Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/y5ocuA-2NzLlMAR6HsVSn4yLGgY.cer
File:                     y5ocuA-2NzLlMAR6HsVSn4yLGgY.cer (raw, json)
Hash identifier:          qZSz3yDINat+WoGdIekGXNpkAfHd2nsA+HPXBToLhZ4=
Subject key identifier:   CB:9A:1C:B8:0F:B6:37:32:E5:30:04:7A:1E:C5:52:9F:8C:8B:1A:06
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFAA8D4462FDE2B281A8DF9472E2404
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a1/05bb43-4ae8-4b6d-b46c-113ede3aff79/1/y5ocuA-2NzLlMAR6HsVSn4yLGgY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a1/05bb43-4ae8-4b6d-b46c-113ede3aff79/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:28 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 201645
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a8:d4:46:2f:de:2b:28:1a:8d:f9:47:2e:24:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb9a1cb80fb63732e530047a1ec5529f8c8b1a06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ab:49:06:5b:69:0d:19:b4:db:db:3c:64:93:
                    20:31:f0:ab:e0:8b:bf:f6:93:b5:52:5c:f6:82:9f:
                    5b:d0:db:c9:b5:21:06:47:5d:6c:be:db:0a:16:67:
                    33:a5:90:9a:bf:da:b6:9d:2f:47:73:d8:d6:94:42:
                    98:e1:b8:f0:b4:c0:34:b0:9f:7b:5f:c1:2c:5d:02:
                    9b:2a:27:ad:0c:83:f4:6c:56:1b:70:75:55:5b:4b:
                    8c:08:85:a1:6b:b9:30:11:fa:ed:14:76:21:d8:35:
                    b4:a9:c3:15:46:23:1b:19:4d:51:ea:ac:54:41:dc:
                    c8:63:0a:db:39:67:da:78:63:24:99:1f:b3:86:77:
                    34:2b:ca:88:7f:6e:45:b7:0b:fb:c6:f8:65:45:bb:
                    36:2a:b8:c6:68:0b:a1:72:87:c4:80:6c:e4:65:a9:
                    18:28:de:fd:4b:05:1e:5f:89:bf:90:20:7d:65:48:
                    80:44:86:19:46:a4:bd:7f:58:d3:bd:61:78:07:3b:
                    6b:d3:ef:ee:e2:ab:de:52:d9:a0:fd:5d:01:a9:37:
                    96:4d:1f:6b:84:71:de:e8:2a:26:8e:6a:82:ab:6a:
                    ce:e3:49:13:96:d0:cf:52:7f:aa:ef:f2:4a:6a:af:
                    b6:6e:a8:8a:11:25:00:4d:1c:ae:a9:fb:ca:31:cc:
                    79:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:9A:1C:B8:0F:B6:37:32:E5:30:04:7A:1E:C5:52:9F:8C:8B:1A:06
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/05bb43-4ae8-4b6d-b46c-113ede3aff79/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/05bb43-4ae8-4b6d-b46c-113ede3aff79/1/y5ocuA-2NzLlMAR6HsVSn4yLGgY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201645

    Signature Algorithm: sha256WithRSAEncryption
         42:85:3d:e7:88:94:48:83:80:d4:76:6f:34:02:e8:19:16:95:
         81:fe:5d:70:38:61:69:ff:bc:ae:07:3e:76:3f:f7:e9:e6:c2:
         4d:ed:2a:cb:2b:13:08:bc:e2:06:39:58:79:4b:e6:e9:61:1e:
         9e:ae:9a:fc:34:ac:3b:3c:90:da:92:63:0f:08:b4:d8:e1:e0:
         a2:0b:29:e6:73:38:bd:e6:b9:39:4a:ab:d8:34:2d:c8:00:c2:
         e0:a6:08:c3:83:59:fd:2e:46:50:75:07:27:5a:41:90:bc:fc:
         f7:9c:ce:95:09:0a:09:59:fc:46:69:68:bb:0b:ab:8e:30:c4:
         29:9d:a2:89:ed:43:42:e0:b3:6f:fc:02:dd:9a:1d:f5:cd:30:
         35:fc:62:ef:69:a8:76:58:04:c1:95:4c:36:ae:10:c1:d4:02:
         36:18:44:0a:d8:b4:9c:89:8a:e4:da:0b:34:cd:c0:4c:9a:35:
         98:fa:6d:65:96:63:c9:01:9e:7b:07:95:be:87:cd:d7:ec:47:
         53:9d:3e:07:aa:8a:36:62:d9:ca:eb:bb:95:f3:89:07:b2:ce:
         4a:b2:35:7f:47:20:a6:7b:cd:ac:f8:1f:fe:3b:43:02:76:2e:
         14:29:28:70:0c:eb:a7:17:ef:18:1d:d5:1b:c6:3b:7a:6d:29:
         55:68:9f:b5
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQf+qjURi/eKygajflHLiQEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjlhMWNiODBmYjYzNzMyZTUzMDA0N2ExZWM1NTI5ZjhjOGIxYTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKtJBltpDRm029s8ZJMgMfCr4Iu/
9pO1Ulz2gp9b0NvJtSEGR11svtsKFmczpZCav9q2nS9Hc9jWlEKY4bjwtMA0sJ97
X8EsXQKbKietDIP0bFYbcHVVW0uMCIWha7kwEfrtFHYh2DW0qcMVRiMbGU1R6qxU
QdzIYwrbOWfaeGMkmR+zhnc0K8qIf25Ftwv7xvhlRbs2KrjGaAuhcofEgGzkZakY
KN79SwUeX4m/kCB9ZUiARIYZRqS9f1jTvWF4Bztr0+/u4qveUtmg/V0BqTeWTR9r
hHHe6ComjmqCq2rO40kTltDPUn+q7/JKaq+2bqiKESUATRyuqfvKMcx5PQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFMuaHLgPtjcy5TAEeh7FUp+MixoGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ExLzA1YmI0
My00YWU4LTRiNmQtYjQ2Yy0xMTNlZGUzYWZmNzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEvMDViYjQz
LTRhZTgtNGI2ZC1iNDZjLTExM2VkZTNhZmY3OS8xL3k1b2N1QS0yTnpMbE1BUjZI
c1ZTbjR5TEdnWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMTrTANBgkqhkiG9w0BAQsFAAOCAQEAQoU954iUSIOA
1HZvNALoGRaVgf5dcDhhaf+8rgc+dj/36ebCTe0qyysTCLziBjlYeUvm6WEenq6a
/DSsOzyQ2pJjDwi02OHgogsp5nM4vea5OUqr2DQtyADC4KYIw4NZ/S5GUHUHJ1pB
kLz895zOlQkKCVn8RmlouwurjjDEKZ2iie1DQuCzb/wC3Zod9c0wNfxi72modlgE
wZVMNq4QwdQCNhhECti0nImK5NoLNM3ATJo1mPptZZZjyQGeeweVvofN1+xHU50+
B6qKNmLZyuu7lfOJB7LOSrI1f0cgpnvNrPgf/jtDAnYuFCkocAzrpxfvGB3VG8Y7
em0pVWiftQ==
-----END CERTIFICATE-----