Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0heXhYa_86Z3fVWpqWNYQVFtQ7Q.cer
File:                     0heXhYa_86Z3fVWpqWNYQVFtQ7Q.cer (raw, json)
Hash identifier:          1NDQbmE7BWEifgnAZeQHvAF8uhHrBB4t34hJAL4H2HE=
Subject key identifier:   D2:17:97:85:86:BF:F3:A6:77:7D:55:A9:A9:63:58:41:51:6D:43:B4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5CD3E615CD548A75E03C10C5D77358
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/37/790a78-4a2d-4f16-880a-4ce4d3b197d8/1/0heXhYa_86Z3fVWpqWNYQVFtQ7Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/37/790a78-4a2d-4f16-880a-4ce4d3b197d8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:19:54 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 203252
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:d3:e6:15:cd:54:8a:75:e0:3c:10:c5:d7:73:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:19:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d217978586bff3a6777d55a9a9635841516d43b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:40:c1:03:57:63:16:49:4f:eb:2d:34:3c:fc:
                    93:04:12:c3:88:8d:6d:36:5a:41:7b:29:7c:fc:32:
                    4b:77:3a:ad:3b:a2:f1:d2:88:04:5d:1c:fd:d5:6b:
                    46:52:d5:5b:13:1d:ce:a5:76:43:7a:01:7a:41:49:
                    99:91:f6:b1:65:48:73:34:9c:2a:13:f9:50:cd:d2:
                    06:f5:dd:91:ae:d9:50:c9:4e:eb:13:aa:9a:0e:f3:
                    d7:e0:e2:db:1a:0e:43:c6:fc:3c:63:b0:f1:83:99:
                    67:b8:4f:c2:44:e6:54:62:62:ef:06:1b:e0:3f:02:
                    c3:01:ba:35:5b:a3:8e:34:e9:b9:5b:ef:fd:35:c6:
                    76:c9:c9:30:8f:3b:39:d4:b5:0b:65:01:b5:26:0e:
                    53:56:47:fe:3d:a1:51:aa:fa:8f:14:2f:2e:71:3a:
                    06:a3:5f:27:82:2b:84:db:5c:73:c1:06:95:24:33:
                    d3:33:34:5e:3a:89:dd:41:68:91:3d:0e:54:79:8a:
                    78:ca:c1:46:34:3c:d4:b0:06:f7:c8:85:a8:86:d7:
                    91:de:27:ad:ee:5e:42:8e:d8:d2:77:9a:00:25:cd:
                    bc:cc:dd:e9:aa:fb:98:f5:4f:74:af:3c:23:5a:2e:
                    5b:fa:d4:f1:53:7b:ff:8a:70:09:f6:b1:15:14:e1:
                    c4:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:17:97:85:86:BF:F3:A6:77:7D:55:A9:A9:63:58:41:51:6D:43:B4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/790a78-4a2d-4f16-880a-4ce4d3b197d8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/790a78-4a2d-4f16-880a-4ce4d3b197d8/1/0heXhYa_86Z3fVWpqWNYQVFtQ7Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203252

    Signature Algorithm: sha256WithRSAEncryption
         a0:82:91:31:93:cc:fa:9c:04:0b:bc:cc:66:9e:b7:bd:b4:9e:
         6f:55:fb:63:64:cc:ac:7d:8b:7a:20:54:63:8e:a1:17:f0:70:
         53:ab:a3:19:f7:a3:a8:59:0e:4c:de:d6:59:ad:1d:68:b7:55:
         c6:e1:e0:39:ed:5e:d0:d5:d8:a3:c3:dd:d1:9a:93:bc:61:58:
         4d:a9:f9:8b:b5:a4:f5:14:bc:f5:86:76:ad:9d:a9:fc:21:ba:
         0a:56:66:88:6c:83:51:28:56:35:f9:e7:a8:ad:6c:86:ad:7e:
         70:06:ad:91:ca:ea:cc:ad:55:e3:3f:cf:cc:b8:88:58:0e:f7:
         41:ce:17:61:55:2b:a7:65:e6:bf:8e:37:08:58:39:b6:5b:62:
         36:dc:42:6f:5b:8b:bb:68:fd:8f:e8:6a:f0:f1:f7:ad:1f:af:
         3f:1f:ec:16:a5:6e:e7:e8:6f:88:06:3c:91:35:b7:02:4c:6e:
         ca:90:95:ac:02:3b:61:08:46:35:47:0d:ee:ca:bb:e8:bc:27:
         14:ba:16:40:08:2e:54:84:f1:8e:99:b9:fa:c8:36:8a:c4:17:
         7a:d8:be:8e:26:1b:8f:1f:99:fb:9e:54:51:98:3d:2c:a7:3e:
         5d:12:18:13:d5:27:f5:a5:e6:ba:a2:d7:bb:b6:1b:9e:b2:87:
         dd:ec:41:c8
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt9XNPmFc1UinXgPBDF13NYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjE3OTc4NTg2YmZmM2E2Nzc3ZDU1YTlhOTYzNTg0MTUxNmQ0M2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UDBA1djFklP6y00PPyTBBLDiI1t
NlpBeyl8/DJLdzqtO6Lx0ogEXRz91WtGUtVbEx3OpXZDegF6QUmZkfaxZUhzNJwq
E/lQzdIG9d2RrtlQyU7rE6qaDvPX4OLbGg5Dxvw8Y7Dxg5lnuE/CROZUYmLvBhvg
PwLDAbo1W6OONOm5W+/9NcZ2yckwjzs51LULZQG1Jg5TVkf+PaFRqvqPFC8ucToG
o18ngiuE21xzwQaVJDPTMzReOondQWiRPQ5UeYp4ysFGNDzUsAb3yIWohteR3iet
7l5CjtjSd5oAJc28zN3pqvuY9U90rzwjWi5b+tTxU3v/inAJ9rEVFOHEUQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFNIXl4WGv/Omd31VqaljWEFRbUO0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM3Lzc5MGE3
OC00YTJkLTRmMTYtODgwYS00Y2U0ZDNiMTk3ZDgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvNzkwYTc4
LTRhMmQtNGYxNi04ODBhLTRjZTRkM2IxOTdkOC8xLzBoZVhoWWFfODZaM2ZWV3Bx
V05ZUVZGdFE3US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMZ9DANBgkqhkiG9w0BAQsFAAOCAQEAoIKRMZPM+pwE
C7zMZp63vbSeb1X7Y2TMrH2LeiBUY46hF/BwU6ujGfejqFkOTN7WWa0daLdVxuHg
Oe1e0NXYo8Pd0ZqTvGFYTan5i7Wk9RS89YZ2rZ2p/CG6ClZmiGyDUShWNfnnqK1s
hq1+cAatkcrqzK1V4z/PzLiIWA73Qc4XYVUrp2Xmv443CFg5tltiNtxCb1uLu2j9
j+hq8PH3rR+vPx/sFqVu5+hviAY8kTW3AkxuypCVrAI7YQhGNUcN7sq76LwnFLoW
QAguVITxjpm5+sg2isQXeti+jiYbjx+Z+55UUZg9LKc+XRIYE9Un9aXmuqLXu7Yb
nrKH3exByA==
-----END CERTIFICATE-----