Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yCvtvPe1Ng_uJFt6JV9mQLcnaWg.cer
File:                     yCvtvPe1Ng_uJFt6JV9mQLcnaWg.cer (raw, json)
Hash identifier:          THcQGtp6VK52iQMDdVuqTBundunatS+7SKdzMmm/TYI=
Subject key identifier:   C8:2B:ED:BC:F7:B5:36:0F:EE:24:5B:7A:25:5F:66:40:B7:27:69:68
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C79D1D9D923A3B82E71DC9B801384
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/yCvtvPe1Ng_uJFt6JV9mQLcnaWg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:48:07 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 43756
                          IP: 194.37.252.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:79:d1:d9:d9:23:a3:b8:2e:71:dc:9b:80:13:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c82bedbcf7b5360fee245b7a255f6640b7276968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cb:bc:97:6c:69:33:69:5c:e0:94:d1:11:99:
                    50:f2:00:d4:dd:7d:28:3d:9a:ae:13:c0:de:46:d3:
                    58:66:76:3c:24:a5:68:83:58:7a:ef:c3:73:e4:90:
                    3d:9e:e2:f9:fe:fb:f7:52:ad:7a:b9:81:88:cd:30:
                    fc:c2:18:de:1f:06:db:8b:8e:7c:20:e0:f8:84:17:
                    c4:39:e7:d6:8d:30:ae:60:83:8c:03:4f:ca:ee:c6:
                    1d:c1:91:a1:29:4a:31:e0:e8:24:c7:d4:5f:5b:8e:
                    6f:0a:77:ae:e3:94:bb:54:83:48:23:53:36:94:00:
                    d8:f4:94:39:48:90:4c:bd:fb:dc:7c:23:61:28:a4:
                    8e:28:13:43:65:1b:20:26:a4:71:61:67:5b:6e:91:
                    6b:0d:38:a8:32:c0:db:e5:00:2a:6b:05:44:2d:d7:
                    8f:50:ad:0c:77:d7:0c:5d:4b:8c:fe:87:78:e0:09:
                    44:c3:79:f4:fc:6b:94:bd:39:5d:96:6a:a0:4d:7c:
                    ac:9a:d5:0d:13:73:20:5b:3d:96:31:c3:d7:4d:28:
                    13:a8:5e:0f:44:fb:bd:b1:cb:51:0a:ba:34:c1:a0:
                    6d:1e:b5:38:02:91:09:bd:61:10:38:ca:63:c3:0e:
                    52:4f:b5:1d:e6:ae:ea:23:81:6a:79:33:2d:51:e7:
                    9a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:2B:ED:BC:F7:B5:36:0F:EE:24:5B:7A:25:5F:66:40:B7:27:69:68
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/yCvtvPe1Ng_uJFt6JV9mQLcnaWg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.37.252.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43756

    Signature Algorithm: sha256WithRSAEncryption
         86:9c:f6:03:95:9e:01:0d:53:04:07:e2:0d:d8:92:8b:66:9e:
         6e:7e:01:ce:66:f1:09:88:77:8b:ef:5b:f9:db:1f:3d:09:eb:
         ae:ea:d9:65:c1:14:9a:b5:2f:03:f4:df:92:6e:0f:51:c7:25:
         da:9e:29:07:ce:c6:62:2f:c3:8a:61:d4:2f:9d:81:65:9c:5b:
         3f:41:ab:92:68:c5:9e:04:54:6f:e0:82:13:83:96:51:29:32:
         b6:6c:3e:5d:86:1f:ae:e9:bf:52:ff:85:9d:2e:26:a3:7c:ba:
         f9:9f:d0:1b:8a:ca:f7:6b:1c:10:53:15:e6:02:1c:a8:a0:d2:
         fa:ea:a1:92:34:f8:0f:35:db:7b:89:23:8e:3a:94:94:a7:44:
         6d:32:d7:38:45:9c:1f:82:f5:20:18:ff:05:c4:0f:57:b5:d3:
         c5:04:38:2d:f6:08:f6:8d:e1:f5:53:af:db:09:46:40:85:0b:
         d8:65:5e:47:ad:7a:61:86:bc:56:85:ec:17:97:8c:e3:3e:f0:
         83:41:71:ef:2e:cf:43:9c:a3:03:4a:01:f9:56:54:ee:a2:27:
         b4:c7:03:29:f6:1b:41:bf:a7:45:58:91:a9:9e:0d:71:78:70:
         c3:76:51:5a:04:bd:5b:54:a2:d2:4d:53:1a:76:1b:07:0e:12:
         ba:da:37:f0
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQfjHnR2dkjo7gucdybgBOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODJiZWRiY2Y3YjUzNjBmZWUyNDViN2EyNTVmNjY0MGI3Mjc2OTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMu8l2xpM2lc4JTREZlQ8gDU3X0o
PZquE8DeRtNYZnY8JKVog1h678Nz5JA9nuL5/vv3Uq16uYGIzTD8whjeHwbbi458
IOD4hBfEOefWjTCuYIOMA0/K7sYdwZGhKUox4Ogkx9RfW45vCneu45S7VINII1M2
lADY9JQ5SJBMvfvcfCNhKKSOKBNDZRsgJqRxYWdbbpFrDTioMsDb5QAqawVELdeP
UK0Md9cMXUuM/od44AlEw3n0/GuUvTldlmqgTXysmtUNE3MgWz2WMcPXTSgTqF4P
RPu9sctRCro0waBtHrU4ApEJvWEQOMpjww5ST7Ud5q7qI4FqeTMtUeeaOQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFMgr7bz3tTYP7iRbeiVfZkC3J2loMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QxL2RkNTlk
OS1lYWRmLTQ3MTMtODk3Ny00MmZhM2NmYmI1MDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEvZGQ1OWQ5
LWVhZGYtNDcxMy04OTc3LTQyZmEzY2ZiYjUwMy8xL3lDdnR2UGUxTmdfdUpGdDZK
VjltUUxjbmFXZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwiX8MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCq7DANBgkqhkiG9w0BAQsFAAOCAQEAhpz2A5WeAQ1TBAfiDdiSi2aebn4Bzmbx
CYh3i+9b+dsfPQnrrurZZcEUmrUvA/Tfkm4PUccl2p4pB87GYi/DimHUL52BZZxb
P0GrkmjFngRUb+CCE4OWUSkytmw+XYYfrum/Uv+FnS4mo3y6+Z/QG4rK92scEFMV
5gIcqKDS+uqhkjT4DzXbe4kjjjqUlKdEbTLXOEWcH4L1IBj/BcQPV7XTxQQ4LfYI
9o3h9VOv2wlGQIUL2GVeR616YYa8VoXsF5eM4z7wg0Fx7y7PQ5yjA0oB+VZU7qIn
tMcDKfYbQb+nRViRqZ4NcXhww3ZRWgS9W1Si0k1TGnYbBw4Suto38A==
-----END CERTIFICATE-----