Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.cer
File:                     02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.cer (raw, json)
Hash identifier:          WY+gVN4D/sZ9U4VaAFiBVR6hGFARQrnAUHHW1xOosak=
Subject key identifier:   D3:64:83:E6:67:C9:FC:E8:F8:0F:5A:AA:5A:C6:E9:16:BC:54:E6:54
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5D279BD1803E557F896C395485F258
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:20:15 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 51367
                          IP: 195.191.72.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:27:9b:d1:80:3e:55:7f:89:6c:39:54:85:f2:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:20:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d36483e667c9fce8f80f5aaa5ac6e916bc54e654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3e:8e:9e:dc:58:7c:2a:b7:11:c5:46:86:8b:
                    61:49:c8:8f:65:84:7b:b6:c8:4f:8e:6d:44:c2:c9:
                    28:ea:35:5e:82:53:84:7a:01:95:7d:34:79:16:a3:
                    c8:3c:e7:0b:27:b9:5e:ad:5f:10:3a:dd:4a:b1:43:
                    4a:82:de:6d:0f:a4:4d:ea:84:39:94:72:07:af:3d:
                    c0:28:0c:29:01:4e:a1:30:4c:3d:0d:f3:b2:b3:60:
                    10:ca:3f:b4:47:7c:a5:49:28:3d:0d:cf:e7:21:89:
                    e4:83:e8:30:d8:49:f2:f4:43:32:83:a3:20:86:9b:
                    1f:39:db:93:a3:13:69:4f:cd:23:b9:80:18:1f:de:
                    48:85:d5:63:94:62:ea:53:f9:5d:1b:41:d4:b3:38:
                    18:12:9b:0a:a8:21:a5:12:bb:22:60:d5:e0:5a:93:
                    d9:d6:b5:16:9e:27:ca:28:53:5c:a1:00:41:ed:af:
                    09:fc:ec:d7:a0:6c:64:7c:0f:fe:06:fa:4a:50:a4:
                    f5:8e:13:9c:63:75:b8:b2:24:06:fb:62:b2:bd:fa:
                    c6:4d:d0:aa:e6:af:54:e2:23:be:f6:12:09:d8:7c:
                    5f:56:d7:22:fb:d7:e6:23:ec:c2:94:05:df:49:3e:
                    27:c9:20:25:f8:18:dd:04:14:9a:eb:5a:09:f6:ad:
                    92:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:64:83:E6:67:C9:FC:E8:F8:0F:5A:AA:5A:C6:E9:16:BC:54:E6:54
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.72.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51367

    Signature Algorithm: sha256WithRSAEncryption
         a2:7b:de:4f:3f:89:d6:0e:db:e4:51:41:7a:07:dd:40:e7:30:
         87:4c:7e:59:f6:2b:dd:20:3c:dc:cd:26:e1:a8:28:75:f7:57:
         6e:71:0a:1e:29:5e:9e:29:4f:15:14:b3:11:98:c4:aa:ce:73:
         36:e4:46:26:e9:d1:3d:64:73:04:0e:95:e4:83:5b:f9:8e:34:
         9a:8a:12:8f:2e:4d:3f:e9:02:e6:69:b9:35:88:13:40:47:f1:
         3a:91:b9:30:cf:55:e6:10:ac:7d:0e:e3:0e:21:c2:e7:83:a9:
         e9:cc:82:ed:95:9d:43:2f:24:c1:1b:f8:bd:54:91:a5:37:d9:
         ec:8f:da:05:a8:22:51:47:b5:aa:34:f4:8c:6f:64:e2:f2:af:
         b5:2f:72:8e:d0:48:74:5a:a2:4a:48:b6:cc:2e:22:3e:a7:f5:
         29:55:42:0e:e2:d7:32:40:36:08:88:69:df:e7:91:b2:dc:c8:
         fa:74:12:43:9b:0f:52:f5:5a:d5:39:80:3b:3c:2f:60:53:49:
         5a:a9:28:b7:27:ec:ae:53:c5:03:cf:01:ad:d0:37:f2:af:8b:
         0c:41:64:6c:e1:94:d3:7d:96:ed:21:53:e6:9c:62:35:65:e7:
         35:6c:5b:e5:55:c7:1f:32:d3:3f:72:6b:11:5e:5b:ac:49:0b:
         27:f2:dc:11
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZt9XSeb0YA+VX+JbDlUhfJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYyMDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY0ODNlNjY3YzlmY2U4ZjgwZjVhYWE1YWM2ZTkxNmJjNTRlNjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj6OntxYfCq3EcVGhothSciPZYR7
tshPjm1Ewsko6jVeglOEegGVfTR5FqPIPOcLJ7lerV8QOt1KsUNKgt5tD6RN6oQ5
lHIHrz3AKAwpAU6hMEw9DfOys2AQyj+0R3ylSSg9Dc/nIYnkg+gw2Eny9EMyg6Mg
hpsfOduToxNpT80juYAYH95IhdVjlGLqU/ldG0HUszgYEpsKqCGlErsiYNXgWpPZ
1rUWnifKKFNcoQBB7a8J/OzXoGxkfA/+BvpKUKT1jhOcY3W4siQG+2KyvfrGTdCq
5q9U4iO+9hIJ2HxfVtci+9fmI+zClAXfST4nySAl+BjdBBSa61oJ9q2SkQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFNNkg+Znyfzo+A9aqlrG6Ra8VOZUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyLzllNjk5
Ni0yZTg5LTQ4MjktYTM3Yi0wNzM0ZmZiYThjYTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTIvOWU2OTk2
LTJlODktNDgyOS1hMzdiLTA3MzRmZmJhOGNhNi8xLzAyU0Q1bWZKX09qNEQxcXFX
c2JwRnJ4VTVsUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBw79IMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDIpzANBgkqhkiG9w0BAQsFAAOCAQEAonveTz+J1g7b5FFBegfdQOcwh0x+WfYr
3SA83M0m4agodfdXbnEKHilenilPFRSzEZjEqs5zNuRGJunRPWRzBA6V5INb+Y40
mooSjy5NP+kC5mm5NYgTQEfxOpG5MM9V5hCsfQ7jDiHC54Op6cyC7ZWdQy8kwRv4
vVSRpTfZ7I/aBagiUUe1qjT0jG9k4vKvtS9yjtBIdFqiSki2zC4iPqf1KVVCDuLX
MkA2CIhp3+eRstzI+nQSQ5sPUvVa1TmAOzwvYFNJWqkotyfsrlPFA88BrdA38q+L
DEFkbOGU032W7SFT5pxiNWXnNWxb5VXHHzLTP3JrEV5brEkLJ/LcEQ==
-----END CERTIFICATE-----