Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YNxaADaNiuH7qZVDHwOkExrdipo.cer
File:                     YNxaADaNiuH7qZVDHwOkExrdipo.cer (raw, json)
Hash identifier:          diE/jf6UBKnjyTurOBbHfgKptzntSlJuhgpvP8a22eY=
Subject key identifier:   60:DC:5A:00:36:8D:8A:E1:FB:A9:95:43:1F:03:A4:13:1A:DD:8A:9A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2BD0116103CA89C584D78D426CAFD2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5f/43d63a-a936-4593-8826-ebb3982c2eb0/1/YNxaADaNiuH7qZVDHwOkExrdipo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5f/43d63a-a936-4593-8826-ebb3982c2eb0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:35:18 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 41085
                          IP: 195.189.100.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d0:11:61:03:ca:89:c5:84:d7:8d:42:6c:af:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60dc5a00368d8ae1fba995431f03a4131add8a9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:de:fa:bd:92:16:b2:91:0c:74:71:f2:fb:11:
                    08:7e:34:2e:5f:44:19:ac:fb:ef:3c:07:35:3d:74:
                    a1:46:36:96:b5:0e:eb:ad:e8:43:39:30:71:cf:11:
                    2e:3e:83:83:b8:b6:32:a0:8d:b5:4c:c5:ae:ca:75:
                    43:ca:c1:e5:44:60:e0:77:d7:8e:f2:e3:3b:cb:04:
                    71:b3:e3:dd:99:0c:dc:9c:31:c9:5a:f1:bb:e9:89:
                    7c:f5:8a:c5:be:f3:56:f3:b4:00:5b:52:4a:09:0a:
                    ce:bf:a4:04:e8:e5:37:a7:a9:09:89:ac:e3:3a:6c:
                    5b:fe:c5:70:7f:19:6a:50:df:39:25:ce:8f:f0:6c:
                    fd:07:52:e2:3f:18:07:3c:87:fa:5f:95:6e:db:ce:
                    67:2e:e1:d8:e3:65:28:af:1a:f9:ef:b9:82:06:f4:
                    f2:51:52:28:6d:a6:49:4e:29:a5:89:c9:a6:14:3a:
                    e6:e4:c3:ed:5a:d0:db:92:16:8e:8e:0f:25:4f:3b:
                    d6:2b:f8:b4:09:e1:d9:f8:fe:b6:ba:f2:b2:f0:6b:
                    1b:04:b4:4f:4e:80:68:fb:ee:bb:46:60:74:e4:e4:
                    e7:46:fa:ae:9e:b5:e8:cb:49:09:1c:19:a6:5f:40:
                    26:63:73:1f:ec:d9:8f:0b:6b:58:71:c2:83:22:27:
                    8a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DC:5A:00:36:8D:8A:E1:FB:A9:95:43:1F:03:A4:13:1A:DD:8A:9A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/43d63a-a936-4593-8826-ebb3982c2eb0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/43d63a-a936-4593-8826-ebb3982c2eb0/1/YNxaADaNiuH7qZVDHwOkExrdipo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.100.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41085

    Signature Algorithm: sha256WithRSAEncryption
         23:37:9a:b9:33:e9:c0:5b:82:c5:fd:7f:e2:af:53:69:d1:75:
         69:73:ec:c1:d6:cd:6f:3b:8d:30:e4:0d:86:b9:48:9b:b9:cf:
         43:6b:df:be:1e:f5:ca:65:26:15:f1:fc:7a:26:5a:d1:59:b7:
         e5:f3:64:5c:cd:e9:da:59:10:d4:c6:9c:b1:c4:cd:50:36:6c:
         f2:28:e8:f5:0e:e2:8b:ef:21:7b:56:a1:0b:98:80:8f:da:86:
         da:09:97:ee:43:52:35:8e:ea:97:fe:41:43:f5:a8:9a:72:eb:
         00:9c:2e:9b:ee:7c:b9:48:2d:37:6c:0b:1e:93:06:e5:cd:c5:
         db:0e:a4:36:51:e9:6e:73:61:cc:b6:1a:35:72:14:91:d8:2a:
         65:f7:47:bc:60:2f:39:01:7a:e2:e9:c8:1d:83:a3:ca:9e:c5:
         04:8c:1a:14:0f:48:b0:f5:80:03:13:ee:e3:88:8e:58:0f:ab:
         0b:7c:46:21:b8:bd:42:2f:e3:9c:4a:34:25:a7:cc:56:07:3f:
         01:10:3c:e5:ef:fb:38:ea:a4:d9:c3:67:58:99:72:e1:59:ab:
         ae:0d:a4:93:74:72:7b:4f:2d:ca:2e:b6:31:81:d9:49:63:2c:
         61:9d:06:be:c9:ac:a6:35:1e:77:63:fe:b3:23:f3:ff:f1:14:
         c5:e3:fe:75
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzKK9ARYQPKicWE141CbK/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRjNWEwMDM2OGQ4YWUxZmJhOTk1NDMxZjAzYTQxMzFhZGQ4YTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq976vZIWspEMdHHy+xEIfjQuX0QZ
rPvvPAc1PXShRjaWtQ7rrehDOTBxzxEuPoODuLYyoI21TMWuynVDysHlRGDgd9eO
8uM7ywRxs+PdmQzcnDHJWvG76Yl89YrFvvNW87QAW1JKCQrOv6QE6OU3p6kJiazj
Omxb/sVwfxlqUN85Jc6P8Gz9B1LiPxgHPIf6X5Vu285nLuHY42Uorxr577mCBvTy
UVIobaZJTimlicmmFDrm5MPtWtDbkhaOjg8lTzvWK/i0CeHZ+P62uvKy8GsbBLRP
ToBo++67RmB05OTnRvqunrXoy0kJHBmmX0AmY3Mf7NmPC2tYccKDIieK1wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGDcWgA2jYrh+6mVQx8DpBMa3YqaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVmLzQzZDYz
YS1hOTM2LTQ1OTMtODgyNi1lYmIzOTgyYzJlYjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWYvNDNkNjNh
LWE5MzYtNDU5My04ODI2LWViYjM5ODJjMmViMC8xL1lOeGFBRGFOaXVIN3FaVkRI
d09rRXhyZGlwby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCw71kMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCgfTANBgkqhkiG9w0BAQsFAAOCAQEAIzeauTPpwFuCxf1/4q9TadF1aXPswdbN
bzuNMOQNhrlIm7nPQ2vfvh71ymUmFfH8eiZa0Vm35fNkXM3p2lkQ1MacscTNUDZs
8ijo9Q7ii+8he1ahC5iAj9qG2gmX7kNSNY7ql/5BQ/WomnLrAJwum+58uUgtN2wL
HpMG5c3F2w6kNlHpbnNhzLYaNXIUkdgqZfdHvGAvOQF64unIHYOjyp7FBIwaFA9I
sPWAAxPu44iOWA+rC3xGIbi9Qi/jnEo0JafMVgc/ARA85e/7OOqk2cNnWJly4Vmr
rg2kk3Rye08tyi62MYHZSWMsYZ0GvsmspjUed2P+syPz//EUxeP+dQ==
-----END CERTIFICATE-----