Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yABBYZAh42MorViY6Jl4cEa48Pk.cer
File:                     yABBYZAh42MorViY6Jl4cEa48Pk.cer (raw, json)
Hash identifier:          RNbYbSxOGRnCFCnj+ZbSSr3ETsdDFLUMUy/3mNhOZcs=
Subject key identifier:   C8:00:41:61:90:21:E3:63:28:AD:58:98:E8:99:78:70:46:B8:F0:F9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D473C63FA974C3AF3595E64B898AC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/yABBYZAh42MorViY6Jl4cEa48Pk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:50 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 47411
                          IP: 195.43.152.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 08:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:47:3c:63:fa:97:4c:3a:f3:59:5e:64:b8:98:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c80041619021e36328ad5898e899787046b8f0f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:29:c8:b2:c8:90:09:8e:40:40:35:6c:6f:d7:
                    01:41:d5:2b:ae:e6:7f:73:bb:09:11:2d:97:72:b6:
                    39:16:40:a9:67:12:05:64:91:54:50:db:29:55:e2:
                    3b:fa:74:0e:3d:7f:70:77:9c:b0:8f:15:bc:a0:7f:
                    df:f5:01:4d:28:ea:94:bf:e3:be:43:0a:2d:36:23:
                    5b:0f:f1:bb:a2:45:7a:ea:e7:bb:9c:61:7d:da:a3:
                    38:1f:d9:5f:bf:82:bd:79:61:29:60:b7:8d:6a:1b:
                    ed:91:3a:1d:b4:8a:f9:e1:13:33:d7:0e:86:d6:8a:
                    d9:2c:96:e2:e7:dd:bc:80:b7:14:aa:49:f1:26:2f:
                    6c:db:37:41:7e:61:91:da:6c:9a:a6:1f:42:38:c5:
                    c8:ec:63:1d:1b:60:1c:20:b0:c2:35:e5:51:3c:70:
                    2d:c1:a8:29:30:6e:80:18:8f:b2:24:69:01:77:82:
                    14:2e:8e:53:71:1d:b1:4a:09:c0:71:a9:05:da:41:
                    f0:99:26:b2:d4:a1:e7:72:3d:75:0a:2c:eb:43:d6:
                    84:2e:df:64:11:52:0b:a4:a8:aa:60:8a:eb:aa:b6:
                    c2:6f:a4:d6:62:42:c8:db:7d:11:22:0a:94:ef:e6:
                    30:f7:d8:d9:a3:7a:ac:79:d1:ee:9f:bb:b8:a5:f2:
                    54:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:00:41:61:90:21:E3:63:28:AD:58:98:E8:99:78:70:46:B8:F0:F9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/yABBYZAh42MorViY6Jl4cEa48Pk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.152.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47411

    Signature Algorithm: sha256WithRSAEncryption
         30:7f:9d:1e:a9:60:47:36:56:77:2b:55:0c:08:b7:1b:ec:e4:
         6b:21:fd:da:06:fa:88:62:f7:c7:bd:c0:af:b5:8b:ec:a1:9b:
         cc:de:17:df:22:28:93:70:26:6f:2a:23:91:22:53:bb:ed:7b:
         e8:ad:77:41:b6:e9:d3:1e:f5:6c:0d:34:a1:4c:3f:a2:7a:62:
         b6:40:21:85:20:bd:f5:bd:98:bf:f9:42:b5:57:19:88:a8:cc:
         67:38:1e:ef:fa:91:b6:11:9e:82:d8:c5:bf:27:94:7a:05:df:
         92:f9:9d:44:ab:6c:6d:2c:69:44:f8:ca:2b:e4:47:22:2f:34:
         7f:fb:0a:3c:ab:b9:0e:21:1b:05:5e:12:aa:72:16:2e:13:44:
         b1:c2:27:4e:9e:d0:aa:4c:d9:fa:57:f8:b6:64:ac:0f:2a:46:
         ce:22:80:ff:c9:18:ed:23:7b:8c:97:b0:8a:e6:f7:58:0a:62:
         78:33:4c:9b:59:b9:75:8e:58:b2:f1:50:21:fd:d6:49:40:b7:
         e7:6a:2e:24:11:5f:15:79:82:bd:00:51:a7:6c:1f:aa:43:56:
         68:2a:a4:9f:66:4d:ba:00:7a:d9:65:26:33:7d:83:fa:f3:43:
         46:3f:db:76:fb:bc:94:7d:86:7c:67:5e:82:2c:22:e4:dc:d3:
         15:82:3a:f0
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzCbUc8Y/qXTDrzWV5kuJisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODAwNDE2MTkwMjFlMzYzMjhhZDU4OThlODk5Nzg3MDQ2YjhmMGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSnIssiQCY5AQDVsb9cBQdUrruZ/
c7sJES2XcrY5FkCpZxIFZJFUUNspVeI7+nQOPX9wd5ywjxW8oH/f9QFNKOqUv+O+
QwotNiNbD/G7okV66ue7nGF92qM4H9lfv4K9eWEpYLeNahvtkTodtIr54RMz1w6G
1orZLJbi5928gLcUqknxJi9s2zdBfmGR2myaph9COMXI7GMdG2AcILDCNeVRPHAt
wagpMG6AGI+yJGkBd4IULo5TcR2xSgnAcakF2kHwmSay1KHncj11CizrQ9aELt9k
EVILpKiqYIrrqrbCb6TWYkLI230RIgqU7+Yw99jZo3qsedHun7u4pfJUkQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFMgAQWGQIeNjKK1YmOiZeHBGuPD5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NkLzY4NWM5
OS1jZmRmLTQyYTAtODQzNi1kMjk3ZGIyMzBhMTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2QvNjg1Yzk5
LWNmZGYtNDJhMC04NDM2LWQyOTdkYjIzMGExNC8xL3lBQkJZWkFoNDJNb3JWaVk2
Smw0Y0VhNDhQay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwyuYMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC5MzANBgkqhkiG9w0BAQsFAAOCAQEAMH+dHqlgRzZWdytVDAi3G+zkayH92gb6
iGL3x73Ar7WL7KGbzN4X3yIok3AmbyojkSJTu+176K13Qbbp0x71bA00oUw/onpi
tkAhhSC99b2Yv/lCtVcZiKjMZzge7/qRthGegtjFvyeUegXfkvmdRKtsbSxpRPjK
K+RHIi80f/sKPKu5DiEbBV4SqnIWLhNEscInTp7QqkzZ+lf4tmSsDypGziKA/8kY
7SN7jJewiub3WApieDNMm1m5dY5YsvFQIf3WSUC352ouJBFfFXmCvQBRp2wfqkNW
aCqkn2ZNugB62WUmM32D+vNDRj/bdvu8lH2GfGdegiwi5NzTFYI68A==
-----END CERTIFICATE-----