Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yhXVNsDU6KVuFNzBRHfr4mlRb5w.cer
File:                     yhXVNsDU6KVuFNzBRHfr4mlRb5w.cer (raw, json)
Hash identifier:          5a1yQFYcQ+e+FH1oo9XtIjD+Ohz4MgGIF8FZ+FnIEfo=
Subject key identifier:   CA:15:D5:36:C0:D4:E8:A5:6E:14:DC:C1:44:77:EB:E2:69:51:6F:9C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC79545266A00668CB734CFBA403CB11F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3f/2743b7-fa7f-4aba-9ab8-509862a27654/1/yhXVNsDU6KVuFNzBRHfr4mlRb5w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3f/2743b7-fa7f-4aba-9ab8-509862a27654/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 31421

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:45:26:6a:00:66:8c:b7:34:cf:ba:40:3c:b1:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca15d536c0d4e8a56e14dcc14477ebe269516f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a3:2b:7c:59:c6:72:ef:03:f9:3b:70:de:74:
                    24:d2:98:e8:9f:5b:1d:e3:68:e6:ee:7c:70:73:dd:
                    10:36:91:7f:1d:a0:78:a8:58:3d:92:e5:66:a4:ec:
                    b4:b0:b3:e9:70:dd:ed:65:7d:16:a8:57:39:25:cf:
                    70:15:f5:ba:76:cb:96:45:1f:7f:bd:08:a0:0c:aa:
                    8f:9c:90:d7:84:18:8d:07:33:07:1d:68:49:8b:05:
                    60:27:f1:b3:b8:0b:81:0d:4d:bd:d6:7e:9e:9f:32:
                    0e:d5:50:7f:0a:eb:be:2a:99:fa:21:9c:c1:8e:6e:
                    93:8d:e6:30:3f:32:b9:0e:d5:1a:23:5b:29:fb:b7:
                    9e:34:2f:fc:15:e8:e0:31:b5:dc:c4:e1:36:e5:c6:
                    8f:dd:ef:5c:4d:a8:4e:55:27:66:00:98:5c:1c:86:
                    bf:56:13:d8:bf:1c:94:55:e1:38:66:e8:cf:15:fa:
                    ca:3f:e2:54:0f:7c:c0:1f:55:e7:f4:d6:fc:4e:03:
                    be:f4:9c:d8:16:7e:34:65:c4:a9:fd:27:6f:ed:2c:
                    48:35:fd:45:ae:4d:b2:8f:8f:b2:27:48:0c:7a:10:
                    93:fc:ce:00:4e:a5:74:a3:f9:45:1e:26:c6:50:fe:
                    3c:6e:cd:21:ab:42:33:c3:42:e2:dc:e6:6d:3e:d7:
                    76:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:15:D5:36:C0:D4:E8:A5:6E:14:DC:C1:44:77:EB:E2:69:51:6F:9C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2743b7-fa7f-4aba-9ab8-509862a27654/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2743b7-fa7f-4aba-9ab8-509862a27654/1/yhXVNsDU6KVuFNzBRHfr4mlRb5w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  31421

    Signature Algorithm: sha256WithRSAEncryption
         0b:9f:1b:4f:e6:dc:e0:ce:da:d6:99:22:4d:32:84:c4:49:47:
         ec:88:d3:49:f9:98:32:13:61:75:6d:13:42:b7:5d:92:30:79:
         b6:2a:44:47:52:4c:f3:24:05:3b:ef:00:3c:12:d0:95:06:eb:
         2e:9d:8e:6b:55:fc:91:6b:ab:3e:c5:8d:27:6d:bf:1c:18:80:
         78:c6:97:5b:52:1c:3f:5f:88:90:2e:0c:73:78:84:a6:a6:84:
         a9:df:9d:03:ba:af:bf:91:c0:b4:5f:81:aa:6e:bd:c2:0c:2f:
         c9:00:36:77:0c:7e:f9:e2:90:03:ef:de:f5:99:a9:64:b3:f9:
         fc:86:34:17:b7:e9:38:cf:c7:26:19:81:c9:24:08:a4:0f:3e:
         1e:6d:af:aa:a3:ab:19:06:cf:ec:65:57:c0:20:33:d2:66:c7:
         1c:bb:24:7c:a5:1c:0b:f0:25:04:d6:67:85:f4:a0:d2:f5:27:
         1d:dc:04:6f:00:aa:ce:42:44:16:ba:2a:ab:9a:d5:83:c1:fe:
         43:5c:a7:a3:92:32:2c:30:d3:3f:07:c8:d6:99:75:d0:30:0d:
         61:24:77:3c:13:37:e1:4b:6f:3a:d3:11:4e:77:3f:b0:cf:6d:
         45:5b:c3:aa:c8:15:80:43:5e:e7:4b:f2:8c:70:fd:1f:79:ab:
         ff:e1:c0:9e
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYzHlUUmagBmjLc0z7pAPLEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTE1ZDUzNmMwZDRlOGE1NmUxNGRjYzE0NDc3ZWJlMjY5NTE2ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKMrfFnGcu8D+Ttw3nQk0pjon1sd
42jm7nxwc90QNpF/HaB4qFg9kuVmpOy0sLPpcN3tZX0WqFc5Jc9wFfW6dsuWRR9/
vQigDKqPnJDXhBiNBzMHHWhJiwVgJ/GzuAuBDU291n6enzIO1VB/Cuu+Kpn6IZzB
jm6TjeYwPzK5DtUaI1sp+7eeNC/8FejgMbXcxOE25caP3e9cTahOVSdmAJhcHIa/
VhPYvxyUVeE4ZujPFfrKP+JUD3zAH1Xn9Nb8TgO+9JzYFn40ZcSp/Sdv7SxINf1F
rk2yj4+yJ0gMehCT/M4ATqV0o/lFHibGUP48bs0hq0Izw0Li3OZtPtd2kwIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFMoV1TbA1OilbhTcwUR36+JpUW+cMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNmLzI3NDNi
Ny1mYTdmLTRhYmEtOWFiOC01MDk4NjJhMjc2NTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2YvMjc0M2I3
LWZhN2YtNGFiYS05YWI4LTUwOTg2MmEyNzY1NC8xL3loWFZOc0RVNktWdUZOekJS
SGZyNG1sUmI1dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBkGCCsGAQUF
BwEIAQH/BAowCKAGMAQCAnq9MA0GCSqGSIb3DQEBCwUAA4IBAQALnxtP5tzgztrW
mSJNMoTESUfsiNNJ+ZgyE2F1bRNCt12SMHm2KkRHUkzzJAU77wA8EtCVBusunY5r
VfyRa6s+xY0nbb8cGIB4xpdbUhw/X4iQLgxzeISmpoSp350Duq+/kcC0X4Gqbr3C
DC/JADZ3DH754pAD7971malks/n8hjQXt+k4z8cmGYHJJAikDz4eba+qo6sZBs/s
ZVfAIDPSZsccuyR8pRwL8CUE1meF9KDS9Scd3ARvAKrOQkQWuiqrmtWDwf5DXKej
kjIsMNM/B8jWmXXQMA1hJHc8EzfhS2860xFOdz+wz21FW8OqyBWAQ17nS/KMcP0f
eav/4cCe
-----END CERTIFICATE-----