Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Y3EI4NGZkv3Av7bicTcwT9VDQ20.cer
File:                     Y3EI4NGZkv3Av7bicTcwT9VDQ20.cer (raw, json)
Hash identifier:          qsxYX93MEpXuqfFRTyRdUG/j+GRWGG1eVvHjzGDBtWo=
Subject key identifier:   63:71:08:E0:D1:99:92:FD:C0:BF:B6:E2:71:37:30:4F:D5:43:43:6D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4933F33C152E6AB0BF38AB37E6A6136
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ef/185b1b-9885-4de6-bc5f-b9121a6f7189/1/Y3EI4NGZkv3Av7bicTcwT9VDQ20.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ef/185b1b-9885-4de6-bc5f-b9121a6f7189/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:30:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.238.253.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3f:33:c1:52:e6:ab:0b:f3:8a:b3:7e:6a:61:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=637108e0d19992fdc0bfb6e27137304fd543436d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:20:80:1d:b6:f1:83:2a:39:fe:1c:9e:91:95:
                    14:bf:4a:e1:32:6a:7b:b8:40:7a:ef:df:a5:6c:39:
                    ad:da:74:d4:bf:2e:34:f2:a5:55:02:5c:37:8b:a3:
                    f0:0d:d8:55:74:43:58:79:70:80:7b:f1:2d:e2:86:
                    32:eb:33:7a:1f:c6:3c:62:07:87:b8:7c:9f:59:e0:
                    16:b9:70:3f:ea:e9:8d:39:50:34:fe:a7:6c:00:fe:
                    31:a7:07:03:9a:9e:14:a4:74:f5:e4:47:e8:6f:15:
                    fb:c9:b6:6f:8e:03:63:24:43:62:a7:8b:71:78:5f:
                    57:71:56:0b:7f:a9:c6:68:90:ef:e0:4e:ef:85:4d:
                    94:18:10:cd:9b:25:e4:6c:e7:01:35:b7:59:e6:2c:
                    05:a4:b1:97:17:49:92:e6:9d:b1:84:2e:2a:b1:3d:
                    6d:74:6d:ac:00:fc:7e:85:a5:6c:10:03:a3:02:ad:
                    15:56:45:a1:12:99:1a:2c:9a:d9:c1:13:85:1f:22:
                    5d:46:1a:a8:82:4f:1f:cc:9c:4d:2c:eb:19:35:ad:
                    98:0b:5d:f9:ac:a0:00:2b:19:2c:26:a5:2e:96:03:
                    ae:6d:d8:32:2e:27:19:97:17:2f:92:ac:87:74:0f:
                    fa:e9:68:ed:e0:72:fd:6e:75:dc:61:97:34:57:df:
                    3c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:71:08:E0:D1:99:92:FD:C0:BF:B6:E2:71:37:30:4F:D5:43:43:6D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/185b1b-9885-4de6-bc5f-b9121a6f7189/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/185b1b-9885-4de6-bc5f-b9121a6f7189/1/Y3EI4NGZkv3Av7bicTcwT9VDQ20.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:46:2e:19:fc:57:63:65:d2:2b:24:a0:73:3b:c5:bb:ad:02:
         89:4e:c9:10:e5:cb:5f:0e:af:4e:aa:27:eb:c2:00:3f:6d:1b:
         e6:bd:74:52:16:1e:b5:be:0a:e3:86:54:e3:e9:99:19:67:8c:
         f5:50:cb:a7:ce:a5:5f:fc:20:a3:c0:10:00:05:73:dc:a1:ff:
         1b:6b:dc:46:9e:6e:5d:16:1a:ea:e5:bf:ce:40:a3:91:e4:3d:
         a7:72:2d:1a:55:62:02:8f:42:fe:b7:40:68:55:cf:a7:3e:7a:
         3b:60:ea:f8:0f:c2:79:33:2e:33:30:c9:08:b2:e4:2b:16:9c:
         3a:88:bc:d9:d0:cb:6e:1b:88:5c:16:a3:d5:58:ff:08:21:d5:
         54:21:73:11:71:20:ff:81:52:59:29:1b:3a:75:e6:9f:21:14:
         64:6a:8c:17:f3:05:86:67:99:61:e9:51:a4:7a:b8:a2:02:17:
         bb:08:c5:44:f3:41:67:15:1c:ef:36:1a:02:7e:98:cd:76:dc:
         e7:a2:45:c7:92:32:d7:55:87:26:da:49:f6:a0:57:4e:c1:0e:
         40:79:f5:24:06:73:73:86:aa:92:f6:28:0d:68:c6:24:4b:9e:
         5a:76:3a:3b:82:6b:d0:e8:17:12:16:29:41:5b:da:31:2d:83:
         6e:0b:cc:f2
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEkz8zwVLmqwvzirN+amE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzcxMDhlMGQxOTk5MmZkYzBiZmI2ZTI3MTM3MzA0ZmQ1NDM0MzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSCAHbbxgyo5/hyekZUUv0rhMmp7
uEB679+lbDmt2nTUvy408qVVAlw3i6PwDdhVdENYeXCAe/Et4oYy6zN6H8Y8YgeH
uHyfWeAWuXA/6umNOVA0/qdsAP4xpwcDmp4UpHT15EfobxX7ybZvjgNjJENip4tx
eF9XcVYLf6nGaJDv4E7vhU2UGBDNmyXkbOcBNbdZ5iwFpLGXF0mS5p2xhC4qsT1t
dG2sAPx+haVsEAOjAq0VVkWhEpkaLJrZwROFHyJdRhqogk8fzJxNLOsZNa2YC135
rKAAKxksJqUulgOubdgyLicZlxcvkqyHdA/66Wjt4HL9bnXcYZc0V9882QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGNxCODRmZL9wL+24nE3ME/VQ0NtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VmLzE4NWIx
Yi05ODg1LTRkZTYtYmM1Zi1iOTEyMWE2ZjcxODkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWYvMTg1YjFi
LTk4ODUtNGRlNi1iYzVmLWI5MTIxYTZmNzE4OS8xL1kzRUk0Tkdaa3YzQXY3Ymlj
VGN3VDlWRFEyMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw+79MA0GCSqGSIb3DQEBCwUAA4IBAQAVRi4Z
/FdjZdIrJKBzO8W7rQKJTskQ5ctfDq9OqifrwgA/bRvmvXRSFh61vgrjhlTj6ZkZ
Z4z1UMunzqVf/CCjwBAABXPcof8ba9xGnm5dFhrq5b/OQKOR5D2nci0aVWICj0L+
t0BoVc+nPno7YOr4D8J5My4zMMkIsuQrFpw6iLzZ0MtuG4hcFqPVWP8IIdVUIXMR
cSD/gVJZKRs6deafIRRkaowX8wWGZ5lh6VGkeriiAhe7CMVE80FnFRzvNhoCfpjN
dtznokXHkjLXVYcm2kn2oFdOwQ5AefUkBnNzhqqS9igNaMYkS55adjo7gmvQ6BcS
FilBW9oxLYNuC8zy
-----END CERTIFICATE-----