Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Y_3AmtVKOXxgTpShyWbiwpYFnME.cer
File:                     Y_3AmtVKOXxgTpShyWbiwpYFnME.cer (raw, json)
Hash identifier:          XRjqTDedVqUSwz+r41IL5IM6hGRWCLjLlcF+Fxwif2w=
Subject key identifier:   63:FD:C0:9A:D5:4A:39:7C:60:4E:94:A1:C9:66:E2:C2:96:05:9C:C1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01916AB72DE54E303BB08AE487454506751F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/Y_3AmtVKOXxgTpShyWbiwpYFnME.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 19 Aug 2024 12:57:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214338
                          IP: 45.134.44.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6a:b7:2d:e5:4e:30:3b:b0:8a:e4:87:45:45:06:75:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 19 12:57:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63fdc09ad54a397c604e94a1c966e2c296059cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1f:04:a0:f6:d4:2c:e6:47:10:bc:2d:d7:da:
                    29:cb:f6:8e:48:7f:bc:49:d1:35:b9:c0:54:07:a6:
                    be:b0:cb:c2:29:19:5a:ab:89:f9:05:e9:3d:7f:ea:
                    21:50:bb:33:f3:48:1f:4b:12:34:95:d7:4f:18:e9:
                    99:30:2f:d3:99:fc:77:ed:9e:4e:3c:69:f1:7d:ce:
                    2e:f7:6a:d8:c5:da:38:95:f3:21:44:7c:ed:77:a9:
                    af:0f:31:58:61:05:a2:1b:42:bb:39:8b:16:8a:9f:
                    4e:90:59:90:d3:1d:ec:97:3c:c9:22:d0:82:3b:08:
                    06:49:42:46:3c:ee:26:5c:90:73:15:68:d9:3c:25:
                    cd:7f:67:56:81:db:02:0d:c3:de:e3:4e:23:3c:2e:
                    cf:e9:55:0e:46:3c:15:ab:4f:21:36:b1:ff:41:00:
                    91:87:6f:8c:f1:d3:7e:5f:ce:6c:fd:60:d0:b5:44:
                    f4:f6:85:4f:68:99:25:4b:6d:b8:eb:e0:3b:32:8d:
                    0a:c9:00:c7:6e:28:5d:09:36:a3:38:b4:92:5f:91:
                    95:48:eb:5b:24:22:76:77:b1:a5:94:d0:49:c1:4a:
                    bb:37:af:13:51:7e:09:b6:d8:ff:b7:bb:a7:f5:58:
                    d2:e2:04:26:02:ce:8b:76:2d:6d:78:39:e3:03:7b:
                    cf:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FD:C0:9A:D5:4A:39:7C:60:4E:94:A1:C9:66:E2:C2:96:05:9C:C1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/Y_3AmtVKOXxgTpShyWbiwpYFnME.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.44.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214338

    Signature Algorithm: sha256WithRSAEncryption
         02:00:89:e6:8f:73:b3:1c:a6:de:1c:97:4f:c8:21:c2:02:65:
         60:e7:f7:a5:b2:91:d6:28:70:ed:0d:07:3b:97:48:80:3c:03:
         51:a2:4c:18:77:1b:93:67:74:0e:47:80:78:30:0a:6f:43:30:
         8e:57:22:2a:8c:a0:45:4c:64:43:e8:c9:5d:af:97:33:11:f0:
         5e:bb:cd:56:72:04:8c:36:d1:76:cf:97:41:7d:cf:4b:de:b4:
         8c:56:29:cb:00:d0:4c:5f:93:6e:0f:4e:05:2d:90:0f:68:df:
         f7:26:74:6e:7e:9e:ff:6b:93:c8:22:05:ac:ca:ca:0b:c0:96:
         00:13:db:7e:b1:34:fd:dd:a2:67:ee:af:62:80:8e:1b:7b:a9:
         e9:1d:5c:de:ce:b0:f5:fa:73:37:7f:62:71:07:45:6e:c1:56:
         88:aa:2e:8c:58:e4:03:bf:bd:96:17:6b:bf:1b:1a:f1:d2:bd:
         ce:2d:78:d2:2b:09:51:08:42:4f:96:c8:38:dd:56:3b:24:0d:
         6f:76:59:be:ad:11:34:72:88:41:cb:24:00:ec:53:d3:0b:31:
         72:dc:2d:40:26:d4:57:c9:a3:c0:17:9d:e5:80:27:0c:3c:cc:
         42:a1:00:b2:e9:43:d5:02:26:df:bd:3d:38:54:2b:a0:ba:6e:
         09:9a:da:26
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZFqty3lTjA7sIrkh0VFBnUfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODE5MTI1NzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2ZkYzA5YWQ1NGEzOTdjNjA0ZTk0YTFjOTY2ZTJjMjk2MDU5Y2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyR8EoPbULOZHELwt19opy/aOSH+8
SdE1ucBUB6a+sMvCKRlaq4n5Bek9f+ohULsz80gfSxI0lddPGOmZMC/Tmfx37Z5O
PGnxfc4u92rYxdo4lfMhRHztd6mvDzFYYQWiG0K7OYsWip9OkFmQ0x3slzzJItCC
OwgGSUJGPO4mXJBzFWjZPCXNf2dWgdsCDcPe404jPC7P6VUORjwVq08hNrH/QQCR
h2+M8dN+X85s/WDQtUT09oVPaJklS2246+A7Mo0KyQDHbihdCTajOLSSX5GVSOtb
JCJ2d7GllNBJwUq7N68TUX4Jttj/t7un9VjS4gQmAs6Ldi1teDnjA3vPOwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGP9wJrVSjl8YE6Uoclm4sKWBZzBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QyLzJkMGRh
NC1hNTMyLTRiMDMtOTA1NS00YTVjYmRiNTBlMjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDIvMmQwZGE0
LWE1MzItNGIwMy05MDU1LTRhNWNiZGI1MGUyOS8xL1lfM0FtdFZLT1h4Z1RwU2h5
V2Jpd3BZRm5NRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLYYsMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNFQjANBgkqhkiG9w0BAQsFAAOCAQEAAgCJ5o9zsxym3hyXT8ghwgJlYOf3pbKR
1ihw7Q0HO5dIgDwDUaJMGHcbk2d0DkeAeDAKb0MwjlciKoygRUxkQ+jJXa+XMxHw
XrvNVnIEjDbRds+XQX3PS960jFYpywDQTF+Tbg9OBS2QD2jf9yZ0bn6e/2uTyCIF
rMrKC8CWABPbfrE0/d2iZ+6vYoCOG3up6R1c3s6w9fpzN39icQdFbsFWiKoujFjk
A7+9lhdrvxsa8dK9zi140isJUQhCT5bION1WOyQNb3ZZvq0RNHKIQcskAOxT0wsx
ctwtQCbUV8mjwBed5YAnDDzMQqEAsulD1QIm3709OFQroLpuCZraJg==
-----END CERTIFICATE-----