Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YNJSouMVOM2lhXutCYPIvfVYsXs.cer
File:                     YNJSouMVOM2lhXutCYPIvfVYsXs.cer (raw, json)
Hash identifier:          MdAntpE5aUlR4ZDLLqjviNCAWOYj4hh4HmGJNW9tBYE=
Subject key identifier:   60:D2:52:A2:E3:15:38:CD:A5:85:7B:AD:09:83:C8:BD:F5:58:B1:7B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FCA3E7ED7F07F2D991DB520FDBCE0A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:48:21 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 200021
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:a3:e7:ed:7f:07:f2:d9:91:db:52:0f:db:ce:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60d252a2e31538cda5857bad0983c8bdf558b17b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6a:c8:aa:f4:4c:8a:8c:29:1a:25:e2:b4:54:
                    65:34:90:b9:83:92:3b:db:be:fb:e1:75:09:96:29:
                    0d:02:65:33:93:9a:3f:ce:f2:49:28:ea:2c:66:a4:
                    0a:e6:2a:06:c9:91:df:24:22:7d:c1:75:7f:e8:4c:
                    d3:6a:43:fb:c8:d5:0c:83:33:2c:f1:fc:31:f1:fe:
                    e3:05:59:cd:fd:3e:c1:f1:80:d6:ae:38:c4:b7:41:
                    56:3d:c8:1c:0f:2e:66:28:fc:24:b2:f6:de:77:aa:
                    15:f1:56:9a:e0:24:01:e3:95:eb:58:3a:28:6d:aa:
                    b4:a2:cf:75:3f:07:23:e9:b1:94:ef:a0:5f:d0:37:
                    2d:62:4f:10:36:6b:02:93:35:b9:95:24:a4:5d:7f:
                    07:f9:54:53:3a:a5:ea:74:40:7a:32:25:45:aa:db:
                    ad:9e:73:13:46:cb:09:e1:f2:d1:18:42:16:da:3c:
                    4b:a7:fc:97:fc:82:bf:7a:77:71:41:e9:dc:53:e7:
                    5c:b5:df:59:f1:41:d5:d4:64:69:e9:3d:bd:8c:9b:
                    20:7a:20:c1:54:8b:49:2b:86:9c:27:2f:ce:56:0f:
                    89:d5:f8:f8:7c:67:db:2f:6a:c6:15:7c:27:d3:a5:
                    30:a7:6e:b7:e2:6c:b3:5c:e7:24:7e:0d:26:3c:60:
                    71:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:D2:52:A2:E3:15:38:CD:A5:85:7B:AD:09:83:C8:BD:F5:58:B1:7B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200021

    Signature Algorithm: sha256WithRSAEncryption
         0e:93:77:2c:f0:cf:f6:2f:cb:bc:63:ee:aa:3c:37:98:8d:62:
         8d:e1:53:9b:ba:f3:60:d7:34:16:b2:7e:f7:0d:8d:dc:8e:1d:
         58:21:21:d6:0c:9c:98:d1:aa:c1:f3:2d:e0:53:be:02:1b:ac:
         32:a3:7d:bf:f8:bd:57:e1:25:71:42:7c:05:06:18:d7:c8:18:
         a8:88:f0:48:d3:ed:f0:74:4e:f4:35:a2:e8:a6:02:75:20:e4:
         85:c2:52:0b:21:91:4f:f7:2d:3a:28:7d:a3:59:1a:7c:38:e1:
         62:ee:95:1a:b3:77:4f:df:96:56:1e:89:7f:d2:40:b9:6e:9c:
         00:eb:0c:93:4e:73:5f:bf:07:ae:74:fb:66:07:f6:63:a0:c5:
         4d:ef:18:3f:7e:1b:83:c3:73:a0:cf:2f:4b:37:38:1d:ed:ed:
         be:f1:25:89:b7:8f:ba:6c:07:fe:a8:07:93:80:45:f2:04:1c:
         18:4f:a4:ca:9b:d5:42:03:9d:0c:a0:aa:09:3b:57:21:6f:15:
         22:e2:fa:d6:bd:d5:54:0a:41:e5:f0:a3:e0:d6:bc:06:43:91:
         7a:ee:14:23:5e:63:aa:3f:3f:67:59:b0:ed:c3:31:9b:03:67:
         2f:7b:bc:92:76:01:72:9d:bd:da:aa:55:80:97:d2:ce:bd:28:
         f8:64:09:1d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQl/KPn7X8H8tmR21IP284KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQyNTJhMmUzMTUzOGNkYTU4NTdiYWQwOTgzYzhiZGY1NThiMTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmrIqvRMiowpGiXitFRlNJC5g5I7
27774XUJlikNAmUzk5o/zvJJKOosZqQK5ioGyZHfJCJ9wXV/6EzTakP7yNUMgzMs
8fwx8f7jBVnN/T7B8YDWrjjEt0FWPcgcDy5mKPwksvbed6oV8Vaa4CQB45XrWDoo
baq0os91Pwcj6bGU76Bf0DctYk8QNmsCkzW5lSSkXX8H+VRTOqXqdEB6MiVFqtut
nnMTRssJ4fLRGEIW2jxLp/yX/IK/endxQencU+dctd9Z8UHV1GRp6T29jJsgeiDB
VItJK4acJy/OVg+J1fj4fGfbL2rGFXwn06Uwp2634myzXOckfg0mPGBxSwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGDSUqLjFTjNpYV7rQmDyL31WLF7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MyL2ExN2Rk
Zi05YmE2LTQzOTUtYWFlNi01NjZmNmNmNDMxYzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzIvYTE3ZGRm
LTliYTYtNDM5NS1hYWU2LTU2NmY2Y2Y0MzFjMC8xL1lOSlNvdU1WT00ybGhYdXRD
WVBJdmZWWXNYcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMNVTANBgkqhkiG9w0BAQsFAAOCAQEADpN3LPDP9i/L
vGPuqjw3mI1ijeFTm7rzYNc0FrJ+9w2N3I4dWCEh1gycmNGqwfMt4FO+AhusMqN9
v/i9V+ElcUJ8BQYY18gYqIjwSNPt8HRO9DWi6KYCdSDkhcJSCyGRT/ctOih9o1ka
fDjhYu6VGrN3T9+WVh6Jf9JAuW6cAOsMk05zX78HrnT7Zgf2Y6DFTe8YP34bg8Nz
oM8vSzc4He3tvvElibePumwH/qgHk4BF8gQcGE+kypvVQgOdDKCqCTtXIW8VIuL6
1r3VVApB5fCj4Na8BkOReu4UI15jqj8/Z1mw7cMxmwNnL3u8knYBcp292qpVgJfS
zr0o+GQJHQ==
-----END CERTIFICATE-----