Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yJsxCB1b3QjRj7zY-r7oHE-wUUY.cer
File:                     yJsxCB1b3QjRj7zY-r7oHE-wUUY.cer (raw, json)
Hash identifier:          72d6KDUq6cg2r0jkQJVdt5QPmIQG5ePA60lrSmMcPLM=
Subject key identifier:   C8:9B:31:08:1D:5B:DD:08:D1:8F:BC:D8:FA:BE:E8:1C:4F:B0:51:46
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0190D814690F887C5945640BB4D7DF5AB274
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki01.hel-fi.rpki.win:44595/repo/as60900/0/C89B31081D5BDD08D18FBCD8FABEE81C4FB05146.mft
caRepository:             rsync://rpki01.hel-fi.rpki.win:44595/repo/as60900/0/
Notify URL:               https://rpki01.hel-fi.rpki.win/rrdp/notification.xml
Certificate not before:   Mon 22 Jul 2024 01:35:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199177

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d8:14:69:0f:88:7c:59:45:64:0b:b4:d7:df:5a:b2:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 22 01:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c89b31081d5bdd08d18fbcd8fabee81c4fb05146
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e5:23:1e:a7:34:af:04:c1:6d:75:1a:de:4a:
                    77:f4:71:34:f2:08:ec:aa:a3:3e:4d:0e:a2:a8:1f:
                    2f:58:a7:7d:d2:85:4d:1f:d6:50:46:bb:28:d4:64:
                    2e:bf:6f:f5:a3:5f:29:74:c5:49:b4:d8:1b:83:8f:
                    db:fc:c0:d5:3c:fb:85:30:c9:20:e5:2a:00:4a:6d:
                    b9:d2:a5:27:24:56:3f:28:61:20:63:e2:c6:f2:15:
                    5d:cc:7d:1a:97:b6:91:4a:20:8b:78:d8:11:e3:c5:
                    5f:47:53:3b:5c:eb:16:10:5c:12:e4:5a:41:4b:58:
                    63:73:24:e7:df:0f:28:88:87:d2:3e:d0:65:92:16:
                    93:c9:d8:fc:82:46:38:9c:c8:39:37:da:ec:40:88:
                    72:73:22:45:52:bd:1d:17:69:13:c1:d8:37:57:81:
                    65:ad:17:d7:cd:82:77:59:52:5c:d6:69:e0:71:04:
                    8d:ac:46:78:11:86:97:39:48:66:b1:8c:f4:02:72:
                    cb:36:ed:d0:82:2e:fd:9d:96:74:e6:50:27:7a:f8:
                    f4:6a:46:e1:cb:d4:68:ff:c5:e4:05:5f:27:10:c6:
                    06:6e:f7:97:dc:2e:00:44:bc:aa:c6:a3:1c:53:2b:
                    26:9a:15:55:42:29:ad:60:5b:c1:b8:c3:7d:62:b3:
                    72:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:9B:31:08:1D:5B:DD:08:D1:8F:BC:D8:FA:BE:E8:1C:4F:B0:51:46
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki01.hel-fi.rpki.win:44595/repo/as60900/0/
                RPKI Manifest - URI:rsync://rpki01.hel-fi.rpki.win:44595/repo/as60900/0/C89B31081D5BDD08D18FBCD8FABEE81C4FB05146.mft
                RPKI Notify - URI:https://rpki01.hel-fi.rpki.win/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199177

