Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Y4UAVfJ-xAdWKX_811nrhh7vc8E.cer
File:                     Y4UAVfJ-xAdWKX_811nrhh7vc8E.cer (raw, json)
Hash identifier:          dO4399FRLIW78oL7Qg8thpSW164297cvbqqboDGtCvE=
Subject key identifier:   63:85:00:55:F2:7E:C4:07:56:29:7F:FC:D7:59:EB:86:1E:EF:73:C1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196EDA2D708F8C1C8452B524D91C854C6EC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/17/ff6b18-7ddf-46f5-a0d5-06d4475b7fe5/1/Y4UAVfJ-xAdWKX_811nrhh7vc8E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/17/ff6b18-7ddf-46f5-a0d5-06d4475b7fe5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 20 May 2025 12:19:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215903
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:a2:d7:08:f8:c1:c8:45:2b:52:4d:91:c8:54:c6:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 20 12:19:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63850055f27ec40756297ffcd759eb861eef73c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6a:58:74:29:ad:f3:7a:87:e6:09:40:2b:53:
                    42:f9:4b:9a:54:3f:50:c1:4d:6f:2c:2a:19:4a:fd:
                    2a:1a:c0:d0:1f:c8:7c:81:4b:ec:bf:84:55:09:c2:
                    7e:83:38:61:80:df:c4:be:ce:17:c9:cf:ff:ed:13:
                    d7:4e:24:78:87:ad:be:cb:16:9c:09:49:ad:a9:9a:
                    2f:7a:af:bd:44:63:0f:f2:56:1c:79:fc:b7:ce:3c:
                    06:50:bf:58:2d:86:ad:ec:b5:2d:96:88:95:8c:ba:
                    24:f7:7e:0e:8b:5d:6c:09:82:1a:70:01:0d:e0:20:
                    07:1a:8c:af:21:da:77:de:43:15:a8:22:8a:57:96:
                    71:c2:a3:de:c3:a3:ec:55:ee:67:13:5b:04:53:54:
                    5c:da:b5:a5:9a:13:27:bb:77:cf:3b:b8:9d:ac:af:
                    26:e4:a4:fc:f2:2e:13:4d:26:65:df:b4:59:71:0b:
                    8d:81:37:3d:ab:75:02:94:9e:9f:f8:d0:ec:ed:cd:
                    10:4a:42:d4:af:95:65:07:1d:63:8e:3b:84:c4:e1:
                    0b:75:c1:87:1d:ad:62:4a:97:a7:27:79:7f:77:cd:
                    ea:06:f1:3d:5e:60:b8:2f:1b:dc:ed:b6:ef:e0:32:
                    76:77:bc:63:49:51:69:6f:28:8f:fb:7b:ff:bd:8f:
                    54:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:85:00:55:F2:7E:C4:07:56:29:7F:FC:D7:59:EB:86:1E:EF:73:C1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/ff6b18-7ddf-46f5-a0d5-06d4475b7fe5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/ff6b18-7ddf-46f5-a0d5-06d4475b7fe5/1/Y4UAVfJ-xAdWKX_811nrhh7vc8E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215903

    Signature Algorithm: sha256WithRSAEncryption
         52:d8:5c:62:b8:dd:41:ed:5b:fb:ed:a0:09:c2:c0:14:42:79:
         63:93:69:97:38:60:eb:ec:9d:76:4e:ad:f4:de:78:88:19:f9:
         8e:f5:09:7a:d9:37:12:7e:1e:e1:f4:1c:70:dc:d2:fc:58:3b:
         d2:76:ad:c0:b3:e0:28:a9:f7:93:e4:c8:67:47:7f:07:f3:f9:
         9f:4b:f4:4f:57:be:e2:2b:64:78:32:ea:93:c0:ec:54:cc:d7:
         e4:a6:ca:32:9f:89:d7:30:cf:1a:17:97:6c:7e:e4:6a:f8:09:
         8b:b0:f0:09:d2:ba:1d:2c:0c:28:7a:b1:3d:28:38:03:5e:78:
         ce:56:36:b1:2e:0f:31:7a:1a:1a:99:e9:94:45:9e:28:51:b4:
         e5:1e:3c:b0:b0:6e:50:5c:6c:ae:3a:e5:db:92:27:af:87:38:
         10:8b:73:71:0f:16:21:a4:17:f6:9b:b1:e6:87:b3:17:53:cf:
         3e:5e:f7:64:c2:9a:ac:7a:71:3e:72:21:e0:e8:64:d5:22:87:
         2e:93:45:4a:6f:0b:3a:10:b8:76:1c:c7:4e:f1:3e:f1:96:d8:
         2a:f1:51:c2:73:6a:4f:d0:d2:74:e8:fc:60:bf:2a:52:61:34:
         11:93:ee:96:a8:73:69:8d:3f:93:e1:a9:2d:95:f6:b6:cf:f1:
         40:4d:15:9e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZbtotcI+MHIRStSTZHIVMbsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTIwMTIxOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzg1MDA1NWYyN2VjNDA3NTYyOTdmZmNkNzU5ZWI4NjFlZWY3M2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWpYdCmt83qH5glAK1NC+UuaVD9Q
wU1vLCoZSv0qGsDQH8h8gUvsv4RVCcJ+gzhhgN/Evs4Xyc//7RPXTiR4h62+yxac
CUmtqZoveq+9RGMP8lYcefy3zjwGUL9YLYat7LUtloiVjLok934Oi11sCYIacAEN
4CAHGoyvIdp33kMVqCKKV5ZxwqPew6PsVe5nE1sEU1Rc2rWlmhMnu3fPO7idrK8m
5KT88i4TTSZl37RZcQuNgTc9q3UClJ6f+NDs7c0QSkLUr5VlBx1jjjuExOELdcGH
Ha1iSpenJ3l/d83qBvE9XmC4Lxvc7bbv4DJ2d7xjSVFpbyiP+3v/vY9UZwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGOFAFXyfsQHVil//NdZ64Ye73PBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE3L2ZmNmIx
OC03ZGRmLTQ2ZjUtYTBkNS0wNmQ0NDc1YjdmZTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcvZmY2YjE4
LTdkZGYtNDZmNS1hMGQ1LTA2ZDQ0NzViN2ZlNS8xL1k0VUFWZkoteEFkV0tYXzgx
MW5yaGg3dmM4RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNLXzANBgkqhkiG9w0BAQsFAAOCAQEAUthcYrjdQe1b
++2gCcLAFEJ5Y5Nplzhg6+yddk6t9N54iBn5jvUJetk3En4e4fQccNzS/Fg70nat
wLPgKKn3k+TIZ0d/B/P5n0v0T1e+4itkeDLqk8DsVMzX5KbKMp+J1zDPGheXbH7k
avgJi7DwCdK6HSwMKHqxPSg4A154zlY2sS4PMXoaGpnplEWeKFG05R48sLBuUFxs
rjrl25Inr4c4EItzcQ8WIaQX9pux5oezF1PPPl73ZMKarHpxPnIh4Ohk1SKHLpNF
Sm8LOhC4dhzHTvE+8ZbYKvFRwnNqT9DSdOj8YL8qUmE0EZPulqhzaY0/k+GpLZX2
ts/xQE0Vng==
-----END CERTIFICATE-----