Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Ysv6JKSIMntzB3XjKdUaGSFhJTE.cer
File:                     Ysv6JKSIMntzB3XjKdUaGSFhJTE.cer (raw, json)
Hash identifier:          F7XG6UUX3dw5pc8c/Jd3khbX/hg8GqWJl/lGu7/gG90=
Subject key identifier:   62:CB:FA:24:A4:88:32:7B:73:07:75:E3:29:D5:1A:19:21:61:25:31
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9B88B4406A9B1D873A9CB4AF4CEA10B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fc/15fee7-d411-4c1d-a7cd-570d17f9f2a5/1/Ysv6JKSIMntzB3XjKdUaGSFhJTE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fc/15fee7-d411-4c1d-a7cd-570d17f9f2a5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:29:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 196956
                          IP: 109.71.232.0/21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b8:8b:44:06:a9:b1:d8:73:a9:cb:4a:f4:ce:a1:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62cbfa24a488327b730775e329d51a1921612531
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:df:58:2b:76:b0:80:2b:cd:cd:ff:bf:94:62:
                    6d:a2:de:32:fb:f3:fb:60:d8:4e:af:a1:d7:88:58:
                    70:36:a1:39:9e:36:49:1b:56:7b:33:59:b3:0f:27:
                    47:86:39:17:65:a7:ed:fc:16:a7:3f:1d:ef:b5:de:
                    80:fe:65:8a:90:74:8f:62:be:08:b3:c9:23:4c:32:
                    47:e1:42:b2:5c:bc:d6:89:20:03:a2:75:de:74:90:
                    76:c4:b6:2f:8a:5f:01:45:70:d1:e8:1b:88:eb:1d:
                    1b:85:5d:5d:2b:06:85:9b:53:1c:9a:81:e4:4b:d9:
                    33:c7:99:4f:7d:63:9d:7a:25:81:a3:d1:07:1b:ed:
                    ed:6c:a6:58:de:06:15:76:93:5a:f2:6f:9d:83:59:
                    c6:9d:65:a9:98:14:9a:74:b2:ce:1f:d2:17:d8:0d:
                    74:30:2e:d9:ee:59:29:a3:7e:63:e5:3e:15:15:65:
                    73:65:e2:4b:0b:82:69:95:3d:f1:89:fa:4d:ba:16:
                    79:cd:c3:5a:c6:6f:94:e2:ca:f1:d5:f4:f3:96:d4:
                    62:e2:60:e2:f3:eb:da:72:51:78:36:2b:2f:66:34:
                    29:ee:20:fd:7a:28:07:91:b4:b2:44:a0:b5:1f:03:
                    18:24:f5:36:95:0a:74:d8:9d:71:d5:15:09:27:5e:
                    b7:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:CB:FA:24:A4:88:32:7B:73:07:75:E3:29:D5:1A:19:21:61:25:31
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/15fee7-d411-4c1d-a7cd-570d17f9f2a5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/15fee7-d411-4c1d-a7cd-570d17f9f2a5/1/Ysv6JKSIMntzB3XjKdUaGSFhJTE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.232.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  196956

    Signature Algorithm: sha256WithRSAEncryption
         28:ff:27:24:3c:03:a3:74:90:2e:00:38:9e:25:e3:77:9f:68:
         c3:13:63:b4:02:81:2f:4c:65:8d:53:47:6a:ec:4e:04:4e:cc:
         cf:6a:2f:90:0b:02:86:d9:8b:98:b2:d0:74:28:f1:16:8d:27:
         83:7e:d5:5c:85:13:2a:dc:07:e1:02:10:5a:3c:2a:c1:4d:f3:
         fb:17:b1:25:24:2d:34:c4:de:be:4e:6a:05:4e:ea:f8:5b:1f:
         f6:a1:18:77:ca:eb:1c:9d:70:87:e1:ea:fe:f0:76:e5:7e:99:
         80:df:dd:5d:a6:34:e0:1b:02:a5:6c:b9:c0:0e:db:d5:89:81:
         8a:f8:9d:27:53:86:b2:10:ec:dc:92:f8:cd:8a:d4:1f:b3:2f:
         0f:53:d9:37:cb:5a:4b:4f:45:e2:48:77:34:75:95:a0:c7:65:
         62:bb:33:53:bc:22:61:ee:9f:c7:fe:16:f4:78:a2:2d:2e:8d:
         88:a2:a8:b0:c4:48:f6:f1:6b:70:dd:7b:28:b5:37:32:ab:9e:
         91:6a:51:92:66:97:3d:63:e1:b7:5e:19:22:29:7c:b5:27:3e:
         db:f1:dc:73:e5:90:fd:0e:a1:0c:2f:0e:ce:0a:88:f9:63:b9:
         c8:23:6b:55:d1:8b:8a:33:2e:0b:86:2d:13:b1:89:aa:c2:f9:
         4b:6a:5f:05
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzJuItEBqmx2HOpy0r0zqELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmNiZmEyNGE0ODgzMjdiNzMwNzc1ZTMyOWQ1MWExOTIxNjEyNTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1t9YK3awgCvNzf+/lGJtot4y+/P7
YNhOr6HXiFhwNqE5njZJG1Z7M1mzDydHhjkXZaft/BanPx3vtd6A/mWKkHSPYr4I
s8kjTDJH4UKyXLzWiSADonXedJB2xLYvil8BRXDR6BuI6x0bhV1dKwaFm1McmoHk
S9kzx5lPfWOdeiWBo9EHG+3tbKZY3gYVdpNa8m+dg1nGnWWpmBSadLLOH9IX2A10
MC7Z7lkpo35j5T4VFWVzZeJLC4JplT3xifpNuhZ5zcNaxm+U4srx1fTzltRi4mDi
8+vaclF4NisvZjQp7iD9eigHkbSyRKC1HwMYJPU2lQp02J1x1RUJJ163ewIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGLL+iSkiDJ7cwd14ynVGhkhYSUxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZjLzE1ZmVl
Ny1kNDExLTRjMWQtYTdjZC01NzBkMTdmOWYyYTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmMvMTVmZWU3
LWQ0MTEtNGMxZC1hN2NkLTU3MGQxN2Y5ZjJhNS8xL1lzdjZKS1NJTW50ekIzWGpL
ZFVhR1NGaEpURS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDbUfoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMBXDANBgkqhkiG9w0BAQsFAAOCAQEAKP8nJDwDo3SQLgA4niXjd59owxNjtAKB
L0xljVNHauxOBE7Mz2ovkAsChtmLmLLQdCjxFo0ng37VXIUTKtwH4QIQWjwqwU3z
+xexJSQtNMTevk5qBU7q+Fsf9qEYd8rrHJ1wh+Hq/vB25X6ZgN/dXaY04BsCpWy5
wA7b1YmBividJ1OGshDs3JL4zYrUH7MvD1PZN8taS09F4kh3NHWVoMdlYrszU7wi
Ye6fx/4W9HiiLS6NiKKosMRI9vFrcN17KLU3MquekWpRkmaXPWPht14ZIil8tSc+
2/Hcc+WQ/Q6hDC8OzgqI+WO5yCNrVdGLijMuC4YtE7GJqsL5S2pfBQ==
-----END CERTIFICATE-----