Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YCC9ukbOUMCqDEHwsbSfp-1oEMs.cer
File:                     YCC9ukbOUMCqDEHwsbSfp-1oEMs.cer (raw, json)
Hash identifier:          nNQrNLni4p3JMN0oflA1LQKyXyvQsK9ly67urnfsZ3E=
Subject key identifier:   60:20:BD:BA:46:CE:50:C0:AA:0C:41:F0:B1:B4:9F:A7:ED:68:10:CB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018DE97A30125AD0DB18FC64F2456A894926
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/YCC9ukbOUMCqDEHwsbSfp-1oEMs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 27 Feb 2024 07:31:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202494
                          IP: 193.148.40.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e9:7a:30:12:5a:d0:db:18:fc:64:f2:45:6a:89:49:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 27 07:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6020bdba46ce50c0aa0c41f0b1b49fa7ed6810cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5d:18:d8:08:1e:63:40:90:72:66:15:2d:77:
                    fc:92:55:5e:95:38:d5:35:b5:2f:dc:16:79:07:30:
                    d7:f7:ab:a6:b5:4c:48:7d:58:53:ae:30:06:e1:5e:
                    09:e7:92:ab:cc:b2:74:81:f6:35:fd:94:d8:fc:fd:
                    2a:c1:ab:e1:4b:80:3e:21:2e:05:16:f5:47:66:c5:
                    be:00:59:fe:54:b4:18:58:a5:1c:5e:fe:90:b7:bb:
                    8c:e7:0c:88:9f:9b:77:6e:71:54:64:cc:ca:30:f3:
                    bd:26:10:9c:90:3f:0f:29:2f:fd:b0:6b:4c:50:3c:
                    86:40:4e:8a:38:6e:48:4b:6d:c7:7d:5e:5c:1a:a3:
                    20:70:c2:c7:29:ff:34:2b:e4:e5:e9:67:1e:17:f3:
                    7f:6e:d0:53:27:d5:bb:92:d3:bb:5c:da:08:1d:08:
                    32:bf:f8:61:a3:fb:46:9a:e0:95:ea:38:59:f6:1e:
                    ff:0e:5b:91:78:13:89:c9:5d:c7:ca:4f:87:20:25:
                    67:81:14:53:eb:ca:02:80:8f:d8:f4:c1:bb:22:31:
                    ab:9f:6c:a7:03:4e:34:16:24:67:8c:92:b8:c3:05:
                    d4:97:7c:ec:ab:44:d1:64:af:eb:49:9d:a2:d6:85:
                    55:ef:dd:39:2d:32:7b:4e:5c:ee:02:bc:a3:f7:a6:
                    a3:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:20:BD:BA:46:CE:50:C0:AA:0C:41:F0:B1:B4:9F:A7:ED:68:10:CB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/YCC9ukbOUMCqDEHwsbSfp-1oEMs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.40.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202494

    Signature Algorithm: sha256WithRSAEncryption
         5c:25:87:e9:a0:57:f2:2b:95:c3:3a:24:bf:25:a0:98:81:05:
         fd:a8:8b:18:8a:ff:47:fc:ac:d7:b0:2b:80:fe:00:67:67:33:
         69:c1:42:2e:7b:ed:37:d3:99:ef:cf:62:83:90:92:09:7b:c5:
         e8:ac:0e:8e:31:44:b1:0e:79:0e:98:12:55:88:47:76:f4:25:
         31:41:63:7b:bb:f1:dc:80:e0:30:40:9f:95:25:c4:3b:2f:b5:
         d0:17:f6:a9:1f:5c:a4:b9:9f:41:ef:0d:cc:47:89:2f:af:67:
         a8:c5:cd:40:50:9e:f3:0f:0e:bc:69:fd:ab:86:1b:e0:bb:9e:
         63:32:6a:ee:c4:a5:8b:0b:78:c9:98:ae:6a:f3:6d:d9:7a:fd:
         6c:4f:30:c2:c3:c7:ed:63:00:c2:bf:91:d7:95:1c:7f:c3:07:
         95:32:dc:2b:8d:80:67:e6:be:61:5b:44:c9:0f:97:b0:02:a4:
         c1:9d:85:34:2f:1f:b6:c3:16:47:94:f7:fa:7a:1f:e1:e0:6a:
         3b:fc:37:93:2b:ea:ee:e1:8d:22:81:c7:f5:a5:07:d4:19:c6:
         3a:36:d9:d3:4e:4b:79:f2:08:e3:68:72:a0:ce:f1:70:58:24:
         55:4c:07:21:4f:de:f3:ad:ca:5d:b7:6c:77:43:90:82:ee:19:
         38:ac:87:e8
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY3pejASWtDbGPxk8kVqiUkmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjI3MDczMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDIwYmRiYTQ2Y2U1MGMwYWEwYzQxZjBiMWI0OWZhN2VkNjgxMGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxV0Y2AgeY0CQcmYVLXf8klVelTjV
NbUv3BZ5BzDX96umtUxIfVhTrjAG4V4J55KrzLJ0gfY1/ZTY/P0qwavhS4A+IS4F
FvVHZsW+AFn+VLQYWKUcXv6Qt7uM5wyIn5t3bnFUZMzKMPO9JhCckD8PKS/9sGtM
UDyGQE6KOG5IS23HfV5cGqMgcMLHKf80K+Tl6WceF/N/btBTJ9W7ktO7XNoIHQgy
v/hho/tGmuCV6jhZ9h7/DluReBOJyV3Hyk+HICVngRRT68oCgI/Y9MG7IjGrn2yn
A040FiRnjJK4wwXUl3zsq0TRZK/rSZ2i1oVV7905LTJ7TlzuAryj96ajswIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGAgvbpGzlDAqgxB8LG0n6ftaBDLMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ViLzc2OTU5
Ni0yYzRhLTRhZDgtODZjZi1iMzA5MTEyZDJlZWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvNzY5NTk2
LTJjNGEtNGFkOC04NmNmLWIzMDkxMTJkMmVlYy8xL1lDQzl1a2JPVU1DcURFSHdz
YlNmcC0xb0VNcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwZQoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMW/jANBgkqhkiG9w0BAQsFAAOCAQEAXCWH6aBX8iuVwzokvyWgmIEF/aiLGIr/
R/ys17ArgP4AZ2czacFCLnvtN9OZ789ig5CSCXvF6KwOjjFEsQ55DpgSVYhHdvQl
MUFje7vx3IDgMECflSXEOy+10Bf2qR9cpLmfQe8NzEeJL69nqMXNQFCe8w8OvGn9
q4Yb4LueYzJq7sSliwt4yZiuavNt2Xr9bE8wwsPH7WMAwr+R15Ucf8MHlTLcK42A
Z+a+YVtEyQ+XsAKkwZ2FNC8ftsMWR5T3+nof4eBqO/w3kyvq7uGNIoHH9aUH1BnG
OjbZ005LefII42hyoM7xcFgkVUwHIU/e863KXbdsd0OQgu4ZOKyH6A==
-----END CERTIFICATE-----