Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2yXQP8GPL0LNpQOGneGU_YzCGqk.cer
File:                     2yXQP8GPL0LNpQOGneGU_YzCGqk.cer (raw, json)
Hash identifier:          U+1qfQgifFfCZnVyzArE0YKaapSf/xBU1ZZfsRG1M4M=
Subject key identifier:   DB:25:D0:3F:C1:8F:2F:42:CD:A5:03:86:9D:E1:94:FD:8C:C2:1A:A9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7270CB3048314F3E71AB2F26B91B29E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/2yXQP8GPL0LNpQOGneGU_YzCGqk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:14 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 197192
                          IP: 195.226.213.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:0c:b3:04:83:14:f3:e7:1a:b2:f2:6b:91:b2:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db25d03fc18f2f42cda503869de194fd8cc21aa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:34:5f:cc:2e:03:cf:5f:93:70:8d:f4:4b:5e:
                    c5:cc:3e:e5:3d:e1:e4:90:28:e2:b1:bd:a4:22:c3:
                    af:2f:8e:b7:80:28:2b:79:e5:bc:b5:5d:44:ce:c4:
                    06:80:42:e6:42:e0:d4:f2:71:db:55:a6:6d:76:4b:
                    03:f1:0e:b3:cf:c3:ed:a9:4c:35:8a:85:82:fc:65:
                    3a:61:be:a3:a4:b4:be:77:36:7c:0c:7c:44:80:1a:
                    4a:58:10:41:7c:81:00:a7:b9:55:d6:fc:f0:97:70:
                    35:29:68:83:89:c8:30:71:fa:2d:e8:4e:52:a6:ef:
                    ff:15:8c:e5:78:98:d2:27:65:85:1d:e2:78:12:84:
                    90:74:1e:d4:1d:20:3b:2c:f7:45:be:ad:59:a0:4c:
                    44:5b:6b:7f:44:97:1a:c2:62:43:bc:e4:74:e5:99:
                    5d:79:dc:e3:2b:93:d6:20:3a:83:29:d2:16:64:45:
                    b6:46:64:b9:e8:c6:d8:f3:5c:02:be:34:8d:62:f0:
                    69:0c:50:16:e9:25:7c:4d:bb:68:9b:2d:e3:ba:40:
                    d1:dd:68:f3:34:15:f9:18:98:9a:13:a2:9c:89:e6:
                    6c:a3:48:fe:c3:b1:fe:4e:26:2c:b4:d3:22:de:85:
                    28:08:dd:df:29:e5:62:22:61:8c:7a:36:a2:59:45:
                    ab:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:25:D0:3F:C1:8F:2F:42:CD:A5:03:86:9D:E1:94:FD:8C:C2:1A:A9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/2yXQP8GPL0LNpQOGneGU_YzCGqk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.213.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197192

    Signature Algorithm: sha256WithRSAEncryption
         94:d6:bb:28:51:32:b7:66:15:93:2e:75:1b:7a:f8:16:43:29:
         de:b3:aa:30:fa:58:c5:dd:d3:0b:72:ba:f6:12:bb:b0:f3:cc:
         d9:89:01:19:a4:56:ca:3a:28:79:2e:11:16:f7:88:e5:42:71:
         48:ea:bf:e4:44:f0:51:50:d5:65:03:7c:87:e1:53:02:66:de:
         08:a8:12:4f:87:e2:71:66:8c:dd:31:4f:0b:0e:8a:48:0c:49:
         7c:aa:80:93:a8:7b:17:f3:d7:6b:52:73:6a:01:8d:95:fb:7d:
         60:e7:1c:98:69:c2:bb:c4:85:00:10:56:74:76:0f:cc:54:07:
         88:ba:bd:e3:01:65:f7:05:7e:53:74:cf:39:81:aa:52:ea:59:
         a3:ca:ba:5e:10:95:9e:58:d0:77:78:01:3f:e3:b0:7a:e5:43:
         1b:e7:88:a8:37:7b:68:1e:62:89:27:35:ad:40:20:a0:83:48:
         4f:ee:a2:a9:2b:31:ab:e1:e6:f2:b8:43:93:97:c2:e3:ae:63:
         1d:7f:dd:b4:99:cf:d3:87:b9:f5:c4:f0:48:01:9d:2e:e9:cf:
         7f:65:ed:9a:db:c0:cf:92:28:29:2d:d4:dd:32:31:13:79:cc:
         cb:eb:2f:f9:d9:ec:db:b8:df:f9:f8:6a:20:81:7b:b8:8a:7e:
         11:66:dc:8e
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzHJwyzBIMU8+casvJrkbKeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjI1ZDAzZmMxOGYyZjQyY2RhNTAzODY5ZGUxOTRmZDhjYzIxYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjRfzC4Dz1+TcI30S17FzD7lPeHk
kCjisb2kIsOvL463gCgreeW8tV1EzsQGgELmQuDU8nHbVaZtdksD8Q6zz8PtqUw1
ioWC/GU6Yb6jpLS+dzZ8DHxEgBpKWBBBfIEAp7lV1vzwl3A1KWiDicgwcfot6E5S
pu//FYzleJjSJ2WFHeJ4EoSQdB7UHSA7LPdFvq1ZoExEW2t/RJcawmJDvOR05Zld
edzjK5PWIDqDKdIWZEW2RmS56MbY81wCvjSNYvBpDFAW6SV8Tbtomy3jukDR3Wjz
NBX5GJiaE6KcieZso0j+w7H+TiYstNMi3oUoCN3fKeViImGMejaiWUWrmwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFNsl0D/Bjy9CzaUDhp3hlP2MwhqpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IwLzVjMjJj
Ni03ZGMzLTRjOGMtODJhYy05MzYxNzVhZDJlYjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAvNWMyMmM2
LTdkYzMtNGM4Yy04MmFjLTkzNjE3NWFkMmViMC8xLzJ5WFFQOEdQTDBMTnBRT0du
ZUdVX1l6Q0dxay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw+LVMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMCSDANBgkqhkiG9w0BAQsFAAOCAQEAlNa7KFEyt2YVky51G3r4FkMp3rOqMPpY
xd3TC3K69hK7sPPM2YkBGaRWyjooeS4RFveI5UJxSOq/5ETwUVDVZQN8h+FTAmbe
CKgST4ficWaM3TFPCw6KSAxJfKqAk6h7F/PXa1JzagGNlft9YOccmGnCu8SFABBW
dHYPzFQHiLq94wFl9wV+U3TPOYGqUupZo8q6XhCVnljQd3gBP+OweuVDG+eIqDd7
aB5iiSc1rUAgoINIT+6iqSsxq+Hm8rhDk5fC465jHX/dtJnP04e59cTwSAGdLunP
f2XtmtvAz5IoKS3U3TIxE3nMy+sv+dns27jf+fhqIIF7uIp+EWbcjg==
-----END CERTIFICATE-----