Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yjNIq_Fz0ndMiUIAjK321gEqPVI.cer
File:                     yjNIq_Fz0ndMiUIAjK321gEqPVI.cer (raw, json)
Hash identifier:          sSZTQfALT5F1cooHoW2Ok+AZSAsBTAXkg/n3QGyQXaU=
Subject key identifier:   CA:33:48:AB:F1:73:D2:77:4C:89:42:00:8C:AD:F6:D6:01:2A:3D:52
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CD3D12ECBA2385AC941DB0F5AED8CD105
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/31/026914-1612-45f4-acdf-2acb9d17c11c/1/yjNIq_Fz0ndMiUIAjK321gEqPVI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/31/026914-1612-45f4-acdf-2acb9d17c11c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 04 Jan 2024 09:32:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216417
                          IP: 2a04:5040::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d3:d1:2e:cb:a2:38:5a:c9:41:db:0f:5a:ed:8c:d1:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  4 09:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca3348abf173d2774c8942008cadf6d6012a3d52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:47:55:87:df:a1:7f:0f:fb:6d:16:38:6d:bb:
                    bb:35:31:84:84:05:34:18:ad:d0:c6:0b:bb:93:bd:
                    a8:27:7a:9b:bf:f3:db:b2:34:a2:6a:9a:0e:96:73:
                    17:3f:2b:52:fe:39:31:fd:e1:69:e2:d0:98:16:f8:
                    ac:57:92:75:48:b2:a1:f5:9a:85:25:00:79:f6:fd:
                    b7:4b:28:53:a4:89:f7:e7:a9:1a:31:df:39:b2:5c:
                    7d:7d:04:43:72:76:e4:cb:eb:fd:d5:59:66:17:57:
                    d0:2a:a7:c3:e5:e6:67:63:40:02:b6:3f:be:2e:46:
                    06:fa:d4:c2:4e:48:3c:d8:19:97:6c:41:fe:5d:16:
                    b8:4a:5a:30:70:64:44:51:dc:bf:de:51:ce:96:87:
                    b7:a1:90:69:30:81:40:62:84:6d:29:27:5b:e9:90:
                    84:02:98:43:86:f2:ad:77:5e:51:6b:3f:6d:50:43:
                    8a:b1:77:f2:c7:93:55:b5:cb:0b:8e:bf:d1:45:43:
                    79:0c:a1:dd:d0:ad:15:56:2f:73:99:1e:0c:69:3d:
                    d7:62:b8:24:89:a7:8d:b3:50:92:5c:ca:d6:1f:c4:
                    62:b1:0e:26:95:6c:47:2b:07:a3:0d:c2:8e:5e:df:
                    54:ce:c2:dc:5f:e5:6d:91:43:d2:7b:8d:4b:23:88:
                    6f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:33:48:AB:F1:73:D2:77:4C:89:42:00:8C:AD:F6:D6:01:2A:3D:52
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/026914-1612-45f4-acdf-2acb9d17c11c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/026914-1612-45f4-acdf-2acb9d17c11c/1/yjNIq_Fz0ndMiUIAjK321gEqPVI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5040::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216417

    Signature Algorithm: sha256WithRSAEncryption
         5e:6f:5d:66:16:6c:12:cb:92:51:b1:7b:cc:ec:60:7f:64:13:
         5c:f3:22:56:6a:9f:a7:2f:b6:2c:6a:32:bc:72:73:cd:46:c2:
         1b:49:cd:da:ee:8c:e4:b9:69:a6:b3:d2:37:cd:55:ea:a0:2c:
         c9:76:0a:e9:86:63:96:05:25:45:02:6a:ac:23:17:e2:49:56:
         02:99:24:d0:3c:da:a9:90:87:7c:0f:e6:1c:e8:f7:23:87:40:
         9c:f8:3a:81:ce:45:96:7a:2e:3e:fc:7a:8d:13:32:bd:49:cf:
         7f:0a:d0:89:49:16:1b:b0:ff:ce:66:6f:75:21:43:35:d6:c1:
         04:3b:5c:50:27:a4:5b:4e:41:a0:1f:b5:6d:52:12:10:e9:5d:
         20:89:86:9e:79:ea:c4:30:8d:f7:4f:07:89:07:33:ef:37:a9:
         2c:6a:08:8f:00:52:31:46:75:fb:63:18:81:f9:78:13:9a:23:
         fc:f5:c3:a3:73:b3:32:4e:7b:e5:75:56:f9:71:29:0b:5c:d4:
         2f:a6:d6:12:12:2b:1b:bb:71:fa:93:6d:39:ca:65:7e:00:75:
         a6:64:3e:9d:34:6b:b8:a8:ba:2e:0b:6e:f1:c1:eb:01:49:5a:
         65:4f:d3:f8:84:f8:ee:9c:ec:34:6d:9d:36:b7:87:96:cb:43:
         35:9c:4e:09
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYzT0S7LojhayUHbD1rtjNEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTA0MDkzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTMzNDhhYmYxNzNkMjc3NGM4OTQyMDA4Y2FkZjZkNjAxMmEzZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0dVh9+hfw/7bRY4bbu7NTGEhAU0
GK3Qxgu7k72oJ3qbv/PbsjSiapoOlnMXPytS/jkx/eFp4tCYFvisV5J1SLKh9ZqF
JQB59v23SyhTpIn356kaMd85slx9fQRDcnbky+v91VlmF1fQKqfD5eZnY0ACtj++
LkYG+tTCTkg82BmXbEH+XRa4SlowcGREUdy/3lHOloe3oZBpMIFAYoRtKSdb6ZCE
AphDhvKtd15Raz9tUEOKsXfyx5NVtcsLjr/RRUN5DKHd0K0VVi9zmR4MaT3XYrgk
iaeNs1CSXMrWH8RisQ4mlWxHKwejDcKOXt9UzsLcX+VtkUPSe41LI4hvfwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFMozSKvxc9J3TIlCAIyt9tYBKj1SMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMxLzAyNjkx
NC0xNjEyLTQ1ZjQtYWNkZi0yYWNiOWQxN2MxMWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzEvMDI2OTE0
LTE2MTItNDVmNC1hY2RmLTJhY2I5ZDE3YzExYy8xL3lqTklxX0Z6MG5kTWlVSUFq
SzMyMWdFcVBWSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUAKgRQQDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDTWEwDQYJKoZIhvcNAQELBQADggEBAF5vXWYWbBLLklGxe8zsYH9kE1zzIlZq
n6cvtixqMrxyc81GwhtJzdrujOS5aaaz0jfNVeqgLMl2CumGY5YFJUUCaqwjF+JJ
VgKZJNA82qmQh3wP5hzo9yOHQJz4OoHORZZ6Lj78eo0TMr1Jz38K0IlJFhuw/85m
b3UhQzXWwQQ7XFAnpFtOQaAftW1SEhDpXSCJhp556sQwjfdPB4kHM+83qSxqCI8A
UjFGdftjGIH5eBOaI/z1w6NzszJOe+V1VvlxKQtc1C+m1hISKxu7cfqTbTnKZX4A
daZkPp00a7ioui4LbvHB6wFJWmVP0/iE+O6c7DRtnTa3h5bLQzWcTgk=
-----END CERTIFICATE-----