Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
File:                     YT0j8hITJ9kX1wjY_hUzgkVZWag.cer (raw, json)
Hash identifier:          QlrY87fGDADrM40p3HUAGtSNfZZt7fIXmo0zVbhlixo=
Subject key identifier:   61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143B81F04C59B9B3366DA35696C4399
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:47:53 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.209.208.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:b8:1f:04:c5:9b:9b:33:66:da:35:69:6c:43:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=613d23f2121327d917d708d8fe153382455959a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:bb:7d:d1:d7:12:6d:a7:b4:df:e7:95:3a:65:
                    85:52:9a:1e:c0:b0:35:e4:7c:87:95:e1:b7:87:ed:
                    4c:ec:21:7f:20:22:cb:78:49:d0:2d:78:a3:9a:1d:
                    3d:fb:11:5d:8f:c6:e7:f1:01:a3:98:65:8a:fd:cd:
                    f1:a6:ce:00:b5:90:a7:b3:88:87:1e:9d:63:18:bd:
                    cb:1a:c1:27:e4:c2:7a:bc:2b:4f:13:f9:9b:77:d5:
                    c9:db:0d:cf:ca:0f:2a:94:46:c5:10:9c:35:2b:8d:
                    ec:ed:46:52:b2:d2:39:9c:90:50:55:06:33:30:ce:
                    dc:35:77:79:84:d2:09:ee:79:7e:6e:90:d5:eb:54:
                    7a:dd:0b:a0:e3:61:e6:d8:fe:4d:bb:c9:e8:b5:df:
                    f6:d3:b9:af:c7:98:f9:56:db:2b:77:ca:26:ed:a0:
                    60:94:37:62:65:7a:1e:3a:b9:e9:46:cd:fe:da:c4:
                    6a:f8:4f:a1:16:8c:1e:fb:77:4f:1e:51:4c:03:2b:
                    8c:2c:33:72:d6:d4:1a:50:c4:f4:8d:8d:cb:37:ba:
                    87:36:12:e7:04:8a:17:cb:80:35:da:a6:0b:b7:bf:
                    b8:d0:2e:9d:2a:ae:04:88:90:51:8a:72:54:d7:78:
                    b3:23:d6:37:b9:a2:0b:da:3d:6d:95:35:3c:cb:c9:
                    d2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:78:8d:d7:86:49:63:cb:39:0b:8e:70:a7:11:f8:11:51:ad:
         12:d7:a9:63:fd:95:a5:1c:ac:fb:4f:f3:a6:d1:0d:c7:7d:65:
         fa:c3:4e:6b:60:83:7f:43:96:fb:9a:8b:62:ef:5c:ab:49:51:
         96:95:89:f8:1a:8a:cc:dc:9d:68:3d:ae:32:32:f0:ba:c5:50:
         0f:8f:40:e4:8f:2e:11:65:b5:27:4a:f8:bb:9a:22:88:c8:59:
         ae:b6:9b:b9:e6:15:ae:81:3b:3c:73:cd:ff:1d:f2:c6:9c:00:
         80:e8:21:3c:47:30:f7:33:ef:ee:db:d3:5d:f4:0b:a8:23:fc:
         4c:bd:ba:c3:b6:d5:68:8f:da:8e:0d:05:18:45:c0:1a:54:95:
         12:96:d3:b9:59:ba:79:b8:a0:47:08:18:d2:df:4d:5f:da:81:
         ec:54:f9:5c:2a:41:69:94:ba:5c:de:4a:cb:c3:c3:c3:01:37:
         bc:3f:27:00:65:04:cd:bf:6f:2f:53:50:63:69:89:e6:ec:94:
         5f:85:1c:c9:03:33:3a:1a:6b:23:08:62:50:73:fe:8f:48:5b:
         b6:bc:7e:91:b1:09:b3:ca:2c:af:d1:b8:34:ae:cf:9d:46:37:
         d0:c3:42:f9:a0:bb:15:fe:04:c0:02:a9:e2:5a:bf:1f:23:6c:
         3e:1d:8f:c3
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQhQ7gfBMWbmzNm2jVpbEOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTNkMjNmMjEyMTMyN2Q5MTdkNzA4ZDhmZTE1MzM4MjQ1NTk1OWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Lt90dcSbae03+eVOmWFUpoewLA1
5HyHleG3h+1M7CF/ICLLeEnQLXijmh09+xFdj8bn8QGjmGWK/c3xps4AtZCns4iH
Hp1jGL3LGsEn5MJ6vCtPE/mbd9XJ2w3Pyg8qlEbFEJw1K43s7UZSstI5nJBQVQYz
MM7cNXd5hNIJ7nl+bpDV61R63Qug42Hm2P5Nu8notd/207mvx5j5Vtsrd8om7aBg
lDdiZXoeOrnpRs3+2sRq+E+hFowe+3dPHlFMAyuMLDNy1tQaUMT0jY3LN7qHNhLn
BIoXy4A12qYLt7+40C6dKq4EiJBRinJU13izI9Y3uaIL2j1tlTU8y8nSIQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGE9I/ISEyfZF9cI2P4VM4JFWVmoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwL2ZjZTZi
ZS0wODk2LTQ0ODctYWEzNC03YTYwNWJhNDBjMWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvZmNlNmJl
LTA4OTYtNDQ4Ny1hYTM0LTdhNjA1YmE0MGMxZS8xL1lUMGo4aElUSjlrWDF3allf
aFV6Z2tWWldhZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCudHQMA0GCSqGSIb3DQEBCwUAA4IBAQAAeI3X
hkljyzkLjnCnEfgRUa0S16lj/ZWlHKz7T/Om0Q3HfWX6w05rYIN/Q5b7moti71yr
SVGWlYn4GorM3J1oPa4yMvC6xVAPj0Dkjy4RZbUnSvi7miKIyFmutpu55hWugTs8
c83/HfLGnACA6CE8RzD3M+/u29Nd9AuoI/xMvbrDttVoj9qODQUYRcAaVJUSltO5
Wbp5uKBHCBjS301f2oHsVPlcKkFplLpc3krLw8PDATe8PycAZQTNv28vU1BjaYnm
7JRfhRzJAzM6GmsjCGJQc/6PSFu2vH6RsQmzyiyv0bg0rs+dRjfQw0L5oLsV/gTA
AqniWr8fI2w+HY/D
-----END CERTIFICATE-----