Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Iycd4-AQWavm0aWTxKJP9uGI1k8.cer
File:                     Iycd4-AQWavm0aWTxKJP9uGI1k8.cer (raw, json)
Hash identifier:          GHEUYXY9lWKhAUfvR3iPzr9YkWrw2KVtAdWbSmQoRcI=
Subject key identifier:   23:27:1D:E3:E0:10:59:AB:E6:D1:A5:93:C4:A2:4F:F6:E1:88:D6:4F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B25719BE508E542C043A23C7DA36B0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a3/3f7a06-2b45-4a0b-ba6c-958c376506ed/1/Iycd4-AQWavm0aWTxKJP9uGI1k8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a3/3f7a06-2b45-4a0b-ba6c-958c376506ed/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:43 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 211975
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:57:19:be:50:8e:54:2c:04:3a:23:c7:da:36:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23271de3e01059abe6d1a593c4a24ff6e188d64f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:51:ba:04:88:75:26:06:71:67:e7:ed:0a:2d:
                    2f:99:59:ef:eb:3a:62:24:6f:6d:43:58:0d:a7:33:
                    df:c0:3c:bc:73:f6:f2:24:ec:99:94:32:7a:92:e8:
                    5d:f1:b7:8e:b3:3d:3f:dc:3e:71:48:6c:e0:49:5c:
                    65:b5:fc:8d:1a:52:10:b7:d8:64:d4:a9:4e:57:21:
                    4d:e7:8a:dc:ed:c0:50:c4:35:90:f6:3e:5b:56:7f:
                    5f:80:93:2e:99:95:d7:3d:21:b1:27:44:5f:d2:46:
                    3f:d0:48:40:71:ca:8c:57:e7:f7:30:97:47:ef:c3:
                    7f:4c:74:13:46:fc:65:29:95:a4:a1:bc:8e:a6:5f:
                    f5:62:0f:01:89:5f:b0:8c:e1:cf:7f:85:9d:7b:06:
                    16:c7:10:10:7a:1b:ca:87:da:6b:ff:d1:99:2b:52:
                    59:69:3d:3f:09:e9:38:66:c3:80:91:6f:e0:8d:76:
                    82:d3:cc:e0:f2:5c:24:69:d2:b0:20:7c:da:91:a2:
                    04:c6:1b:ec:2b:cc:76:80:01:71:e6:5a:d0:53:88:
                    c0:2c:54:ac:94:9e:cc:81:90:eb:bc:af:5a:32:b5:
                    a1:44:bf:85:a0:51:30:20:73:fc:05:ad:9e:78:a0:
                    c0:96:cf:0b:e3:c4:37:e7:64:52:9b:a4:8d:2a:d1:
                    76:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:27:1D:E3:E0:10:59:AB:E6:D1:A5:93:C4:A2:4F:F6:E1:88:D6:4F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3f7a06-2b45-4a0b-ba6c-958c376506ed/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3f7a06-2b45-4a0b-ba6c-958c376506ed/1/Iycd4-AQWavm0aWTxKJP9uGI1k8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211975

    Signature Algorithm: sha256WithRSAEncryption
         32:a0:be:7b:c0:cf:81:1f:4b:75:f3:3b:dd:51:05:3d:ef:dc:
         f3:2f:0f:a9:ed:07:c1:77:70:f5:9d:01:f5:da:ca:e4:6a:f5:
         46:3f:ea:6a:39:3c:7e:f8:81:00:cc:f2:dd:53:09:68:56:45:
         d7:bd:cc:75:45:ef:97:a5:44:06:ee:f2:76:38:1a:d9:2e:2f:
         e5:f1:87:f8:55:9c:08:c6:f4:31:a3:18:87:d4:17:77:e6:01:
         0d:b1:7d:ba:7d:a4:8d:a2:30:09:d4:d1:78:8a:9e:9f:62:4e:
         1a:d1:fe:af:82:25:23:2b:4e:f4:19:3d:92:86:65:12:96:f1:
         6e:f7:f7:d4:81:f2:98:e2:ec:c2:1d:34:81:a8:e3:71:53:0f:
         a9:a0:31:24:33:62:74:3d:74:aa:f4:73:95:31:31:71:7d:cd:
         08:b2:ce:d5:02:34:72:80:ee:b7:0c:4d:8d:b0:26:82:ee:14:
         49:0f:c0:d1:3e:e9:9f:11:d4:31:d7:56:76:45:1f:ae:20:56:
         37:e3:d2:5e:11:e6:f2:3e:73:69:4d:5a:e4:3c:99:c5:02:b0:
         38:b9:ac:a5:3d:85:d9:80:ef:9e:67:2f:b7:ce:55:ca:ae:eb:
         8e:1d:9d:2e:f8:28:a8:3f:ee:71:c6:ec:ec:ef:8c:d8:aa:c8:
         b4:0b:e8:62
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQhslcZvlCOVCwEOiPH2jawMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzI3MWRlM2UwMTA1OWFiZTZkMWE1OTNjNGEyNGZmNmUxODhkNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41G6BIh1JgZxZ+ftCi0vmVnv6zpi
JG9tQ1gNpzPfwDy8c/byJOyZlDJ6kuhd8beOsz0/3D5xSGzgSVxltfyNGlIQt9hk
1KlOVyFN54rc7cBQxDWQ9j5bVn9fgJMumZXXPSGxJ0Rf0kY/0EhAccqMV+f3MJdH
78N/THQTRvxlKZWkobyOpl/1Yg8BiV+wjOHPf4WdewYWxxAQehvKh9pr/9GZK1JZ
aT0/Cek4ZsOAkW/gjXaC08zg8lwkadKwIHzakaIExhvsK8x2gAFx5lrQU4jALFSs
lJ7MgZDrvK9aMrWhRL+FoFEwIHP8Ba2eeKDAls8L48Q352RSm6SNKtF20QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCMnHePgEFmr5tGlk8SiT/bhiNZPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EzLzNmN2Ew
Ni0yYjQ1LTRhMGItYmE2Yy05NThjMzc2NTA2ZWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMvM2Y3YTA2
LTJiNDUtNGEwYi1iYTZjLTk1OGMzNzY1MDZlZC8xL0l5Y2Q0LUFRV2F2bTBhV1R4
S0pQOXVHSTFrOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM8BzANBgkqhkiG9w0BAQsFAAOCAQEAMqC+e8DPgR9L
dfM73VEFPe/c8y8Pqe0HwXdw9Z0B9drK5Gr1Rj/qajk8fviBAMzy3VMJaFZF173M
dUXvl6VEBu7ydjga2S4v5fGH+FWcCMb0MaMYh9QXd+YBDbF9un2kjaIwCdTReIqe
n2JOGtH+r4IlIytO9Bk9koZlEpbxbvf31IHymOLswh00gajjcVMPqaAxJDNidD10
qvRzlTExcX3NCLLO1QI0coDutwxNjbAmgu4USQ/A0T7pnxHUMddWdkUfriBWN+PS
XhHm8j5zaU1a5DyZxQKwOLmspT2F2YDvnmcvt85Vyq7rjh2dLvgoqD/uccbs7O+M
2KrItAvoYg==
-----END CERTIFICATE-----