Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YA4hJVBpTniBGT7RL6pS3Eaybbw.cer
File:                     YA4hJVBpTniBGT7RL6pS3Eaybbw.cer (raw, json)
Hash identifier:          6EH+4+pgu0cAQs+aAH6sQJWQr9sBdMJQY0drb8qKt9E=
Subject key identifier:   60:0E:21:25:50:69:4E:78:81:19:3E:D1:2F:AA:52:DC:46:B2:6D:BC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421443F7FA4598736D8A134D9634A21DD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fd/3cf1a2-eac6-4769-b5c8-a7465edbefcd/1/YA4hJVBpTniBGT7RL6pS3Eaybbw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fd/3cf1a2-eac6-4769-b5c8-a7465edbefcd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:28 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 199767
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3f:7f:a4:59:87:36:d8:a1:34:d9:63:4a:21:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=600e212550694e7881193ed12faa52dc46b26dbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fe:26:a9:38:81:a4:10:e2:a8:9f:1e:43:30:
                    e0:bb:b5:dd:2a:1c:6b:1d:be:57:22:ed:1c:b8:b0:
                    3d:f0:12:01:c0:75:b0:a4:b7:1a:3e:f2:89:ce:a8:
                    90:e0:a9:4c:f1:97:7f:b5:01:30:b9:e1:ef:29:d0:
                    6e:63:ce:e2:fa:cd:85:c7:72:28:d4:dd:28:5b:5b:
                    24:19:5f:f5:cc:47:f9:1a:03:bc:c0:44:37:6e:a5:
                    89:f9:4e:6a:73:6d:d3:94:56:2e:50:67:cb:e2:38:
                    40:27:56:ac:38:df:df:47:0b:5c:5b:dd:48:25:33:
                    3e:f5:a1:01:e0:3d:4e:be:09:38:bc:5c:5b:41:94:
                    b8:c3:b7:77:22:ce:44:5b:f1:83:fc:2b:91:27:a3:
                    5b:62:09:af:08:8c:80:21:ff:93:2c:a7:ed:54:1a:
                    f4:90:5b:8b:23:ac:8f:74:72:64:ad:cd:c6:b5:2e:
                    b5:87:b0:73:f5:0a:cc:b0:5f:6c:59:ad:97:f2:6a:
                    9f:88:12:70:ff:36:ce:bf:ed:e1:a6:60:0b:b2:89:
                    5d:1a:f5:0c:87:27:02:af:9d:02:fd:93:dc:cc:03:
                    3a:b5:7d:6f:e1:f4:7c:40:8c:e4:02:d5:f5:eb:0d:
                    56:f3:a4:2c:e5:fa:ad:55:d8:9e:92:ae:f1:83:36:
                    04:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:0E:21:25:50:69:4E:78:81:19:3E:D1:2F:AA:52:DC:46:B2:6D:BC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3cf1a2-eac6-4769-b5c8-a7465edbefcd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3cf1a2-eac6-4769-b5c8-a7465edbefcd/1/YA4hJVBpTniBGT7RL6pS3Eaybbw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199767

    Signature Algorithm: sha256WithRSAEncryption
         25:71:24:11:2c:7f:9e:37:cf:9e:5b:80:ee:e7:52:02:1a:5b:
         9c:26:77:ac:c1:d8:c9:72:7f:26:b1:fa:ea:f2:25:a4:35:67:
         82:88:fb:4f:56:39:11:b6:cd:8e:a3:a5:52:6e:f8:83:9a:a2:
         1e:b2:6d:f7:b0:da:91:1a:13:9d:94:b0:38:58:2b:94:9d:ce:
         7c:6d:b7:42:92:77:3c:92:f4:1a:92:c2:4e:01:6d:c9:32:6f:
         c8:00:83:ca:23:51:ae:d5:cc:0c:9a:44:dc:32:99:d8:65:ab:
         43:5c:d3:34:ec:e9:b6:ea:e9:8b:ef:55:f1:72:fd:36:70:2f:
         07:b4:1e:4e:74:9c:f1:b9:dd:5b:d6:56:9c:56:93:c6:ed:0f:
         50:c1:7c:47:da:31:52:2b:c8:b6:b1:c2:45:cc:41:2a:23:6f:
         7f:10:19:95:aa:56:9e:8c:57:3d:61:15:54:fc:61:f8:d4:f9:
         9d:30:84:eb:ec:75:4e:db:4f:dd:26:59:1c:58:d3:d7:bc:b6:
         17:e1:44:ca:df:10:aa:3a:42:17:7c:59:f8:4f:27:4d:72:40:
         53:9f:31:94:e8:16:54:2e:44:b7:4a:d8:08:bf:5e:b7:9c:7e:
         49:9a:13:c7:dc:9c:a6:1b:bc:ac:ec:ff:86:cc:48:e1:c4:07:
         b1:37:26:3a
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQhRD9/pFmHNtihNNljSiHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDBlMjEyNTUwNjk0ZTc4ODExOTNlZDEyZmFhNTJkYzQ2YjI2ZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf4mqTiBpBDiqJ8eQzDgu7XdKhxr
Hb5XIu0cuLA98BIBwHWwpLcaPvKJzqiQ4KlM8Zd/tQEwueHvKdBuY87i+s2Fx3Io
1N0oW1skGV/1zEf5GgO8wEQ3bqWJ+U5qc23TlFYuUGfL4jhAJ1asON/fRwtcW91I
JTM+9aEB4D1Ovgk4vFxbQZS4w7d3Is5EW/GD/CuRJ6NbYgmvCIyAIf+TLKftVBr0
kFuLI6yPdHJkrc3GtS61h7Bz9QrMsF9sWa2X8mqfiBJw/zbOv+3hpmALsoldGvUM
hycCr50C/ZPczAM6tX1v4fR8QIzkAtX16w1W86Qs5fqtVdiekq7xgzYEjQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGAOISVQaU54gRk+0S+qUtxGsm28MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZkLzNjZjFh
Mi1lYWM2LTQ3NjktYjVjOC1hNzQ2NWVkYmVmY2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQvM2NmMWEy
LWVhYzYtNDc2OS1iNWM4LWE3NDY1ZWRiZWZjZC8xL1lBNGhKVkJwVG5pQkdUN1JM
NnBTM0VheWJidy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMMVzANBgkqhkiG9w0BAQsFAAOCAQEAJXEkESx/njfP
nluA7udSAhpbnCZ3rMHYyXJ/JrH66vIlpDVngoj7T1Y5EbbNjqOlUm74g5qiHrJt
97DakRoTnZSwOFgrlJ3OfG23QpJ3PJL0GpLCTgFtyTJvyACDyiNRrtXMDJpE3DKZ
2GWrQ1zTNOzpturpi+9V8XL9NnAvB7QeTnSc8bndW9ZWnFaTxu0PUMF8R9oxUivI
trHCRcxBKiNvfxAZlapWnoxXPWEVVPxh+NT5nTCE6+x1TttP3SZZHFjT17y2F+FE
yt8QqjpCF3xZ+E8nTXJAU58xlOgWVC5Et0rYCL9et5x+SZoTx9ycphu8rOz/hsxI
4cQHsTcmOg==
-----END CERTIFICATE-----