Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YA4hJVBpTniBGT7RL6pS3Eaybbw.cer
File:                     YA4hJVBpTniBGT7RL6pS3Eaybbw.cer (raw, json)
Hash identifier:          uXXFhAxYmcE1/Dsixu+CXiQ/CgOU1p7yr/XfQyjmhfo=
Subject key identifier:   60:0E:21:25:50:69:4E:78:81:19:3E:D1:2F:AA:52:DC:46:B2:6D:BC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4924BE90312A3D13A52928E658AAA90
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fd/3cf1a2-eac6-4769-b5c8-a7465edbefcd/1/YA4hJVBpTniBGT7RL6pS3Eaybbw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fd/3cf1a2-eac6-4769-b5c8-a7465edbefcd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:29:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199767

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:4b:e9:03:12:a3:d1:3a:52:92:8e:65:8a:aa:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=600e212550694e7881193ed12faa52dc46b26dbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fe:26:a9:38:81:a4:10:e2:a8:9f:1e:43:30:
                    e0:bb:b5:dd:2a:1c:6b:1d:be:57:22:ed:1c:b8:b0:
                    3d:f0:12:01:c0:75:b0:a4:b7:1a:3e:f2:89:ce:a8:
                    90:e0:a9:4c:f1:97:7f:b5:01:30:b9:e1:ef:29:d0:
                    6e:63:ce:e2:fa:cd:85:c7:72:28:d4:dd:28:5b:5b:
                    24:19:5f:f5:cc:47:f9:1a:03:bc:c0:44:37:6e:a5:
                    89:f9:4e:6a:73:6d:d3:94:56:2e:50:67:cb:e2:38:
                    40:27:56:ac:38:df:df:47:0b:5c:5b:dd:48:25:33:
                    3e:f5:a1:01:e0:3d:4e:be:09:38:bc:5c:5b:41:94:
                    b8:c3:b7:77:22:ce:44:5b:f1:83:fc:2b:91:27:a3:
                    5b:62:09:af:08:8c:80:21:ff:93:2c:a7:ed:54:1a:
                    f4:90:5b:8b:23:ac:8f:74:72:64:ad:cd:c6:b5:2e:
                    b5:87:b0:73:f5:0a:cc:b0:5f:6c:59:ad:97:f2:6a:
                    9f:88:12:70:ff:36:ce:bf:ed:e1:a6:60:0b:b2:89:
                    5d:1a:f5:0c:87:27:02:af:9d:02:fd:93:dc:cc:03:
                    3a:b5:7d:6f:e1:f4:7c:40:8c:e4:02:d5:f5:eb:0d:
                    56:f3:a4:2c:e5:fa:ad:55:d8:9e:92:ae:f1:83:36:
                    04:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:0E:21:25:50:69:4E:78:81:19:3E:D1:2F:AA:52:DC:46:B2:6D:BC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3cf1a2-eac6-4769-b5c8-a7465edbefcd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3cf1a2-eac6-4769-b5c8-a7465edbefcd/1/YA4hJVBpTniBGT7RL6pS3Eaybbw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199767

    Signature Algorithm: sha256WithRSAEncryption
         89:d8:31:9b:0e:e1:9f:72:e2:5d:7f:76:35:9d:5b:86:f2:b0:
         d8:5e:ca:6b:2a:e6:bf:f7:2c:ba:f6:9d:7f:8c:67:26:8f:24:
         10:7c:30:e8:83:00:9c:78:c1:3d:18:1f:f6:89:59:f7:b2:9e:
         65:d4:36:d6:38:bb:ea:2d:ea:5e:2d:aa:26:a0:70:90:52:9b:
         de:8f:f9:21:de:7e:e8:83:b6:ae:9b:35:8f:56:de:0f:bd:cb:
         cb:19:08:3e:8c:e5:d4:d5:93:f7:7e:f0:71:d0:5d:76:6a:93:
         44:b4:a1:8e:0a:e6:6f:42:56:81:1b:e8:47:ec:21:35:92:e3:
         20:dc:7c:00:86:0f:3f:e9:36:1a:d8:12:0c:08:49:5d:94:77:
         e6:c3:59:8f:ca:2d:e4:01:27:e0:47:f9:54:18:ca:61:da:d6:
         50:9f:99:1b:fa:eb:90:99:42:50:a7:a0:d3:0c:92:d8:1b:e3:
         4c:b8:5d:7d:e4:9e:b5:43:dc:82:5e:90:49:97:b7:79:9c:2c:
         2f:c7:d5:6a:01:07:eb:17:a8:5f:37:54:77:cb:ce:8e:18:ac:
         12:4f:fc:06:7a:76:c7:c3:f7:70:3f:36:10:fd:43:11:88:8d:
         9f:2e:48:42:6f:94:b2:53:20:00:d0:79:51:84:ca:6a:cc:66:
         e1:ce:fa:4b
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzEkkvpAxKj0TpSko5liqqQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDBlMjEyNTUwNjk0ZTc4ODExOTNlZDEyZmFhNTJkYzQ2YjI2ZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf4mqTiBpBDiqJ8eQzDgu7XdKhxr
Hb5XIu0cuLA98BIBwHWwpLcaPvKJzqiQ4KlM8Zd/tQEwueHvKdBuY87i+s2Fx3Io
1N0oW1skGV/1zEf5GgO8wEQ3bqWJ+U5qc23TlFYuUGfL4jhAJ1asON/fRwtcW91I
JTM+9aEB4D1Ovgk4vFxbQZS4w7d3Is5EW/GD/CuRJ6NbYgmvCIyAIf+TLKftVBr0
kFuLI6yPdHJkrc3GtS61h7Bz9QrMsF9sWa2X8mqfiBJw/zbOv+3hpmALsoldGvUM
hycCr50C/ZPczAM6tX1v4fR8QIzkAtX16w1W86Qs5fqtVdiekq7xgzYEjQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGAOISVQaU54gRk+0S+qUtxGsm28MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZkLzNjZjFh
Mi1lYWM2LTQ3NjktYjVjOC1hNzQ2NWVkYmVmY2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQvM2NmMWEy
LWVhYzYtNDc2OS1iNWM4LWE3NDY1ZWRiZWZjZC8xL1lBNGhKVkJwVG5pQkdUN1JM
NnBTM0VheWJidy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMMVzANBgkqhkiG9w0BAQsFAAOCAQEAidgxmw7hn3Li
XX92NZ1bhvKw2F7Kayrmv/csuvadf4xnJo8kEHww6IMAnHjBPRgf9olZ97KeZdQ2
1ji76i3qXi2qJqBwkFKb3o/5Id5+6IO2rps1j1beD73LyxkIPozl1NWT937wcdBd
dmqTRLShjgrmb0JWgRvoR+whNZLjINx8AIYPP+k2GtgSDAhJXZR35sNZj8ot5AEn
4Ef5VBjKYdrWUJ+ZG/rrkJlCUKeg0wyS2BvjTLhdfeSetUPcgl6QSZe3eZwsL8fV
agEH6xeoXzdUd8vOjhisEk/8Bnp2x8P3cD82EP1DEYiNny5IQm+UslMgANB5UYTK
asxm4c76Sw==
-----END CERTIFICATE-----