:6f:b6:e9:2b:63:f9:
         ac:44:9b:9b:a7:6c:e9:13:77:e3:b4:83:cc:83:b8:e2:a3:f0:
         39:49:62:50
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZd84l14y3Mjzqr9kmnWqEmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNjE3MDc1NDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTZkOWE5NWJhY2UxOTc4NWM0MDY0NzY2M2YzMWQ5MDU2MjYxYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUcT+IDmrZaypToiMPRKUdI+7UOK
3RTHixqZ/vdKpwqEJAFzw7m3L3tVm1o2aX8KSKj6dSh96YmZFlnr8PkQNumhQM95
MeUvhvELKIKCoersub/dEg2wnfmFl5p3mF+yQ4+Q0/DR3nckn7FckgGrC2yKxhLc
atFQCJCPYN6C4cN8fiiQ1IvYj5vJFUq9jROWLcW6kO8opvHL+W3033vSCqtcB+2T
6f2+griCExcUMik8qzMH04BwMaKJkYnN8J1SiFNmh5ilv59zrhJkUiQtzMzZwDhx
B4iK2Ip68PWSp9ySYKAfX33PfNuOfXgUT7CashDu9GoS4POmGWTcKiut4wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDVtmpW6zhl4XEBkdmPzHZBWJhwvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JhL2RkOWM5
MC0zMWE5LTQ5OTUtOWRhMy00ZWZkZTZlYjMyZDQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmEvZGQ5Yzkw
LTMxYTktNDk5NS05ZGEzLTRlZmRlNmViMzJkNC8xL05XMmFsYnJPR1hoY1FHUjJZ
X01ka0ZZbUhDOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuSDAMA0EAgACMAcDBQMqBFhAMA0GCSqGSIb3
DQEBCwUAA4IBAQCMrD8wMI/Q5zdi1DXEsdXHsyqP7dIIhWs4C2WBiuaa37dmG+Yy
/9wMhdel8KKEIi/hnlspvvtnfPACJJn9YthCJQtCL8DyXKHPQkae90F5HiQfN7vg
cpJgjtlVrBMuIfzkKV9N+IM7oGu3GRmhr/wPHAOFK2q0qdDlrytbQg05mVUmQSLh
4I3UA60hvAe1K+DhgF15GsnSMIRyULRCxdtgI93bQHhJODOMW6K/QnjeXmyWLjcF
pvE+bhdz3ap947CkeCch72e+kheyfPNVXQxKjLF9tZY9io5s4Fei0xqUgS0S3uFv
tukrY/msRJubp2zpE3fjtIPMg7jio/A5SWJQ
-----END CERTIFICATE-----