Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YNJSouMVOM2lhXutCYPIvfVYsXs.cer
File:                     YNJSouMVOM2lhXutCYPIvfVYsXs.cer (raw, json)
Hash identifier:          +2qwwf4rtJhTMdTkhnz4DCx46p0DI9yPVECl2OPsMoQ=
Subject key identifier:   60:D2:52:A2:E3:15:38:CD:A5:85:7B:AD:09:83:C8:BD:F5:58:B1:7B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA96CA6BC82CA955121101AF06915114
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:32:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200021

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:ca:6b:c8:2c:a9:55:12:11:01:af:06:91:51:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60d252a2e31538cda5857bad0983c8bdf558b17b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6a:c8:aa:f4:4c:8a:8c:29:1a:25:e2:b4:54:
                    65:34:90:b9:83:92:3b:db:be:fb:e1:75:09:96:29:
                    0d:02:65:33:93:9a:3f:ce:f2:49:28:ea:2c:66:a4:
                    0a:e6:2a:06:c9:91:df:24:22:7d:c1:75:7f:e8:4c:
                    d3:6a:43:fb:c8:d5:0c:83:33:2c:f1:fc:31:f1:fe:
                    e3:05:59:cd:fd:3e:c1:f1:80:d6:ae:38:c4:b7:41:
                    56:3d:c8:1c:0f:2e:66:28:fc:24:b2:f6:de:77:aa:
                    15:f1:56:9a:e0:24:01:e3:95:eb:58:3a:28:6d:aa:
                    b4:a2:cf:75:3f:07:23:e9:b1:94:ef:a0:5f:d0:37:
                    2d:62:4f:10:36:6b:02:93:35:b9:95:24:a4:5d:7f:
                    07:f9:54:53:3a:a5:ea:74:40:7a:32:25:45:aa:db:
                    ad:9e:73:13:46:cb:09:e1:f2:d1:18:42:16:da:3c:
                    4b:a7:fc:97:fc:82:bf:7a:77:71:41:e9:dc:53:e7:
                    5c:b5:df:59:f1:41:d5:d4:64:69:e9:3d:bd:8c:9b:
                    20:7a:20:c1:54:8b:49:2b:86:9c:27:2f:ce:56:0f:
                    89:d5:f8:f8:7c:67:db:2f:6a:c6:15:7c:27:d3:a5:
                    30:a7:6e:b7:e2:6c:b3:5c:e7:24:7e:0d:26:3c:60:
                    71:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:D2:52:A2:E3:15:38:CD:A5:85:7B:AD:09:83:C8:BD:F5:58:B1:7B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200021

    Signature Algorithm: sha256WithRSAEncryption
         af:3d:5d:86:49:c9:c0:e5:2e:87:9a:de:8b:2a:71:4b:fd:ff:
         49:cc:4a:45:6e:3e:68:6c:dd:05:b5:37:fc:69:ff:c0:2e:2b:
         a4:4f:f7:57:b1:e7:5a:b3:2d:eb:16:b5:0f:da:21:05:85:8d:
         67:84:c2:e4:ae:19:72:85:4b:20:bc:c9:d2:af:f9:1c:80:9a:
         51:6f:cf:0d:1d:50:02:35:17:ea:7f:a0:7b:41:72:31:7b:08:
         96:74:7b:d1:04:f4:9f:a4:4d:a1:94:f9:8e:a7:50:54:43:dc:
         4a:9d:cf:76:1d:77:85:93:99:52:37:34:1c:13:18:b4:0b:9b:
         81:4b:6d:ac:bc:57:77:ec:27:17:fa:b9:22:1c:86:a9:d6:cf:
         a0:8e:e6:d7:46:19:3f:bc:1b:8c:98:ec:8d:76:50:74:44:ef:
         cc:24:eb:cb:ea:db:4e:ac:5b:2f:00:99:3a:4d:f8:fe:1f:ed:
         09:79:86:8e:b1:50:86:25:b1:4c:47:b1:90:46:61:dc:29:cf:
         9b:98:e1:1b:71:71:74:f4:a3:c7:ba:ab:d7:66:2b:04:a4:20:
         f9:77:02:34:44:40:11:2a:77:09:aa:f7:6c:02:55:e8:d2:a2:
         60:72:e5:1e:38:1d:3b:be:31:7f:ed:0b:04:07:3c:35:7f:d9:
         8e:da:4f:6f
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKlspryCypVRIRAa8GkVEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQyNTJhMmUzMTUzOGNkYTU4NTdiYWQwOTgzYzhiZGY1NThiMTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmrIqvRMiowpGiXitFRlNJC5g5I7
27774XUJlikNAmUzk5o/zvJJKOosZqQK5ioGyZHfJCJ9wXV/6EzTakP7yNUMgzMs
8fwx8f7jBVnN/T7B8YDWrjjEt0FWPcgcDy5mKPwksvbed6oV8Vaa4CQB45XrWDoo
baq0os91Pwcj6bGU76Bf0DctYk8QNmsCkzW5lSSkXX8H+VRTOqXqdEB6MiVFqtut
nnMTRssJ4fLRGEIW2jxLp/yX/IK/endxQencU+dctd9Z8UHV1GRp6T29jJsgeiDB
VItJK4acJy/OVg+J1fj4fGfbL2rGFXwn06Uwp2634myzXOckfg0mPGBxSwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGDSUqLjFTjNpYV7rQmDyL31WLF7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MyL2ExN2Rk
Zi05YmE2LTQzOTUtYWFlNi01NjZmNmNmNDMxYzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzIvYTE3ZGRm
LTliYTYtNDM5NS1hYWU2LTU2NmY2Y2Y0MzFjMC8xL1lOSlNvdU1WT00ybGhYdXRD
WVBJdmZWWXNYcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMNVTANBgkqhkiG9w0BAQsFAAOCAQEArz1dhknJwOUu
h5reiypxS/3/ScxKRW4+aGzdBbU3/Gn/wC4rpE/3V7HnWrMt6xa1D9ohBYWNZ4TC
5K4ZcoVLILzJ0q/5HICaUW/PDR1QAjUX6n+ge0FyMXsIlnR70QT0n6RNoZT5jqdQ
VEPcSp3Pdh13hZOZUjc0HBMYtAubgUttrLxXd+wnF/q5IhyGqdbPoI7m10YZP7wb
jJjsjXZQdETvzCTry+rbTqxbLwCZOk34/h/tCXmGjrFQhiWxTEexkEZh3CnPm5jh
G3FxdPSjx7qr12YrBKQg+XcCNERAESp3Car3bAJV6NKiYHLlHjgdO74xf+0LBAc8
NX/ZjtpPbw==
-----END CERTIFICATE-----