Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PYUAvN5JaJnF0fqSTeTngn2ZFs4.cer
File:                     PYUAvN5JaJnF0fqSTeTngn2ZFs4.cer (raw, json)
Hash identifier:          gYkp/34zv7Hsa7G1tmjw903ynRv3u3dAKoT4xECZkpA=
Subject key identifier:   3D:85:00:BC:DE:49:68:99:C5:D1:FA:92:4D:E4:E7:82:7D:99:16:CE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424453006BC7DAA842A02B34756EACE74
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/62/419b5d-14aa-4e36-9df7-7526c9f05cd8/1/PYUAvN5JaJnF0fqSTeTngn2ZFs4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/62/419b5d-14aa-4e36-9df7-7526c9f05cd8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:48:21 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 25241
                          IP: 195.234.144.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:30:06:bc:7d:aa:84:2a:02:b3:47:56:ea:ce:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d8500bcde496899c5d1fa924de4e7827d9916ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d9:a4:05:90:71:ed:85:12:c5:f8:24:17:a9:
                    b3:6b:dc:be:67:c5:91:03:5c:3a:10:28:e5:27:e0:
                    b5:f2:90:9c:d1:d6:f3:1f:62:cc:0c:0e:34:75:60:
                    a6:72:92:6b:8d:45:f6:85:ac:66:3c:82:27:a8:05:
                    19:5e:2c:c7:2f:eb:41:60:64:00:95:3a:a5:92:28:
                    ec:db:1d:02:40:6a:4c:f6:80:e3:43:3f:c8:ca:64:
                    cf:9a:9c:b6:40:3e:04:4a:f2:1c:80:62:05:7a:2b:
                    76:a2:c2:90:b8:26:1c:0f:4b:58:a3:62:96:86:33:
                    27:1e:1e:2e:90:ef:67:b3:d2:82:d5:b2:4d:b9:70:
                    14:1d:c0:92:39:2e:ad:b5:5b:a7:99:e8:e7:ec:63:
                    ac:56:48:40:d6:4f:b8:54:79:9d:45:f3:b0:9d:1a:
                    b1:66:87:86:cd:4d:15:60:51:04:d9:bb:19:d0:d7:
                    33:95:74:07:8b:a1:7f:14:8c:2c:dc:aa:83:c9:f7:
                    a6:aa:bb:63:d2:51:8e:1c:a7:02:f9:3f:00:1f:79:
                    84:1a:a5:48:f5:e0:1c:79:be:fc:df:8c:a3:99:2e:
                    5a:03:31:95:e7:c6:a5:93:be:e5:f0:8a:01:c2:33:
                    22:f4:e0:f8:b2:ef:38:92:01:de:b8:bf:12:ab:4f:
                    06:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:85:00:BC:DE:49:68:99:C5:D1:FA:92:4D:E4:E7:82:7D:99:16:CE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/419b5d-14aa-4e36-9df7-7526c9f05cd8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/419b5d-14aa-4e36-9df7-7526c9f05cd8/1/PYUAvN5JaJnF0fqSTeTngn2ZFs4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.144.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25241

    Signature Algorithm: sha256WithRSAEncryption
         63:4a:c9:3b:ed:3d:1f:b9:84:95:79:fb:75:c7:5e:0d:0a:89:
         88:fa:88:6e:8b:f5:ef:85:be:a4:bd:12:ac:61:1a:49:a5:76:
         5b:c2:4c:99:da:39:45:be:11:b4:3e:52:63:c0:dd:36:68:35:
         bd:59:9f:28:a1:cf:bc:19:0c:bb:9f:ca:ec:f4:a6:56:ed:6a:
         08:45:76:d1:7c:26:dc:c7:41:a7:b9:8c:32:2f:1c:26:d8:53:
         c6:21:b1:e8:50:1c:4e:a5:11:e9:09:e5:87:54:cd:62:68:79:
         e5:78:2c:f2:29:3a:7d:db:43:66:77:de:02:7f:64:43:8a:c0:
         17:99:7e:30:87:60:ee:61:53:d1:b9:1c:b9:4f:4d:94:67:3a:
         d8:5c:18:83:aa:e0:a4:c5:e3:dd:eb:c4:6f:95:7d:23:65:5f:
         6a:6e:3f:92:2b:78:f4:3f:69:d4:e1:80:fe:3a:a1:73:1c:4e:
         cf:5c:f5:70:db:07:50:cc:39:16:43:08:05:09:be:35:c4:5f:
         c8:ad:bd:d6:6b:15:0f:14:17:56:de:24:af:df:6e:d6:ab:4f:
         3c:1e:f6:d7:70:06:69:b6:e6:f0:05:c9:f8:23:da:26:3c:00:
         b3:62:63:29:3d:a1:85:74:93:a3:8b:f3:35:6e:42:85:b1:ac:
         9f:76:12:af
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQkRTAGvH2qhCoCs0dW6s50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDg1MDBiY2RlNDk2ODk5YzVkMWZhOTI0ZGU0ZTc4MjdkOTkxNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtmkBZBx7YUSxfgkF6mza9y+Z8WR
A1w6ECjlJ+C18pCc0dbzH2LMDA40dWCmcpJrjUX2haxmPIInqAUZXizHL+tBYGQA
lTqlkijs2x0CQGpM9oDjQz/IymTPmpy2QD4ESvIcgGIFeit2osKQuCYcD0tYo2KW
hjMnHh4ukO9ns9KC1bJNuXAUHcCSOS6ttVunmejn7GOsVkhA1k+4VHmdRfOwnRqx
ZoeGzU0VYFEE2bsZ0NczlXQHi6F/FIws3KqDyfemqrtj0lGOHKcC+T8AH3mEGqVI
9eAceb7834yjmS5aAzGV58alk77l8IoBwjMi9OD4su84kgHeuL8Sq08G8wIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFD2FALzeSWiZxdH6kk3k54J9mRbOMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYyLzQxOWI1
ZC0xNGFhLTRlMzYtOWRmNy03NTI2YzlmMDVjZDgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIvNDE5YjVk
LTE0YWEtNGUzNi05ZGY3LTc1MjZjOWYwNWNkOC8xL1BZVUF2TjVKYUpuRjBmcVNU
ZVRuZ24yWkZzNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw+qQMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AmKZMA0GCSqGSIb3DQEBCwUAA4IBAQBjSsk77T0fuYSVeft1x14NComI+ohui/Xv
hb6kvRKsYRpJpXZbwkyZ2jlFvhG0PlJjwN02aDW9WZ8ooc+8GQy7n8rs9KZW7WoI
RXbRfCbcx0GnuYwyLxwm2FPGIbHoUBxOpRHpCeWHVM1iaHnleCzyKTp920Nmd94C
f2RDisAXmX4wh2DuYVPRuRy5T02UZzrYXBiDquCkxePd68RvlX0jZV9qbj+SK3j0
P2nU4YD+OqFzHE7PXPVw2wdQzDkWQwgFCb41xF/Irb3WaxUPFBdW3iSv327Wq088
HvbXcAZptubwBcn4I9omPACzYmMpPaGFdJOji/M1bkKFsayfdhKv
-----END CERTIFICATE-----