Certificate

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
File:                     ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer (raw, json)
Hash identifier:          Rz6tM+AG4BgBTBDpJSyH45YP1nzzCS0MhOTghYl6cXg=
Subject key identifier:   65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       01D9C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Manifest:                 rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
caRepository:             rsync://krill.rg.net/repo/rpki-beacons-ca/0/
Notify URL:               https://krill.rg.net/rrdp/notification.xml
Certificate not before:   Wed 01 Apr 2026 02:45:15 +0000
Certificate not after:    Thu 01 Apr 2027 01:01:01 +0000
Subordinate resources:    IP: 45.132.188.0/22
                          IP: 147.28.10.0/23
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 03:46:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 121288 (0x1d9c8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Apr  1 02:45:15 2026 GMT
            Not After : Apr  1 01:01:01 2027 GMT
        Subject: CN=656E4422ABF129649200EB019A815F2B12236E92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:a4:ff:bc:05:cb:cc:5c:56:04:71:12:51:75:
                    e0:47:5d:64:4b:29:02:1f:1f:56:b9:7f:83:45:70:
                    db:37:95:d9:c0:6a:6a:f7:e7:f3:c9:e0:b3:b6:1d:
                    e8:ad:78:c1:70:fd:fd:11:78:92:ab:57:d2:69:1f:
                    7e:b4:de:6f:cf:23:85:7e:52:5a:9c:a5:04:26:fd:
                    5f:60:22:8e:6c:db:b7:c2:a4:b9:18:8f:f3:45:d9:
                    33:c9:24:e1:fc:47:d5:fd:c8:1e:e1:a6:07:cf:fc:
                    3a:f6:24:6a:cd:6d:2f:f7:04:ac:66:cd:5f:95:f4:
                    51:e7:7c:b3:84:ca:9f:1b:1f:87:7a:5f:ad:ca:c9:
                    43:0d:cd:0b:e9:4a:a8:a4:7e:44:57:04:70:75:92:
                    b7:98:20:5b:91:5c:5d:5f:03:b0:69:98:7c:8a:ac:
                    90:60:95:af:c2:95:9c:13:fc:61:69:04:db:2e:58:
                    72:54:d9:bb:11:9e:5d:51:7d:28:55:33:1f:87:10:
                    aa:92:5c:b3:b6:9c:c0:cc:a4:65:86:fa:d0:15:21:
                    08:ca:d4:68:3c:4b:f1:86:b0:ac:72:82:a5:65:02:
                    7b:64:33:00:81:1c:6e:71:68:42:69:51:b7:6b:34:
                    fa:3e:22:7f:ce:90:be:a4:15:a1:16:69:83:78:ce:
                    54:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Subject Information Access:
                CA Repository - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/
                RPKI Manifest - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
                RPKI Notify - URI:https://krill.rg.net/rrdp/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.188.0/22
                  147.28.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:d0:a9:01:a7:17:08:00:c3:af:a8:5e:3c:5f:62:79:d7:f3:
         04:27:e0:16:ed:48:8c:93:7c:ec:98:f8:3b:8c:a7:90:85:5b:
         c1:94:ea:30:04:8e:15:44:1e:28:60:a9:36:2a:9f:66:85:78:
         3d:58:54:30:72:3c:85:2b:24:dc:4b:1c:97:8d:35:30:5b:5e:
         c4:7a:dc:b5:37:7b:b3:46:fa:4e:48:6a:b9:5f:b0:a9:7b:59:
         28:12:a5:57:fe:25:01:03:87:98:e6:32:ab:89:99:c6:59:14:
         42:3f:47:5f:c1:6e:35:51:7d:2d:c3:75:e4:01:50:48:80:c0:
         9b:5e:34:b6:22:76:cc:6e:13:61:08:c9:2a:78:40:39:6b:5f:
         32:ee:90:6d:da:a4:f9:64:ac:99:87:6d:c4:75:60:7b:d2:53:
         93:44:65:09:4c:1f:d7:48:44:71:36:5b:76:ee:ab:40:c3:18:
         c9:9a:07:7b:a8:e9:b8:d1:50:d9:13:7f:40:7e:99:1b:28:3c:
         f5:e4:75:80:e1:75:c9:0f:71:ed:8c:4b:56:f6:4a:3f:01:af:
         c3:54:cb:25:dd:03:d2:99:80:fa:81:8f:22:e5:cb:29:61:90:
         70:43:14:c7:7c:50:f2:f0:7c:9f:d4:cb:cc:da:bb:5f:20:54:
         a1:a3:88:97
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIDAdnIMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjYwNDAx
MDI0NTE1WhcNMjcwNDAxMDEwMTAxWjAzMTEwLwYDVQQDEyg2NTZFNDQyMkFCRjEy
OTY0OTIwMEVCMDE5QTgxNUYyQjEyMjM2RTkyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA5KT/vAXLzFxWBHESUXXgR11kSykCHx9WuX+DRXDbN5XZwGpq
9+fzyeCzth3orXjBcP39EXiSq1fSaR9+tN5vzyOFflJanKUEJv1fYCKObNu3wqS5
GI/zRdkzySTh/EfV/cge4aYHz/w69iRqzW0v9wSsZs1flfRR53yzhMqfGx+Hel+t
yslDDc0L6UqopH5EVwRwdZK3mCBbkVxdXwOwaZh8iqyQYJWvwpWcE/xhaQTbLlhy
VNm7EZ5dUX0oVTMfhxCqklyztpzAzKRlhvrQFSEIytRoPEvxhrCscoKlZQJ7ZDMA
gRxucWhCaVG3azT6PiJ/zpC+pBWhFmmDeM5UdwIDAQABo4ICSTCCAkUwHQYDVR0O
BBYEFGVuRCKr8SlkkgDrAZqBXysSI26SMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgEGMIHoBggrBgEFBQcBCwSB2zCB2DA4BggrBgEFBQcwBYYscnN5
bmM6Ly9rcmlsbC5yZy5uZXQvcmVwby9ycGtpLWJlYWNvbnMtY2EvMC8wZAYIKwYB
BQUHMAqGWHJzeW5jOi8va3JpbGwucmcubmV0L3JlcG8vcnBraS1iZWFjb25zLWNh
LzAvNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIxMjIzNkU5Mi5tZnQw
NgYIKwYBBQUHMA2GKmh0dHBzOi8va3JpbGwucmcubmV0L3JyZHAvbm90aWZpY2F0
aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAi2EvAMEAZMcCjAN
BgkqhkiG9w0BAQsFAAOCAQEAh9CpAacXCADDr6hePF9iedfzBCfgFu1IjJN87Jj4
O4ynkIVbwZTqMASOFUQeKGCpNiqfZoV4PVhUMHI8hSsk3Escl401MFtexHrctTd7
s0b6TkhquV+wqXtZKBKlV/4lAQOHmOYyq4mZxlkUQj9HX8FuNVF9LcN15AFQSIDA
m140tiJ2zG4TYQjJKnhAOWtfMu6Qbdqk+WSsmYdtxHVge9JTk0RlCUwf10hEcTZb
du6rQMMYyZoHe6jpuNFQ2RN/QH6ZGyg89eR1gOF1yQ9x7YxLVvZKPwGvw1TLJd0D
0pmA+oGPIuXLKWGQcEMUx3xQ8vB8n9TLzNq7XyBUoaOIlw==
-----END CERTIFICATE-----