Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
File:                     YT0j8hITJ9kX1wjY_hUzgkVZWag.cer (raw, json)
Hash identifier:          jo62LQ1rW7lm292cff/jW2BPRm2C5JR/WSvhDDqkiSg=
Subject key identifier:   61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94D6E6E9B96C583C542B8EBF4234ED3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:32:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.209.208.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:6e:6e:9b:96:c5:83:c5:42:b8:eb:f4:23:4e:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=613d23f2121327d917d708d8fe153382455959a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:bb:7d:d1:d7:12:6d:a7:b4:df:e7:95:3a:65:
                    85:52:9a:1e:c0:b0:35:e4:7c:87:95:e1:b7:87:ed:
                    4c:ec:21:7f:20:22:cb:78:49:d0:2d:78:a3:9a:1d:
                    3d:fb:11:5d:8f:c6:e7:f1:01:a3:98:65:8a:fd:cd:
                    f1:a6:ce:00:b5:90:a7:b3:88:87:1e:9d:63:18:bd:
                    cb:1a:c1:27:e4:c2:7a:bc:2b:4f:13:f9:9b:77:d5:
                    c9:db:0d:cf:ca:0f:2a:94:46:c5:10:9c:35:2b:8d:
                    ec:ed:46:52:b2:d2:39:9c:90:50:55:06:33:30:ce:
                    dc:35:77:79:84:d2:09:ee:79:7e:6e:90:d5:eb:54:
                    7a:dd:0b:a0:e3:61:e6:d8:fe:4d:bb:c9:e8:b5:df:
                    f6:d3:b9:af:c7:98:f9:56:db:2b:77:ca:26:ed:a0:
                    60:94:37:62:65:7a:1e:3a:b9:e9:46:cd:fe:da:c4:
                    6a:f8:4f:a1:16:8c:1e:fb:77:4f:1e:51:4c:03:2b:
                    8c:2c:33:72:d6:d4:1a:50:c4:f4:8d:8d:cb:37:ba:
                    87:36:12:e7:04:8a:17:cb:80:35:da:a6:0b:b7:bf:
                    b8:d0:2e:9d:2a:ae:04:88:90:51:8a:72:54:d7:78:
                    b3:23:d6:37:b9:a2:0b:da:3d:6d:95:35:3c:cb:c9:
                    d2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:1e:a9:2a:3d:89:43:e7:b5:12:b5:65:06:a4:0d:73:1a:bf:
         04:47:38:ca:ac:63:96:52:7b:68:84:c2:63:ff:bf:f8:2b:e4:
         7e:9a:ba:51:b7:9c:5f:99:39:ea:1f:e3:15:30:ee:33:8c:a3:
         86:9d:c7:a2:c2:5a:7d:25:2c:42:b0:73:ad:e9:f9:8b:72:30:
         34:c6:26:f8:31:2f:26:18:b2:a4:87:fb:54:bd:17:7d:0b:20:
         35:aa:35:97:47:05:57:c8:dc:6f:68:1d:4d:f5:04:77:76:44:
         74:10:16:3c:4c:9d:c9:88:fa:6c:41:29:2b:5c:4c:03:7e:ea:
         2a:9a:49:fb:02:42:df:8d:63:9a:76:4d:81:1d:be:0a:71:a5:
         2e:74:b2:9b:93:29:5e:a9:d8:34:23:58:c9:5f:d3:d7:d8:b8:
         6b:b9:cb:b3:bc:7d:c7:9e:fd:cf:15:58:59:3e:e0:3b:7f:ae:
         40:b8:17:a8:98:5d:78:a2:f2:f8:8a:7d:31:44:8a:8b:74:64:
         5a:53:60:4f:fb:d9:08:b2:ad:42:05:2f:33:1c:d1:26:ba:33:
         6e:93:2c:70:14:ba:bf:c1:33:3b:94:da:4c:7d:36:f9:e7:44:
         5d:bf:5d:f9:8c:5e:4e:97:cb:fb:c6:f2:c2:9a:06:9e:f0:4b:
         27:20:3d:53
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzJTW5um5bFg8VCuOv0I07TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTNkMjNmMjEyMTMyN2Q5MTdkNzA4ZDhmZTE1MzM4MjQ1NTk1OWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Lt90dcSbae03+eVOmWFUpoewLA1
5HyHleG3h+1M7CF/ICLLeEnQLXijmh09+xFdj8bn8QGjmGWK/c3xps4AtZCns4iH
Hp1jGL3LGsEn5MJ6vCtPE/mbd9XJ2w3Pyg8qlEbFEJw1K43s7UZSstI5nJBQVQYz
MM7cNXd5hNIJ7nl+bpDV61R63Qug42Hm2P5Nu8notd/207mvx5j5Vtsrd8om7aBg
lDdiZXoeOrnpRs3+2sRq+E+hFowe+3dPHlFMAyuMLDNy1tQaUMT0jY3LN7qHNhLn
BIoXy4A12qYLt7+40C6dKq4EiJBRinJU13izI9Y3uaIL2j1tlTU8y8nSIQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGE9I/ISEyfZF9cI2P4VM4JFWVmoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwL2ZjZTZi
ZS0wODk2LTQ0ODctYWEzNC03YTYwNWJhNDBjMWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvZmNlNmJl
LTA4OTYtNDQ4Ny1hYTM0LTdhNjA1YmE0MGMxZS8xL1lUMGo4aElUSjlrWDF3allf
aFV6Z2tWWldhZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCudHQMA0GCSqGSIb3DQEBCwUAA4IBAQCwHqkq
PYlD57UStWUGpA1zGr8ERzjKrGOWUntohMJj/7/4K+R+mrpRt5xfmTnqH+MVMO4z
jKOGnceiwlp9JSxCsHOt6fmLcjA0xib4MS8mGLKkh/tUvRd9CyA1qjWXRwVXyNxv
aB1N9QR3dkR0EBY8TJ3JiPpsQSkrXEwDfuoqmkn7AkLfjWOadk2BHb4KcaUudLKb
kyleqdg0I1jJX9PX2LhrucuzvH3Hnv3PFVhZPuA7f65AuBeomF14ovL4in0xRIqL
dGRaU2BP+9kIsq1CBS8zHNEmujNukyxwFLq/wTM7lNpMfTb550Rdv135jF5Ol8v7
xvLCmgae8EsnID1T
-----END CERTIFICATE-----