    Signature Algorithm: sha256WithRSAEncryption
         ae:5a:55:6c:68:3f:3a:c7:7b:c3:e8:86:a5:ca:bf:d5:9f:3f:
         94:06:b5:40:59:56:4b:41:11:40:d7:ba:bb:17:b4:58:c2:da:
         6d:eb:b5:d3:f7:42:c0:6c:61:7e:60:fa:92:3c:bf:11:b5:e6:
         78:4f:a3:ff:93:fb:e2:08:e9:fb:b1:be:d4:bd:f9:9b:97:8a:
         c5:b1:83:ec:51:4e:74:bd:6e:1e:13:75:84:c6:63:a1:ab:96:
         d0:01:36:2c:23:d3:fb:9d:75:12:f6:71:64:2f:04:6f:a0:c6:
         04:0b:78:21:dd:3f:c2:c3:83:30:82:69:46:da:43:07:78:4a:
         ea:7c:65:84:40:72:8e:43:1d:e7:e2:2f:ec:b8:9a:14:d1:19:
         f7:32:f3:72:c5:25:36:5a:7f:99:df:f7:d0:ba:a1:ed:17:85:
         09:d2:2c:3c:3a:78:09:1f:23:bb:7b:73:12:2d:3a:d3:a9:b4:
         ff:42:12:22:d9:e3:09:e9:ad:1d:29:1a:2e:a9:17:8c:24:78:
         5b:0e:8c:aa:f3:f6:cb:77:5a:54:b8:95:89:7d:d2:83:dd:0e:
         70:e1:73:19:d3:5b:c9:6d:71:8c:3a:a7:74:94:29:8e:3e:a7:
         32:65:fb:6a:69:5c:46:ca:da:2f:43:d8:3f:76:8f:5f:d6:93:
         a5:c1:90:b5
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAZDYFGkPiHxZRWQLtNffWrJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzIyMDEzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODliMzEwODFkNWJkZDA4ZDE4ZmJjZDhmYWJlZTgxYzRmYjA1MTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuUjHqc0rwTBbXUa3kp39HE08gjs
qqM+TQ6iqB8vWKd90oVNH9ZQRrso1GQuv2/1o18pdMVJtNgbg4/b/MDVPPuFMMkg
5SoASm250qUnJFY/KGEgY+LG8hVdzH0al7aRSiCLeNgR48VfR1M7XOsWEFwS5FpB
S1hjcyTn3w8oiIfSPtBlkhaTydj8gkY4nMg5N9rsQIhycyJFUr0dF2kTwdg3V4Fl
rRfXzYJ3WVJc1mngcQSNrEZ4EYaXOUhmsYz0AnLLNu3Qgi79nZZ05lAnevj0akbh
y9Ro/8XkBV8nEMYGbveX3C4ARLyqxqMcUysmmhVVQimtYFvBuMN9YrNyqQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFMibMQgdW90I0Y+82Pq+6BxPsFFGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggECBggrBgEFBQcBCwSB9TCB8jBABggrBgEFBQcwBYY0cnN5
bmM6Ly9ycGtpMDEuaGVsLWZpLnJwa2kud2luOjQ0NTk1L3JlcG8vYXM2MDkwMC8w
LzBsBggrBgEFBQcwCoZgcnN5bmM6Ly9ycGtpMDEuaGVsLWZpLnJwa2kud2luOjQ0
NTk1L3JlcG8vYXM2MDkwMC8wL0M4OUIzMTA4MUQ1QkREMDhEMThGQkNEOEZBQkVF
ODFDNEZCMDUxNDYubWZ0MEAGCCsGAQUFBzANhjRodHRwczovL3Jwa2kwMS5oZWwt
ZmkucnBraS53aW4vcnJkcC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBM
oEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BT
bzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMKCTANBgkqhkiG9w0BAQsF
AAOCAQEArlpVbGg/Osd7w+iGpcq/1Z8/lAa1QFlWS0ERQNe6uxe0WMLabeu10/dC
wGxhfmD6kjy/EbXmeE+j/5P74gjp+7G+1L35m5eKxbGD7FFOdL1uHhN1hMZjoauW
0AE2LCPT+511EvZxZC8Eb6DGBAt4Id0/wsODMIJpRtpDB3hK6nxlhEByjkMd5+Iv
7LiaFNEZ9zLzcsUlNlp/md/30Lqh7ReFCdIsPDp4CR8ju3tzEi0606m0/0ISItnj
CemtHSkaLqkXjCR4Ww6MqvP2y3daVLiViX3Sg90OcOFzGdNbyW1xjDqndJQpjj6n
MmX7amlcRsraL0PYP3aPX9aTpcGQtQ==
-----END CERTIFICATE-----