Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.cer
File:                     YNrZW6Kx6z3Xc4AC_GiqlViMO_E.cer (raw, json)
Hash identifier:          nQiP4g81sOD4hdbQr4AjoRTo69Ga0eUOfXByi/94g+8=
Subject key identifier:   60:DA:D9:5B:A2:B1:EB:3D:D7:73:80:02:FC:68:AA:95:58:8C:3B:F1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA33FEBED07B526D011AE1F8F0F394
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:47:58 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 178.157.48.0/20
                          IP: 185.239.68.0/22
                          IP: 212.50.224.0/19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:33:fe:be:d0:7b:52:6d:01:1a:e1:f8:f0:f3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60dad95ba2b1eb3dd7738002fc68aa95588c3bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:83:eb:fa:8e:5a:9b:1c:3c:f0:fe:e0:a2:2d:
                    bf:77:bc:05:d6:ab:6f:b7:e8:84:97:39:17:cb:38:
                    f5:c2:00:aa:5e:5e:16:a1:f9:08:24:8c:cc:96:9d:
                    6d:88:d0:17:8b:fe:be:38:52:5a:2f:63:0a:3e:88:
                    19:b5:a4:fc:06:a8:07:72:76:40:b9:9d:3a:d0:de:
                    4d:68:ea:53:36:58:8d:ac:ca:fd:b1:e8:39:c7:12:
                    69:f3:a7:2d:15:98:d4:26:8c:1e:7f:23:b4:d0:7d:
                    f7:f2:fa:c3:c3:b1:d2:d1:e3:bf:ce:2b:a1:72:69:
                    ae:3e:e9:c5:8f:19:d9:22:5e:f9:8f:b3:cd:a6:7c:
                    85:63:61:db:86:68:6c:cd:b7:15:f9:e2:ed:63:17:
                    0a:e8:b3:71:98:3d:04:c3:c5:0b:64:03:9e:2f:9d:
                    5e:aa:d1:4d:44:10:ad:d7:16:1e:b3:00:50:0e:ff:
                    41:6c:b7:b2:16:a6:cb:2f:55:c2:45:e5:5e:41:2b:
                    35:d4:0d:11:3e:b3:9b:fe:bc:3c:9a:c0:c2:0c:e3:
                    16:c2:91:b1:1a:bd:2a:46:ee:95:4f:7d:42:0c:1b:
                    b4:85:2e:70:d8:2a:4f:09:fd:97:df:1a:93:36:b9:
                    08:20:54:23:aa:dc:8e:34:5f:97:44:86:0a:e8:07:
                    63:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DA:D9:5B:A2:B1:EB:3D:D7:73:80:02:FC:68:AA:95:58:8C:3B:F1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.157.48.0/20
                  185.239.68.0/22
                  212.50.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         50:1c:90:2b:f0:2c:4c:04:57:7b:f0:a2:4c:f5:5e:a1:62:ce:
         6b:4e:18:ac:5c:28:ee:75:35:42:0c:00:71:95:3e:5f:86:cd:
         14:e2:8a:62:e2:a9:ed:60:dd:4c:51:88:46:d7:f2:f6:69:4b:
         3f:13:49:5a:eb:a9:c1:2e:44:a9:72:36:07:c8:7c:4a:bd:bb:
         bf:e3:34:9b:a5:84:d2:1d:50:76:7c:67:40:b7:51:07:b1:2f:
         7d:26:86:20:a6:aa:82:8f:fa:20:74:bd:c9:3f:aa:eb:05:09:
         25:95:13:f3:7b:38:ba:8d:94:18:40:e2:ee:54:77:a0:3d:4e:
         e4:f7:75:b5:78:2b:14:40:8a:8a:b3:dc:11:0b:e0:5f:c3:a1:
         eb:aa:3b:e7:e7:b1:a8:39:81:e3:3f:2e:66:88:78:09:28:6d:
         41:1e:b8:9f:7f:47:55:75:5d:88:65:2d:ec:8c:de:19:f9:6e:
         b4:c9:c3:a1:51:b9:4c:71:ac:a8:35:96:38:d5:2c:61:e0:7e:
         cc:0a:e9:d2:b0:db:54:7e:29:7e:cf:19:d0:73:6b:f9:75:49:
         1d:39:00:a7:9a:ad:d7:b5:c9:d0:b0:fd:d9:56:02:0e:47:0f:
         b1:5c:6c:a6:24:22:87:bd:54:d6:2e:bd:6c:dd:5e:7c:fc:20:
         ae:1d:76:46
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZQf+jP+vtB7Um0BGuH48POUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRhZDk1YmEyYjFlYjNkZDc3MzgwMDJmYzY4YWE5NTU4OGMzYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIPr+o5amxw88P7goi2/d7wF1qtv
t+iElzkXyzj1wgCqXl4WofkIJIzMlp1tiNAXi/6+OFJaL2MKPogZtaT8BqgHcnZA
uZ060N5NaOpTNliNrMr9seg5xxJp86ctFZjUJowefyO00H338vrDw7HS0eO/ziuh
cmmuPunFjxnZIl75j7PNpnyFY2HbhmhszbcV+eLtYxcK6LNxmD0Ew8ULZAOeL51e
qtFNRBCt1xYeswBQDv9BbLeyFqbLL1XCReVeQSs11A0RPrOb/rw8msDCDOMWwpGx
Gr0qRu6VT31CDBu0hS5w2CpPCf2X3xqTNrkIIFQjqtyONF+XRIYK6Adj+wIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFGDa2Vuises913OAAvxoqpVYjDvxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q2LzQ0OGJh
MC1hNDM4LTRmNTktODg1Yi00MjE4YjJiNjk2M2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDYvNDQ4YmEw
LWE0MzgtNGY1OS04ODViLTQyMThiMmI2OTYzYS8xL1lOclpXNkt4NnozWGM0QUNf
R2lxbFZpTU9fRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUF
BwEHAQH/BBwwGjAYBAIAATASAwQEsp0wAwQCue9EAwQF1DLgMA0GCSqGSIb3DQEB
CwUAA4IBAQBQHJAr8CxMBFd78KJM9V6hYs5rThisXCjudTVCDABxlT5fhs0U4opi
4qntYN1MUYhG1/L2aUs/E0la66nBLkSpcjYHyHxKvbu/4zSbpYTSHVB2fGdAt1EH
sS99JoYgpqqCj/ogdL3JP6rrBQkllRPzezi6jZQYQOLuVHegPU7k93W1eCsUQIqK
s9wRC+Bfw6Hrqjvn57GoOYHjPy5miHgJKG1BHriff0dVdV2IZS3sjN4Z+W60ycOh
UblMcayoNZY41Sxh4H7MCunSsNtUfil+zxnQc2v5dUkdOQCnmq3XtcnQsP3ZVgIO
Rw+xXGymJCKHvVTWLr1s3V58/CCuHXZG
-----END CERTIFICATE-----