Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.cer
File:                     YNrZW6Kx6z3Xc4AC_GiqlViMO_E.cer (raw, json)
Hash identifier:          YSYUfkY+sgCVXd6gJXrCdwjsBkJ6Dra2SD19mJMzYpg=
Subject key identifier:   60:DA:D9:5B:A2:B1:EB:3D:D7:73:80:02:FC:68:AA:95:58:8C:3B:F1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC349212268AE883BC1FAB9FD275C91B1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 178.157.48.0/20
                          IP: 185.239.68.0/22
                          IP: 212.50.224.0/19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:21:22:68:ae:88:3b:c1:fa:b9:fd:27:5c:91:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60dad95ba2b1eb3dd7738002fc68aa95588c3bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:83:eb:fa:8e:5a:9b:1c:3c:f0:fe:e0:a2:2d:
                    bf:77:bc:05:d6:ab:6f:b7:e8:84:97:39:17:cb:38:
                    f5:c2:00:aa:5e:5e:16:a1:f9:08:24:8c:cc:96:9d:
                    6d:88:d0:17:8b:fe:be:38:52:5a:2f:63:0a:3e:88:
                    19:b5:a4:fc:06:a8:07:72:76:40:b9:9d:3a:d0:de:
                    4d:68:ea:53:36:58:8d:ac:ca:fd:b1:e8:39:c7:12:
                    69:f3:a7:2d:15:98:d4:26:8c:1e:7f:23:b4:d0:7d:
                    f7:f2:fa:c3:c3:b1:d2:d1:e3:bf:ce:2b:a1:72:69:
                    ae:3e:e9:c5:8f:19:d9:22:5e:f9:8f:b3:cd:a6:7c:
                    85:63:61:db:86:68:6c:cd:b7:15:f9:e2:ed:63:17:
                    0a:e8:b3:71:98:3d:04:c3:c5:0b:64:03:9e:2f:9d:
                    5e:aa:d1:4d:44:10:ad:d7:16:1e:b3:00:50:0e:ff:
                    41:6c:b7:b2:16:a6:cb:2f:55:c2:45:e5:5e:41:2b:
                    35:d4:0d:11:3e:b3:9b:fe:bc:3c:9a:c0:c2:0c:e3:
                    16:c2:91:b1:1a:bd:2a:46:ee:95:4f:7d:42:0c:1b:
                    b4:85:2e:70:d8:2a:4f:09:fd:97:df:1a:93:36:b9:
                    08:20:54:23:aa:dc:8e:34:5f:97:44:86:0a:e8:07:
                    63:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DA:D9:5B:A2:B1:EB:3D:D7:73:80:02:FC:68:AA:95:58:8C:3B:F1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.157.48.0/20
                  185.239.68.0/22
                  212.50.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1e:52:cf:8b:d6:82:9d:ed:f0:e1:1b:e4:cf:06:cd:e8:d3:b9:
         0d:8f:94:c1:79:8e:88:b9:75:97:42:95:a2:64:93:a4:54:8f:
         38:b7:00:a8:09:39:9a:89:8a:b4:20:23:cc:30:dd:49:56:4c:
         27:60:ee:f7:c4:15:f8:2f:b8:10:7c:8b:fe:98:97:91:53:59:
         d2:88:61:20:bb:88:3c:6a:35:69:62:55:cb:c4:57:22:dc:08:
         cb:91:23:22:21:fb:db:67:30:e6:8b:70:95:25:de:47:ce:13:
         29:cd:5a:2f:a5:cf:1a:71:cb:3a:c9:f4:cb:fd:61:09:d2:69:
         82:81:f4:97:8b:ae:51:0c:fd:7a:54:49:08:63:73:4c:37:60:
         eb:30:d9:d6:99:60:36:e9:2b:3d:18:fe:27:2e:89:d3:0e:74:
         14:c1:57:c8:8d:59:76:88:52:34:5e:4e:43:c4:f5:27:22:87:
         ba:2c:86:a4:c2:76:fc:79:e6:9a:8f:39:21:35:57:19:71:aa:
         53:11:56:bc:1a:16:e9:fb:32:45:40:f1:89:48:c4:d4:8b:1a:
         ef:d0:47:eb:14:6c:84:dd:53:7c:c0:4e:cb:bb:60:d9:b6:4a:
         7c:7c:6d:1d:7c:b6:d9:99:61:31:2a:7e:9a:c6:20:e6:e1:c0:
         bc:fa:3e:22
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYzDSSEiaK6IO8H6uf0nXJGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRhZDk1YmEyYjFlYjNkZDc3MzgwMDJmYzY4YWE5NTU4OGMzYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIPr+o5amxw88P7goi2/d7wF1qtv
t+iElzkXyzj1wgCqXl4WofkIJIzMlp1tiNAXi/6+OFJaL2MKPogZtaT8BqgHcnZA
uZ060N5NaOpTNliNrMr9seg5xxJp86ctFZjUJowefyO00H338vrDw7HS0eO/ziuh
cmmuPunFjxnZIl75j7PNpnyFY2HbhmhszbcV+eLtYxcK6LNxmD0Ew8ULZAOeL51e
qtFNRBCt1xYeswBQDv9BbLeyFqbLL1XCReVeQSs11A0RPrOb/rw8msDCDOMWwpGx
Gr0qRu6VT31CDBu0hS5w2CpPCf2X3xqTNrkIIFQjqtyONF+XRIYK6Adj+wIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFGDa2Vuises913OAAvxoqpVYjDvxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q2LzQ0OGJh
MC1hNDM4LTRmNTktODg1Yi00MjE4YjJiNjk2M2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDYvNDQ4YmEw
LWE0MzgtNGY1OS04ODViLTQyMThiMmI2OTYzYS8xL1lOclpXNkt4NnozWGM0QUNf
R2lxbFZpTU9fRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUF
BwEHAQH/BBwwGjAYBAIAATASAwQEsp0wAwQCue9EAwQF1DLgMA0GCSqGSIb3DQEB
CwUAA4IBAQAeUs+L1oKd7fDhG+TPBs3o07kNj5TBeY6IuXWXQpWiZJOkVI84twCo
CTmaiYq0ICPMMN1JVkwnYO73xBX4L7gQfIv+mJeRU1nSiGEgu4g8ajVpYlXLxFci
3AjLkSMiIfvbZzDmi3CVJd5HzhMpzVovpc8accs6yfTL/WEJ0mmCgfSXi65RDP16
VEkIY3NMN2DrMNnWmWA26Ss9GP4nLonTDnQUwVfIjVl2iFI0Xk5DxPUnIoe6LIak
wnb8eeaajzkhNVcZcapTEVa8Ghbp+zJFQPGJSMTUixrv0EfrFGyE3VN8wE7Lu2DZ
tkp8fG0dfLbZmWExKn6axiDm4cC8+j4i
-----END CERTIFICATE-----