Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YNxaADaNiuH7qZVDHwOkExrdipo.cer
File:                     YNxaADaNiuH7qZVDHwOkExrdipo.cer (raw, json)
Hash identifier:          1RoX+8ijB/UtOcUPG722819yi/6xOW/vEmmH7iyyke4=
Subject key identifier:   60:DC:5A:00:36:8D:8A:E1:FB:A9:95:43:1F:03:A4:13:1A:DD:8A:9A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D778272158D14AE6180F426305C9CF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5f/43d63a-a936-4593-8826-ebb3982c2eb0/1/YNxaADaNiuH7qZVDHwOkExrdipo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5f/43d63a-a936-4593-8826-ebb3982c2eb0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:48:31 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 41085
                          IP: 195.189.100.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:78:27:21:58:d1:4a:e6:18:0f:42:63:05:c9:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60dc5a00368d8ae1fba995431f03a4131add8a9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:de:fa:bd:92:16:b2:91:0c:74:71:f2:fb:11:
                    08:7e:34:2e:5f:44:19:ac:fb:ef:3c:07:35:3d:74:
                    a1:46:36:96:b5:0e:eb:ad:e8:43:39:30:71:cf:11:
                    2e:3e:83:83:b8:b6:32:a0:8d:b5:4c:c5:ae:ca:75:
                    43:ca:c1:e5:44:60:e0:77:d7:8e:f2:e3:3b:cb:04:
                    71:b3:e3:dd:99:0c:dc:9c:31:c9:5a:f1:bb:e9:89:
                    7c:f5:8a:c5:be:f3:56:f3:b4:00:5b:52:4a:09:0a:
                    ce:bf:a4:04:e8:e5:37:a7:a9:09:89:ac:e3:3a:6c:
                    5b:fe:c5:70:7f:19:6a:50:df:39:25:ce:8f:f0:6c:
                    fd:07:52:e2:3f:18:07:3c:87:fa:5f:95:6e:db:ce:
                    67:2e:e1:d8:e3:65:28:af:1a:f9:ef:b9:82:06:f4:
                    f2:51:52:28:6d:a6:49:4e:29:a5:89:c9:a6:14:3a:
                    e6:e4:c3:ed:5a:d0:db:92:16:8e:8e:0f:25:4f:3b:
                    d6:2b:f8:b4:09:e1:d9:f8:fe:b6:ba:f2:b2:f0:6b:
                    1b:04:b4:4f:4e:80:68:fb:ee:bb:46:60:74:e4:e4:
                    e7:46:fa:ae:9e:b5:e8:cb:49:09:1c:19:a6:5f:40:
                    26:63:73:1f:ec:d9:8f:0b:6b:58:71:c2:83:22:27:
                    8a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DC:5A:00:36:8D:8A:E1:FB:A9:95:43:1F:03:A4:13:1A:DD:8A:9A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/43d63a-a936-4593-8826-ebb3982c2eb0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/43d63a-a936-4593-8826-ebb3982c2eb0/1/YNxaADaNiuH7qZVDHwOkExrdipo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.100.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41085

    Signature Algorithm: sha256WithRSAEncryption
         5b:61:82:27:8d:d6:4e:42:e7:94:2a:4a:3f:02:e5:ef:d8:76:
         cc:59:87:09:2c:59:06:97:a3:8d:77:13:cd:0e:ee:28:bd:62:
         2a:90:2d:2e:7f:9b:71:0d:85:cc:df:af:b8:28:ec:38:4d:d3:
         2d:d1:22:7e:eb:73:e1:3a:6e:4d:2c:e0:16:65:83:1b:1c:10:
         bd:e3:c5:84:e9:e6:0d:89:50:42:f0:78:e1:5f:95:83:45:6b:
         df:79:77:72:9e:c8:80:b7:45:4d:d6:ff:f3:3a:66:d7:be:84:
         46:6f:b7:30:7a:36:17:a8:a6:41:fe:c5:91:a6:9c:d9:cc:40:
         f7:41:c3:ab:9b:12:d3:94:6e:da:7d:84:ec:b3:53:55:c2:03:
         43:99:81:54:46:ca:56:8b:a3:cc:a1:bc:63:d8:0d:35:55:80:
         e2:df:1d:2b:c6:f1:0d:e0:a5:82:e1:9d:05:19:0d:6a:02:87:
         35:db:b0:76:f6:39:6e:89:c9:8b:99:27:f2:58:c2:13:40:56:
         ae:6a:4e:48:94:d5:e2:06:d0:c5:2c:0f:5d:ab:4e:e8:46:7b:
         9e:89:bd:b5:3c:62:bf:36:f4:fd:78:1a:af:b6:a1:2f:6d:b4:
         c7:07:e3:f9:33:53:a4:bb:6c:86:d3:6d:4b:9c:d7:b6:f9:0b:
         35:b9:26:b7
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQj13gnIVjRSuYYD0JjBcnPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRjNWEwMDM2OGQ4YWUxZmJhOTk1NDMxZjAzYTQxMzFhZGQ4YTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq976vZIWspEMdHHy+xEIfjQuX0QZ
rPvvPAc1PXShRjaWtQ7rrehDOTBxzxEuPoODuLYyoI21TMWuynVDysHlRGDgd9eO
8uM7ywRxs+PdmQzcnDHJWvG76Yl89YrFvvNW87QAW1JKCQrOv6QE6OU3p6kJiazj
Omxb/sVwfxlqUN85Jc6P8Gz9B1LiPxgHPIf6X5Vu285nLuHY42Uorxr577mCBvTy
UVIobaZJTimlicmmFDrm5MPtWtDbkhaOjg8lTzvWK/i0CeHZ+P62uvKy8GsbBLRP
ToBo++67RmB05OTnRvqunrXoy0kJHBmmX0AmY3Mf7NmPC2tYccKDIieK1wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGDcWgA2jYrh+6mVQx8DpBMa3YqaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVmLzQzZDYz
YS1hOTM2LTQ1OTMtODgyNi1lYmIzOTgyYzJlYjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWYvNDNkNjNh
LWE5MzYtNDU5My04ODI2LWViYjM5ODJjMmViMC8xL1lOeGFBRGFOaXVIN3FaVkRI
d09rRXhyZGlwby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCw71kMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCgfTANBgkqhkiG9w0BAQsFAAOCAQEAW2GCJ43WTkLnlCpKPwLl79h2zFmHCSxZ
BpejjXcTzQ7uKL1iKpAtLn+bcQ2FzN+vuCjsOE3TLdEifutz4TpuTSzgFmWDGxwQ
vePFhOnmDYlQQvB44V+Vg0Vr33l3cp7IgLdFTdb/8zpm176ERm+3MHo2F6imQf7F
kaac2cxA90HDq5sS05Ru2n2E7LNTVcIDQ5mBVEbKVoujzKG8Y9gNNVWA4t8dK8bx
DeClguGdBRkNagKHNduwdvY5bonJi5kn8ljCE0BWrmpOSJTV4gbQxSwPXatO6EZ7
nom9tTxivzb0/Xgar7ahL220xwfj+TNTpLtshtNtS5zXtvkLNbkmtw==
-----END CERTIFICATE-----