Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Ykp_JQf8rb7NPStimOcPXUv-BLQ.cer
File:                     Ykp_JQf8rb7NPStimOcPXUv-BLQ.cer (raw, json)
Hash identifier:          W8XDxMeHwbvbAnBjy97H15apIVSV+xnl6jEkzfWoIe8=
Subject key identifier:   62:4A:7F:25:07:FC:AD:BE:CD:3D:2B:62:98:E7:0F:5D:4B:FE:04:B4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC794770459C1B2FCDD70976664F7D937
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c6/270e1a-089a-4090-8a9b-c822c838dfe9/1/Ykp_JQf8rb7NPStimOcPXUv-BLQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c6/270e1a-089a-4090-8a9b-c822c838dfe9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48607

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:77:04:59:c1:b2:fc:dd:70:97:66:64:f7:d9:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=624a7f2507fcadbecd3d2b6298e70f5d4bfe04b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:68:e5:22:c0:b7:70:21:1b:61:86:d1:66:06:
                    cb:86:20:86:5b:9c:0b:14:49:e5:d5:37:60:91:d5:
                    6a:db:06:81:12:3d:65:4d:8c:22:40:fd:c2:e0:9f:
                    ad:9c:2c:3f:30:f9:b2:ef:ea:4b:9a:a1:96:51:2c:
                    92:fc:ad:e3:d6:0e:be:c0:94:e8:1b:7d:89:6e:31:
                    2e:19:58:08:b7:45:34:50:c3:71:5f:3c:9d:3f:8a:
                    93:bc:94:aa:f8:ac:b4:ec:1e:0c:bf:31:bd:7c:a3:
                    59:c4:f8:78:38:8b:5c:33:f9:7b:09:db:27:38:7e:
                    80:88:39:d3:37:53:72:ff:d3:53:da:3b:91:d5:e5:
                    28:0c:29:f1:fa:87:26:8a:10:f4:f8:f5:46:99:6d:
                    54:05:e4:4c:83:53:e3:60:a7:65:31:d8:aa:f5:94:
                    26:db:13:ae:f2:aa:8e:8a:cf:72:72:ef:52:5e:69:
                    9f:a1:e9:be:6e:07:e6:35:5c:f9:d5:f5:3a:d0:da:
                    f4:78:c1:eb:68:0a:2a:8a:e9:d6:46:b9:46:d1:7b:
                    81:4d:b3:df:bc:dc:98:a4:cf:f3:4a:33:8b:39:a1:
                    f7:98:01:49:a9:2c:21:89:b7:02:b5:74:d3:28:08:
                    21:84:6d:52:68:6e:26:ef:6d:a1:28:bc:d5:a2:2b:
                    83:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:4A:7F:25:07:FC:AD:BE:CD:3D:2B:62:98:E7:0F:5D:4B:FE:04:B4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/270e1a-089a-4090-8a9b-c822c838dfe9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/270e1a-089a-4090-8a9b-c822c838dfe9/1/Ykp_JQf8rb7NPStimOcPXUv-BLQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48607

    Signature Algorithm: sha256WithRSAEncryption
         78:bc:8f:e1:67:c9:d8:4e:56:e3:75:1f:1b:8c:f1:69:92:f7:
         3c:a1:08:32:99:6e:90:8a:f2:3d:49:e8:a2:48:74:58:dd:b4:
         b6:8a:53:31:2b:29:9e:29:5a:69:71:3a:72:d7:59:4d:7b:f9:
         0d:3c:5f:e4:72:f9:57:c7:f1:57:2d:74:61:6c:f2:c2:0e:63:
         d0:99:18:10:2b:05:8c:69:c1:fb:a8:f1:66:49:6e:a8:45:b2:
         7c:aa:6d:c2:68:c9:66:96:f2:b7:e4:61:4e:50:b4:bd:df:06:
         89:88:73:95:ce:fc:b2:a0:82:b8:06:71:63:69:56:97:d5:30:
         43:1c:a6:bd:d0:ad:4b:85:6d:a5:f0:46:a5:4b:fb:a7:a4:7a:
         73:88:dc:f4:77:2d:01:71:59:e7:2d:5e:b1:9b:7f:84:74:b7:
         f5:c7:a3:90:f4:eb:2a:a5:c6:4e:22:47:f4:48:d1:8f:a4:5e:
         ae:ef:c6:d1:38:7f:8a:84:39:7d:9f:fa:c9:92:89:0c:e6:f8:
         86:b7:8a:b3:ae:c6:15:21:ca:1a:34:b5:11:d7:11:20:f7:f7:
         2f:51:7f:52:fc:70:d7:5d:17:c8:7e:ae:61:ec:20:e1:e2:da:
         78:04:a8:3e:34:99:80:08:f5:37:4f:7c:fc:c3:1b:33:a6:01:
         8c:f6:9c:57
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHlHcEWcGy/N1wl2Zk99k3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjRhN2YyNTA3ZmNhZGJlY2QzZDJiNjI5OGU3MGY1ZDRiZmUwNGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GjlIsC3cCEbYYbRZgbLhiCGW5wL
FEnl1TdgkdVq2waBEj1lTYwiQP3C4J+tnCw/MPmy7+pLmqGWUSyS/K3j1g6+wJTo
G32JbjEuGVgIt0U0UMNxXzydP4qTvJSq+Ky07B4MvzG9fKNZxPh4OItcM/l7Cdsn
OH6AiDnTN1Ny/9NT2juR1eUoDCnx+ocmihD0+PVGmW1UBeRMg1PjYKdlMdiq9ZQm
2xOu8qqOis9ycu9SXmmfoem+bgfmNVz51fU60Nr0eMHraAoqiunWRrlG0XuBTbPf
vNyYpM/zSjOLOaH3mAFJqSwhibcCtXTTKAghhG1SaG4m722hKLzVoiuDXwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGJKfyUH/K2+zT0rYpjnD11L/gS0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M2LzI3MGUx
YS0wODlhLTQwOTAtOGE5Yi1jODIyYzgzOGRmZTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzYvMjcwZTFh
LTA4OWEtNDA5MC04YTliLWM4MjJjODM4ZGZlOS8xL1lrcF9KUWY4cmI3TlBTdGlt
T2NQWFV2LUJMUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwC93zANBgkqhkiG9w0BAQsFAAOCAQEAeLyP4WfJ2E5W
43UfG4zxaZL3PKEIMplukIryPUnookh0WN20topTMSspnilaaXE6ctdZTXv5DTxf
5HL5V8fxVy10YWzywg5j0JkYECsFjGnB+6jxZkluqEWyfKptwmjJZpbyt+RhTlC0
vd8GiYhzlc78sqCCuAZxY2lWl9UwQxymvdCtS4VtpfBGpUv7p6R6c4jc9HctAXFZ
5y1esZt/hHS39cejkPTrKqXGTiJH9EjRj6Reru/G0Th/ioQ5fZ/6yZKJDOb4hreK
s67GFSHKGjS1EdcRIPf3L1F/Uvxw110XyH6uYewg4eLaeASoPjSZgAj1N098/MMb
M6YBjPacVw==
-----END CERTIFICATE-----