Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/You5JTbCD0KwW-UywNuquYt1XzU.cer
File:                     You5JTbCD0KwW-UywNuquYt1XzU.cer (raw, json)
Hash identifier:          QzmBoFOHKF/MAGgIMw+JjvpgIs2dmJLnQIsdQjd3NiM=
Subject key identifier:   62:8B:B9:25:36:C2:0F:42:B0:5B:E5:32:C0:DB:AA:B9:8B:75:5F:35
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196ED891B5359629F2CD482E3174119EEBE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/76/205dbe-7714-4d0e-9473-2bce81a431eb/1/You5JTbCD0KwW-UywNuquYt1XzU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/76/205dbe-7714-4d0e-9473-2bce81a431eb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 20 May 2025 11:51:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 35596
                          IP: 194.126.210.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:89:1b:53:59:62:9f:2c:d4:82:e3:17:41:19:ee:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 20 11:51:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=628bb92536c20f42b05be532c0dbaab98b755f35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:83:dc:48:aa:f2:d0:ef:21:a7:4d:bb:b1:0b:
                    12:5f:6a:9d:42:d7:74:7e:1d:86:b5:62:5a:3e:a5:
                    fd:e2:de:4b:3f:7f:cb:16:2c:ae:aa:c3:f2:d5:5d:
                    10:ff:2f:c8:03:b3:36:e4:52:d7:83:51:87:f2:74:
                    b0:e4:73:66:58:94:8e:64:d6:ce:bc:5e:75:1e:44:
                    04:3e:81:55:3b:93:36:2c:bd:62:5e:a4:3d:26:35:
                    03:e7:ff:10:1e:03:98:f9:c7:41:21:60:86:8c:9c:
                    b6:90:04:43:bf:de:87:54:13:d3:c5:6e:d4:38:ac:
                    23:49:0e:7b:59:20:b3:5d:7c:e2:63:35:61:68:6c:
                    2b:61:96:91:0b:c1:fe:73:7d:36:57:c0:eb:dc:33:
                    b8:21:1a:05:68:f6:cb:1d:e3:c3:f2:94:db:56:c6:
                    53:4f:42:56:6a:38:5c:30:7e:26:f6:c8:89:b1:63:
                    3f:a2:8e:72:8d:60:70:b5:ab:b5:46:15:fb:c1:8b:
                    f7:a6:a4:56:45:3a:e6:3e:04:66:e1:6c:5b:09:c8:
                    0a:1e:b2:1e:16:15:93:57:db:99:68:78:82:cd:9f:
                    14:cc:86:fe:62:91:ae:90:cf:83:f3:5b:7a:ec:c6:
                    8a:df:6f:59:ba:fa:9e:71:45:f4:3b:89:86:8c:d3:
                    1a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:8B:B9:25:36:C2:0F:42:B0:5B:E5:32:C0:DB:AA:B9:8B:75:5F:35
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/205dbe-7714-4d0e-9473-2bce81a431eb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/205dbe-7714-4d0e-9473-2bce81a431eb/1/You5JTbCD0KwW-UywNuquYt1XzU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.210.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  35596

    Signature Algorithm: sha256WithRSAEncryption
         49:af:e6:ea:a7:b7:00:d3:61:19:c9:94:80:72:6f:aa:42:86:
         5a:a9:3c:22:51:fb:e9:b8:04:e5:ef:1e:9e:91:ed:c1:b8:73:
         4d:21:6d:5e:7f:e5:9e:8a:9f:e6:3c:45:90:82:0e:bb:f2:4d:
         13:73:48:20:5e:35:8a:b5:b9:89:6d:6d:a8:e4:f3:62:3d:96:
         72:f4:79:4e:6d:3d:d5:bd:6c:f6:32:53:bd:b5:a6:24:7f:21:
         f6:bf:cd:3c:4c:4f:7d:2c:e7:cf:22:60:60:7b:f5:31:36:27:
         1d:58:27:93:86:73:db:91:4a:7d:5f:0a:5f:54:75:72:a1:6d:
         06:dd:89:9f:e2:bd:a6:2d:4e:44:4e:ed:f0:1f:4d:49:14:fb:
         f6:c4:e5:9f:0b:ed:e0:24:7d:77:bd:28:9f:12:f3:5c:30:6b:
         9b:c1:e6:98:4c:b0:3a:68:3c:ea:11:57:26:0a:4f:b4:37:bf:
         97:69:db:f9:e1:30:83:02:b2:46:05:1c:ef:b9:e9:f6:71:22:
         6f:bf:1d:cd:a4:0d:4a:62:7a:6a:e9:90:93:3c:3e:fc:d5:44:
         8a:51:c4:59:d6:88:a6:a6:dd:fb:aa:58:77:35:f2:e1:66:65:
         61:6a:8f:91:78:a5:10:4c:3d:2c:7f:f4:e1:93:4d:f4:9f:79:
         9d:bd:df:7c
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZbtiRtTWWKfLNSC4xdBGe6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTIwMTE1MTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjhiYjkyNTM2YzIwZjQyYjA1YmU1MzJjMGRiYWFiOThiNzU1ZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIPcSKry0O8hp027sQsSX2qdQtd0
fh2GtWJaPqX94t5LP3/LFiyuqsPy1V0Q/y/IA7M25FLXg1GH8nSw5HNmWJSOZNbO
vF51HkQEPoFVO5M2LL1iXqQ9JjUD5/8QHgOY+cdBIWCGjJy2kARDv96HVBPTxW7U
OKwjSQ57WSCzXXziYzVhaGwrYZaRC8H+c302V8Dr3DO4IRoFaPbLHePD8pTbVsZT
T0JWajhcMH4m9siJsWM/oo5yjWBwtau1RhX7wYv3pqRWRTrmPgRm4WxbCcgKHrIe
FhWTV9uZaHiCzZ8UzIb+YpGukM+D81t67MaK329ZuvqecUX0O4mGjNMaNwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGKLuSU2wg9CsFvlMsDbqrmLdV81MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc2LzIwNWRi
ZS03NzE0LTRkMGUtOTQ3My0yYmNlODFhNDMxZWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYvMjA1ZGJl
LTc3MTQtNGQwZS05NDczLTJiY2U4MWE0MzFlYi8xL1lvdTVKVGJDRDBLd1ctVXl3
TnVxdVl0MVh6VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwn7SMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCLDDANBgkqhkiG9w0BAQsFAAOCAQEASa/m6qe3ANNhGcmUgHJvqkKGWqk8IlH7
6bgE5e8enpHtwbhzTSFtXn/lnoqf5jxFkIIOu/JNE3NIIF41irW5iW1tqOTzYj2W
cvR5Tm091b1s9jJTvbWmJH8h9r/NPExPfSznzyJgYHv1MTYnHVgnk4Zz25FKfV8K
X1R1cqFtBt2Jn+K9pi1ORE7t8B9NSRT79sTlnwvt4CR9d70onxLzXDBrm8HmmEyw
Omg86hFXJgpPtDe/l2nb+eEwgwKyRgUc77np9nEib78dzaQNSmJ6aumQkzw+/NVE
ilHEWdaIpqbd+6pYdzXy4WZlYWqPkXilEEw9LH/04ZNN9J95nb3ffA==
-----END CERTIFICATE-----