Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Y_3AmtVKOXxgTpShyWbiwpYFnME.cer
File:                     Y_3AmtVKOXxgTpShyWbiwpYFnME.cer (raw, json)
Hash identifier:          BsuoZU3Xf85F0Usb5MAoW8Am3TRRk4W0xtlQ8RSt3sg=
Subject key identifier:   63:FD:C0:9A:D5:4A:39:7C:60:4E:94:A1:C9:66:E2:C2:96:05:9C:C1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B789CCE045082F2EE69CF961467C4E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/Y_3AmtVKOXxgTpShyWbiwpYFnME.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:26 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.134.44.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:89:cc:e0:45:08:2f:2e:e6:9c:f9:61:46:7c:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63fdc09ad54a397c604e94a1c966e2c296059cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1f:04:a0:f6:d4:2c:e6:47:10:bc:2d:d7:da:
                    29:cb:f6:8e:48:7f:bc:49:d1:35:b9:c0:54:07:a6:
                    be:b0:cb:c2:29:19:5a:ab:89:f9:05:e9:3d:7f:ea:
                    21:50:bb:33:f3:48:1f:4b:12:34:95:d7:4f:18:e9:
                    99:30:2f:d3:99:fc:77:ed:9e:4e:3c:69:f1:7d:ce:
                    2e:f7:6a:d8:c5:da:38:95:f3:21:44:7c:ed:77:a9:
                    af:0f:31:58:61:05:a2:1b:42:bb:39:8b:16:8a:9f:
                    4e:90:59:90:d3:1d:ec:97:3c:c9:22:d0:82:3b:08:
                    06:49:42:46:3c:ee:26:5c:90:73:15:68:d9:3c:25:
                    cd:7f:67:56:81:db:02:0d:c3:de:e3:4e:23:3c:2e:
                    cf:e9:55:0e:46:3c:15:ab:4f:21:36:b1:ff:41:00:
                    91:87:6f:8c:f1:d3:7e:5f:ce:6c:fd:60:d0:b5:44:
                    f4:f6:85:4f:68:99:25:4b:6d:b8:eb:e0:3b:32:8d:
                    0a:c9:00:c7:6e:28:5d:09:36:a3:38:b4:92:5f:91:
                    95:48:eb:5b:24:22:76:77:b1:a5:94:d0:49:c1:4a:
                    bb:37:af:13:51:7e:09:b6:d8:ff:b7:bb:a7:f5:58:
                    d2:e2:04:26:02:ce:8b:76:2d:6d:78:39:e3:03:7b:
                    cf:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FD:C0:9A:D5:4A:39:7C:60:4E:94:A1:C9:66:E2:C2:96:05:9C:C1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/Y_3AmtVKOXxgTpShyWbiwpYFnME.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:ed:d3:52:cb:e3:d1:31:bc:31:a6:25:2a:96:47:f7:2e:01:
         51:49:c2:c0:0f:f1:71:d4:d3:85:fc:9c:96:cf:fe:9e:96:29:
         5f:a7:9a:9d:d6:8d:3f:b5:cc:4d:c1:75:19:2e:09:d6:b0:00:
         3e:fc:84:4c:09:3b:30:0e:d5:1f:f4:49:c8:e7:b4:06:2a:d4:
         85:c3:f8:9e:17:6a:d8:96:05:e7:01:82:88:3a:14:19:1d:02:
         89:1f:a5:28:1d:52:1a:16:ca:e2:a4:7c:45:0b:1e:c1:c7:dd:
         e5:3b:c0:ef:28:77:81:28:2f:23:14:a3:4b:ed:8d:e9:bf:1d:
         2b:ad:a7:22:cc:7e:d1:3f:7b:79:86:27:e2:b4:de:92:dd:e7:
         ef:94:24:dc:60:f5:59:e6:a0:7a:01:74:eb:cc:b0:97:97:01:
         5d:a5:53:e2:74:11:62:19:42:da:0b:47:32:47:ec:ad:d0:ae:
         72:40:ca:2d:32:34:ca:5f:dd:6d:30:87:d3:ec:46:f2:4c:ba:
         c2:5d:41:78:36:e6:28:12:c7:3a:c0:cb:1f:20:fc:e9:d1:9a:
         48:2c:45:65:45:da:13:b7:b0:c2:78:39:24:00:52:8f:00:6e:
         b5:f6:37:c0:53:51:45:43:c0:69:12:5f:1b:56:93:80:89:34:
         60:c1:d4:ee
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGt4nM4EUILy7mnPlhRnxOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2ZkYzA5YWQ1NGEzOTdjNjA0ZTk0YTFjOTY2ZTJjMjk2MDU5Y2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyR8EoPbULOZHELwt19opy/aOSH+8
SdE1ucBUB6a+sMvCKRlaq4n5Bek9f+ohULsz80gfSxI0lddPGOmZMC/Tmfx37Z5O
PGnxfc4u92rYxdo4lfMhRHztd6mvDzFYYQWiG0K7OYsWip9OkFmQ0x3slzzJItCC
OwgGSUJGPO4mXJBzFWjZPCXNf2dWgdsCDcPe404jPC7P6VUORjwVq08hNrH/QQCR
h2+M8dN+X85s/WDQtUT09oVPaJklS2246+A7Mo0KyQDHbihdCTajOLSSX5GVSOtb
JCJ2d7GllNBJwUq7N68TUX4Jttj/t7un9VjS4gQmAs6Ldi1teDnjA3vPOwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGP9wJrVSjl8YE6Uoclm4sKWBZzBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QyLzJkMGRh
NC1hNTMyLTRiMDMtOTA1NS00YTVjYmRiNTBlMjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDIvMmQwZGE0
LWE1MzItNGIwMy05MDU1LTRhNWNiZGI1MGUyOS8xL1lfM0FtdFZLT1h4Z1RwU2h5
V2Jpd3BZRm5NRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLYYsMA0GCSqGSIb3DQEBCwUAA4IBAQCb7dNS
y+PRMbwxpiUqlkf3LgFRScLAD/Fx1NOF/JyWz/6elilfp5qd1o0/tcxNwXUZLgnW
sAA+/IRMCTswDtUf9EnI57QGKtSFw/ieF2rYlgXnAYKIOhQZHQKJH6UoHVIaFsri
pHxFCx7Bx93lO8DvKHeBKC8jFKNL7Y3pvx0rracizH7RP3t5hifitN6S3efvlCTc
YPVZ5qB6AXTrzLCXlwFdpVPidBFiGULaC0cyR+yt0K5yQMotMjTKX91tMIfT7Eby
TLrCXUF4NuYoEsc6wMsfIPzp0ZpILEVlRdoTt7DCeDkkAFKPAG619jfAU1FFQ8Bp
El8bVpOAiTRgwdTu
-----END CERTIFICATE-----