Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YWeZlkXhW2Umig2TuxTE9RckRRs.cer
File:                     YWeZlkXhW2Umig2TuxTE9RckRRs.cer (raw, json)
Hash identifier:          QRiePHenTMXEwzODxamNhrdoslmPUxrGSaYBk0eXedA=
Subject key identifier:   61:67:99:96:45:E1:5B:65:26:8A:0D:93:BB:14:C4:F5:17:24:45:1B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3BC5D248105A333067F05B4988158
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/YWeZlkXhW2Umig2TuxTE9RckRRs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:49:06 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 6750
                          IP: 194.145.140.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bc:5d:24:81:05:a3:33:06:7f:05:b4:98:81:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6167999645e15b65268a0d93bb14c4f51724451b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a0:df:70:70:83:b2:4d:71:53:f7:f0:ff:24:
                    b7:4e:84:56:e9:49:fe:09:d7:68:92:22:91:06:f9:
                    8d:17:2e:75:55:d6:12:9a:6e:94:30:42:9a:10:00:
                    e0:83:9a:6a:6e:21:48:d8:ba:89:aa:70:8e:b6:0a:
                    86:16:5d:51:e1:0b:7e:72:2d:2b:4d:46:13:8a:e3:
                    65:67:63:29:02:c7:19:29:2a:92:f3:c5:5b:bb:c5:
                    68:14:c0:07:ec:66:bc:2b:6c:a3:83:6a:c3:3f:0c:
                    16:5a:11:b5:12:9a:df:28:9b:53:19:7b:1e:0c:ed:
                    b8:44:25:de:b1:a1:cd:13:44:e3:a5:1b:9d:96:4a:
                    db:e9:72:96:9b:08:99:eb:88:e8:57:ce:f1:b2:82:
                    f6:03:86:79:ba:5b:0a:ff:cc:8c:27:98:06:94:d2:
                    04:33:85:51:9c:7c:ec:17:bc:c3:10:00:87:8b:56:
                    5c:db:44:68:c1:0e:2b:67:41:c6:0c:84:c7:d7:e9:
                    5b:a7:58:81:88:ec:25:70:48:58:f1:cf:e0:1e:4c:
                    4b:b2:f3:38:f6:cc:cc:dc:7b:59:dc:81:ea:8b:ea:
                    d2:45:8b:05:8b:67:6f:eb:ce:16:a1:c8:f2:24:df:
                    c2:a4:9b:12:07:12:a5:05:d1:ab:41:65:7b:49:85:
                    2d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:67:99:96:45:E1:5B:65:26:8A:0D:93:BB:14:C4:F5:17:24:45:1B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/YWeZlkXhW2Umig2TuxTE9RckRRs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.140.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  6750

    Signature Algorithm: sha256WithRSAEncryption
         8a:54:6b:df:5f:c0:f9:f0:96:05:e3:c5:00:6a:7a:5e:6e:01:
         58:15:2a:68:39:b2:64:fe:cd:f2:aa:bd:a8:91:9b:b3:07:63:
         a9:47:1b:17:9f:af:ed:b0:d9:60:7e:3b:37:11:59:30:6a:4f:
         99:65:b1:33:8f:77:77:69:4b:46:d7:94:f8:cd:5f:90:66:75:
         6e:1f:39:c4:22:a7:3d:34:c7:04:2c:0d:e2:05:4d:9e:83:5e:
         45:62:f6:0b:ef:fe:33:e1:7a:d5:ee:67:74:ba:96:1c:15:51:
         4f:71:9e:bf:b6:4c:f7:ad:1d:52:9f:37:a2:fb:06:5d:13:26:
         4a:db:0e:8d:e2:17:02:53:89:80:de:b6:c2:d9:00:a1:e4:28:
         ff:80:fa:65:57:34:00:69:f7:0d:7f:79:2e:65:6e:47:46:f5:
         fe:68:ef:a9:12:54:59:da:a3:34:9e:0f:62:f2:eb:3d:fc:5d:
         74:d5:3c:c9:1c:76:9b:0e:d3:eb:7d:01:8b:27:9e:7b:6e:1f:
         1a:6d:e4:3f:20:97:65:9f:6d:e2:1e:e5:34:90:52:04:27:12:
         c6:cd:14:e6:4b:39:5f:77:6e:02:f1:1f:dd:89:e9:fc:bb:4b:
         53:1b:a6:0c:28:a1:69:4c:20:e6:33:5a:5a:cd:a0:90:8e:e2:
         9e:21:36:9f
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQks7xdJIEFozMGfwW0mIFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTY3OTk5NjQ1ZTE1YjY1MjY4YTBkOTNiYjE0YzRmNTE3MjQ0NTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqDfcHCDsk1xU/fw/yS3ToRW6Un+
CddokiKRBvmNFy51VdYSmm6UMEKaEADgg5pqbiFI2LqJqnCOtgqGFl1R4Qt+ci0r
TUYTiuNlZ2MpAscZKSqS88Vbu8VoFMAH7Ga8K2yjg2rDPwwWWhG1EprfKJtTGXse
DO24RCXesaHNE0TjpRudlkrb6XKWmwiZ64joV87xsoL2A4Z5ulsK/8yMJ5gGlNIE
M4VRnHzsF7zDEACHi1Zc20RowQ4rZ0HGDITH1+lbp1iBiOwlcEhY8c/gHkxLsvM4
9szM3HtZ3IHqi+rSRYsFi2dv684WocjyJN/CpJsSBxKlBdGrQWV7SYUtLQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFGFnmZZF4VtlJooNk7sUxPUXJEUbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzViL2QzMWEy
NS0yNTA3LTQ3MWQtYWRjNy04ODA3Zjk1YWU3NWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIvZDMxYTI1
LTI1MDctNDcxZC1hZGM3LTg4MDdmOTVhZTc1ZC8xL1lXZVpsa1hoVzJVbWlnMlR1
eFRFOVJja1JScy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwpGMMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AhpeMA0GCSqGSIb3DQEBCwUAA4IBAQCKVGvfX8D58JYF48UAanpebgFYFSpoObJk
/s3yqr2okZuzB2OpRxsXn6/tsNlgfjs3EVkwak+ZZbEzj3d3aUtG15T4zV+QZnVu
HznEIqc9NMcELA3iBU2eg15FYvYL7/4z4XrV7md0upYcFVFPcZ6/tkz3rR1Snzei
+wZdEyZK2w6N4hcCU4mA3rbC2QCh5Cj/gPplVzQAafcNf3kuZW5HRvX+aO+pElRZ
2qM0ng9i8us9/F101TzJHHabDtPrfQGLJ557bh8abeQ/IJdln23iHuU0kFIEJxLG
zRTmSzlfd24C8R/dien8u0tTG6YMKKFpTCDmM1pazaCQjuKeITaf
-----END CERTIFICATE-----