Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yaf_ASy3LqhNG4PAAsMgPMAk5qY.cer
File:                     yaf_ASy3LqhNG4PAAsMgPMAk5qY.cer (raw, json)
Hash identifier:          ecHvvSJmdocsprFbGgHvxSe6o2a1ivPqQ9Rt1I1OkRs=
Subject key identifier:   C9:A7:FF:01:2C:B7:2E:A8:4D:1B:83:C0:02:C3:20:3C:C0:24:E6:A6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D7E714DB6C4319BE8E5B32A032B2C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/yaf_ASy3LqhNG4PAAsMgPMAk5qY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:30:04 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.28.11.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7e:71:4d:b6:c4:31:9b:e8:e5:b3:2a:03:2b:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9a7ff012cb72ea84d1b83c002c3203cc024e6a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:48:0f:96:ca:8e:6e:28:82:50:30:b4:0c:1f:
                    28:bc:92:60:16:30:9b:a2:f9:13:de:04:6a:9a:a6:
                    ef:85:b0:46:b8:d2:df:50:ad:c4:85:04:5e:35:e0:
                    3c:40:e9:b3:2a:98:a9:7f:11:3c:52:79:b2:8f:7f:
                    08:0f:2e:bc:5d:f5:16:8d:43:1e:18:56:8c:9d:06:
                    40:b8:38:6a:19:05:44:19:0e:13:85:32:4f:ac:1b:
                    1b:44:44:6a:b9:7c:2a:6e:7d:52:6a:84:eb:25:0b:
                    18:66:94:17:81:05:b3:3f:c3:ac:2b:8d:7f:05:89:
                    18:77:51:7a:85:a6:2b:a5:3f:ed:91:f3:73:2c:f9:
                    b1:3a:14:a3:9c:79:22:a6:48:ca:06:65:9a:05:64:
                    07:54:b1:41:04:35:1f:50:c8:da:bf:60:d2:34:1e:
                    e3:a1:e4:57:6f:b4:26:f7:67:7c:1a:0e:66:3f:dd:
                    06:46:48:6e:f7:ad:cc:96:4e:0f:02:d2:4c:23:0b:
                    25:bb:dc:c1:2f:66:3e:6f:27:fa:39:b4:88:45:30:
                    9a:e4:ba:ca:f5:a0:81:5b:3a:12:46:32:76:8a:24:
                    ef:eb:c7:fa:0d:73:02:ab:4d:06:b7:b5:cc:0d:a0:
                    d3:49:a4:3e:5a:42:bc:12:99:3f:46:62:b3:af:11:
                    35:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A7:FF:01:2C:B7:2E:A8:4D:1B:83:C0:02:C3:20:3C:C0:24:E6:A6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/yaf_ASy3LqhNG4PAAsMgPMAk5qY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:5f:eb:f6:66:49:2a:ed:1c:ee:41:d3:cb:81:85:40:05:79:
         e6:24:ba:2c:2d:55:36:ba:2a:7f:1e:c1:26:a4:ba:c7:a8:c4:
         c6:c5:70:45:73:aa:76:41:a2:a5:62:d9:8c:9a:73:fd:18:73:
         3d:e5:38:3c:fa:6e:d5:90:7b:c7:ad:da:2c:be:18:bc:fd:89:
         e8:0d:70:51:9e:7f:06:41:69:2b:58:4a:6b:00:67:b8:e0:80:
         e0:87:92:7a:ab:48:aa:60:06:99:50:dc:d2:27:96:f8:f5:89:
         e3:05:9e:3c:96:e8:b5:32:ed:a3:c8:d1:8c:89:56:8c:43:44:
         ec:17:20:e7:74:12:52:a9:c6:cf:e1:3a:0e:c7:78:88:71:c3:
         c3:de:f6:45:86:9c:74:33:10:36:5e:cc:7a:19:51:6d:b5:5d:
         d3:19:26:ed:19:62:f7:d8:60:79:14:9d:bf:97:2a:77:b6:a3:
         19:8b:28:48:4d:46:91:16:22:71:b4:84:e2:b0:ff:74:a2:b7:
         d7:fc:2c:71:13:54:3e:06:64:1a:55:6a:9f:ee:16:75:e2:b4:
         99:49:5b:9b:51:c0:dc:f1:56:7d:47:06:7b:01:03:ac:74:3b:
         da:af:12:b9:ed:21:0f:52:17:12:01:99:26:b5:de:80:45:ef:
         1a:e7:2a:9d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzCbX5xTbbEMZvo5bMqAyssMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWE3ZmYwMTJjYjcyZWE4NGQxYjgzYzAwMmMzMjAzY2MwMjRlNmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kgPlsqObiiCUDC0DB8ovJJgFjCb
ovkT3gRqmqbvhbBGuNLfUK3EhQReNeA8QOmzKpipfxE8Unmyj38IDy68XfUWjUMe
GFaMnQZAuDhqGQVEGQ4ThTJPrBsbRERquXwqbn1SaoTrJQsYZpQXgQWzP8OsK41/
BYkYd1F6haYrpT/tkfNzLPmxOhSjnHkipkjKBmWaBWQHVLFBBDUfUMjav2DSNB7j
oeRXb7Qm92d8Gg5mP90GRkhu963Mlk4PAtJMIwslu9zBL2Y+byf6ObSIRTCa5LrK
9aCBWzoSRjJ2iiTv68f6DXMCq00Gt7XMDaDTSaQ+WkK8Epk/RmKzrxE1gwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFMmn/wEsty6oTRuDwALDIDzAJOamMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRjLzQyZmIz
Yy02MWE2LTQ1Y2EtYTQ3ZS1kMmQxMjA5YzQ4MjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGMvNDJmYjNj
LTYxYTYtNDVjYS1hNDdlLWQyZDEyMDljNDgyNS8xL3lhZl9BU3kzTHFoTkc0UEFB
c01nUE1BazVxWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwRwLMA0GCSqGSIb3DQEBCwUAA4IBAQBHX+v2
Zkkq7RzuQdPLgYVABXnmJLosLVU2uip/HsEmpLrHqMTGxXBFc6p2QaKlYtmMmnP9
GHM95Tg8+m7VkHvHrdosvhi8/YnoDXBRnn8GQWkrWEprAGe44IDgh5J6q0iqYAaZ
UNzSJ5b49YnjBZ48lui1Mu2jyNGMiVaMQ0TsFyDndBJSqcbP4ToOx3iIccPD3vZF
hpx0MxA2Xsx6GVFttV3TGSbtGWL32GB5FJ2/lyp3tqMZiyhITUaRFiJxtITisP90
orfX/CxxE1Q+BmQaVWqf7hZ14rSZSVubUcDc8VZ9RwZ7AQOsdDvarxK57SEPUhcS
AZkmtd6ARe8a5yqd
-----END CERTIFICATE-----