Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yUdA5l6Gx6ybnl3XvPTwlrlkkdo.cer
File:                     yUdA5l6Gx6ybnl3XvPTwlrlkkdo.cer (raw, json)
Hash identifier:          zfQUsEGGNq24EvbiVirbVjjZPX/LIhcu9mxKAv+S8gc=
Subject key identifier:   C9:47:40:E6:5E:86:C7:AC:9B:9E:5D:D7:BC:F4:F0:96:B9:64:91:DA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC725E3C3350D0CDDB9864E52144B66FD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/9/C94740E65E86C7AC9B9E5DD7BCF4F096B96491DA.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/9/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:29:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210502

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:e3:c3:35:0d:0c:dd:b9:86:4e:52:14:4b:66:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c94740e65e86c7ac9b9e5dd7bcf4f096b96491da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d0:50:ca:af:09:de:27:40:f0:d1:55:78:33:
                    0a:63:9f:6d:2d:ee:d7:3f:2d:46:90:66:f8:e8:3c:
                    ee:e5:c0:06:e9:ff:95:74:24:b0:30:5f:fd:b9:84:
                    5a:5a:a3:2b:3f:79:e9:75:d1:2f:6d:b7:77:89:af:
                    b8:75:83:19:11:17:a0:79:6b:10:69:52:95:f1:e3:
                    6e:bf:37:06:6f:8e:20:8f:cf:c7:da:41:70:fa:24:
                    7b:f6:59:fd:8d:d1:09:5e:b3:4d:9f:00:9f:80:9e:
                    a6:5d:51:7f:65:a3:d1:cb:74:dc:e6:1c:c5:80:f8:
                    33:6e:16:f6:55:c5:bf:bc:6f:94:bc:dc:bb:75:d5:
                    06:34:af:90:e9:f6:6a:4e:11:b1:06:f6:3a:1e:0c:
                    51:85:29:0f:07:ef:a4:67:c6:09:a0:78:97:da:6a:
                    cf:17:25:22:6c:47:fb:d0:33:f9:38:0c:e4:e1:ae:
                    6a:2e:0a:21:f5:0b:d9:fa:af:2c:9c:0b:14:ff:42:
                    70:6c:42:07:f0:9f:6a:95:c9:35:9a:fc:18:c8:02:
                    09:f2:9c:9c:44:71:99:4a:fa:9d:33:98:7c:7f:7c:
                    b7:c5:56:9a:1b:f7:34:e8:4e:5c:b9:ed:45:0a:39:
                    10:20:ed:e6:56:d0:20:7c:0d:98:58:d5:1a:8e:17:
                    1b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:47:40:E6:5E:86:C7:AC:9B:9E:5D:D7:BC:F4:F0:96:B9:64:91:DA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/9/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/9/C94740E65E86C7AC9B9E5DD7BCF4F096B96491DA.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210502

    Signature Algorithm: sha256WithRSAEncryption
         77:20:51:c3:32:6d:64:31:86:44:4e:6a:c8:20:2e:60:ed:e8:
         94:bb:ff:9c:7c:01:59:ed:3e:cf:f8:ca:15:ff:c3:5e:00:04:
         e8:bb:32:f8:61:01:8e:92:bb:b0:9b:42:c4:93:e9:d7:a3:c1:
         ee:7c:31:a9:4c:bb:9a:1a:0f:8a:da:6d:96:99:33:7c:66:83:
         55:47:de:ef:2c:06:70:00:2a:c6:d5:72:b1:9d:cc:f2:17:8f:
         b3:8f:89:91:0f:9b:1e:10:09:fb:5b:f3:88:05:20:6a:e7:f8:
         f9:e1:97:1a:2c:00:db:31:0a:1a:ac:12:96:12:dd:32:b5:7c:
         9b:bf:13:a7:0a:32:fb:bc:9a:f1:41:9e:af:ad:9d:eb:b5:b7:
         21:32:be:c0:4b:9e:75:71:76:94:99:b1:69:8c:9e:8b:fe:40:
         21:5d:94:43:f6:19:fd:a0:31:aa:ca:a4:2f:f7:67:ee:0e:3e:
         5f:3a:24:62:00:29:d2:0c:f7:5f:65:d5:b7:28:43:7e:59:86:
         b5:b6:1a:03:47:c8:a8:29:dc:c2:6f:48:3e:aa:66:80:4b:59:
         09:49:aa:0f:ff:8a:a1:ef:8e:55:57:d3:b6:a7:67:5c:2e:8d:
         13:4c:07:79:83:bc:e0:cc:41:ae:eb:41:91:e6:e9:19:1d:cc:
         92:98:5c:93
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAYzHJePDNQ0M3bmGTlIUS2b9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTQ3NDBlNjVlODZjN2FjOWI5ZTVkZDdiY2Y0ZjA5NmI5NjQ5MWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdBQyq8J3idA8NFVeDMKY59tLe7X
Py1GkGb46Dzu5cAG6f+VdCSwMF/9uYRaWqMrP3npddEvbbd3ia+4dYMZERegeWsQ
aVKV8eNuvzcGb44gj8/H2kFw+iR79ln9jdEJXrNNnwCfgJ6mXVF/ZaPRy3Tc5hzF
gPgzbhb2VcW/vG+UvNy7ddUGNK+Q6fZqThGxBvY6HgxRhSkPB++kZ8YJoHiX2mrP
FyUibEf70DP5OAzk4a5qLgoh9QvZ+q8snAsU/0JwbEIH8J9qlck1mvwYyAIJ8pyc
RHGZSvqdM5h8f3y3xVaaG/c06E5cue1FCjkQIO3mVtAgfA2YWNUajhcbVQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFMlHQOZehsesm55d17z08Ja5ZJHaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdiNTc1
ZWE3LTc4NmYtNGIyZC1hNDU1LTc5ZDdmYzQzZWNlZS85LzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2I1
NzVlYTctNzg2Zi00YjJkLWE0NTUtNzlkN2ZjNDNlY2VlLzkvQzk0NzQwRTY1RTg2
QzdBQzlCOUU1REQ3QkNGNEYwOTZCOTY0OTFEQS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDNkYw
DQYJKoZIhvcNAQELBQADggEBAHcgUcMybWQxhkROasggLmDt6JS7/5x8AVntPs/4
yhX/w14ABOi7MvhhAY6Su7CbQsST6dejwe58MalMu5oaD4rabZaZM3xmg1VH3u8s
BnAAKsbVcrGdzPIXj7OPiZEPmx4QCftb84gFIGrn+PnhlxosANsxChqsEpYS3TK1
fJu/E6cKMvu8mvFBnq+tneu1tyEyvsBLnnVxdpSZsWmMnov+QCFdlEP2Gf2gMarK
pC/3Z+4OPl86JGIAKdIM919l1bcoQ35ZhrW2GgNHyKgp3MJvSD6qZoBLWQlJqg//
iqHvjlVX07anZ1wujRNMB3mDvODMQa7rQZHm6RkdzJKYXJM=
-----END CERTIFICATE-----