Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0pF0ElK7nEzagAR9-wHOmMIZ0YA.cer
File:                     0pF0ElK7nEzagAR9-wHOmMIZ0YA.cer (raw, json)
Hash identifier:          E3Tk85ySwYCZ37kqHzfrPxsryCSmnekgihxI+0UgEqA=
Subject key identifier:   D2:91:74:12:52:BB:9C:4C:DA:80:04:7D:FB:01:CE:98:C2:19:D1:80
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7BA4C6A51FCA8FCB17D778B49DC9F846
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/0pF0ElK7nEzagAR9-wHOmMIZ0YA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 22:19:14 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 209441
                          IP: 5.253.220.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:c6:a5:1f:ca:8f:cb:17:d7:78:b4:9d:c9:f8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d291741252bb9c4cda80047dfb01ce98c219d180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ea:5f:81:27:e2:32:66:82:91:c4:7d:2e:80:
                    7d:3d:23:b6:72:8a:f4:07:be:e7:6d:bb:8f:7b:71:
                    e8:2a:9a:e1:1f:7c:38:8b:4c:0b:a7:ef:f3:70:5a:
                    e7:1d:c5:84:3c:45:e1:a2:f9:13:0f:29:a3:69:a2:
                    dd:ef:f3:6e:77:7b:e8:fc:d3:e4:9b:9f:eb:85:5e:
                    fe:a0:b3:7c:69:d5:82:65:65:37:ff:47:44:81:47:
                    9f:50:44:99:b8:f6:ed:d2:c0:99:48:a5:b1:cf:6c:
                    c5:7b:b5:0f:d2:2d:ed:0e:f5:fe:2b:27:85:e8:11:
                    6d:ec:55:e6:40:ec:00:8e:8f:61:d9:1b:29:82:92:
                    37:36:06:b4:0e:23:c6:37:cd:6e:7f:49:4d:c6:cc:
                    b1:0d:fe:37:25:c3:a8:2b:ec:2f:88:55:ff:87:fd:
                    8e:2a:f0:e4:9c:4b:fc:70:35:69:f5:4a:be:1d:66:
                    ee:40:cb:1e:cb:3d:3b:13:5d:29:34:94:4a:0a:3a:
                    dd:7e:4d:eb:13:8c:d0:02:53:16:a8:f2:83:c6:1c:
                    ef:4e:6c:f8:f9:52:d7:bd:e3:c9:e0:80:85:a5:5b:
                    36:9e:8f:14:dc:a2:2a:e4:f8:65:c1:03:40:83:06:
                    09:a4:0b:7b:13:c9:e5:49:6e:f4:1e:92:75:ff:c0:
                    b2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:91:74:12:52:BB:9C:4C:DA:80:04:7D:FB:01:CE:98:C2:19:D1:80
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/0pF0ElK7nEzagAR9-wHOmMIZ0YA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.220.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209441

    Signature Algorithm: sha256WithRSAEncryption
         3f:0b:54:2b:07:e0:d3:8e:35:84:5a:36:23:b5:48:bd:4b:78:
         a7:2a:c1:b6:46:4d:4d:48:24:23:7f:0a:13:5d:4e:eb:a0:ea:
         7b:f0:0a:fd:33:3a:8b:12:cf:42:12:b1:49:a6:43:24:a8:05:
         2d:ae:6b:97:d6:1a:9b:95:fe:d4:bb:74:83:5d:8e:c6:71:ec:
         43:1a:a6:7a:c2:e2:65:a5:c5:70:9f:2c:32:65:6f:af:56:86:
         d3:85:34:0c:3f:dd:b4:48:0b:08:02:86:7d:89:8a:7d:67:b5:
         1f:6f:48:9f:33:d6:50:4b:8b:ce:a6:5a:5f:89:16:ba:8a:7b:
         45:b7:bd:64:f1:85:0d:ff:f7:10:21:00:0d:fe:a8:db:b8:0f:
         6e:a2:f1:4f:31:26:49:a3:5d:22:3f:99:24:aa:05:17:a6:08:
         9d:79:65:0a:8d:50:60:4a:6c:a7:c0:10:05:97:d5:8c:4f:2e:
         8c:cd:d6:e8:d3:71:78:2d:4a:e9:a1:bf:1c:88:6c:ee:13:31:
         1b:1e:a0:f6:0c:20:a4:03:64:60:a0:8c:5b:30:6d:a9:c4:ba:
         38:a9:5e:e9:d3:a8:f5:1b:34:ed:e9:34:2b:e5:29:db:96:6f:
         60:3f:43:87:64:8a:cc:1a:4f:bf:9f:37:f1:67:7c:12:48:e8:
         21:64:e9:aa
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZt7pMalH8qPyxfXeLSdyfhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjIxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjkxNzQxMjUyYmI5YzRjZGE4MDA0N2RmYjAxY2U5OGMyMTlkMTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOpfgSfiMmaCkcR9LoB9PSO2cor0
B77nbbuPe3HoKprhH3w4i0wLp+/zcFrnHcWEPEXhovkTDymjaaLd7/Nud3vo/NPk
m5/rhV7+oLN8adWCZWU3/0dEgUefUESZuPbt0sCZSKWxz2zFe7UP0i3tDvX+KyeF
6BFt7FXmQOwAjo9h2RspgpI3Nga0DiPGN81uf0lNxsyxDf43JcOoK+wviFX/h/2O
KvDknEv8cDVp9Uq+HWbuQMseyz07E10pNJRKCjrdfk3rE4zQAlMWqPKDxhzvTmz4
+VLXvePJ4ICFpVs2no8U3KIq5PhlwQNAgwYJpAt7E8nlSW70HpJ1/8CylwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFNKRdBJSu5xM2oAEffsBzpjCGdGAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkwLzNiYTZm
Yy0yZDQ5LTRhZmYtOTIyOS00OGI5NTcyNjRjMjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAvM2JhNmZj
LTJkNDktNGFmZi05MjI5LTQ4Yjk1NzI2NGMyNi8xLzBwRjBFbEs3bkV6YWdBUjkt
d0hPbU1JWjBZQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCBf3cMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMyITANBgkqhkiG9w0BAQsFAAOCAQEAPwtUKwfg0441hFo2I7VIvUt4pyrBtkZN
TUgkI38KE11O66Dqe/AK/TM6ixLPQhKxSaZDJKgFLa5rl9Yam5X+1Lt0g12OxnHs
QxqmesLiZaXFcJ8sMmVvr1aG04U0DD/dtEgLCAKGfYmKfWe1H29InzPWUEuLzqZa
X4kWuop7Rbe9ZPGFDf/3ECEADf6o27gPbqLxTzEmSaNdIj+ZJKoFF6YInXllCo1Q
YEpsp8AQBZfVjE8ujM3W6NNxeC1K6aG/HIhs7hMxGx6g9gwgpANkYKCMWzBtqcS6
OKle6dOo9Rs07ek0K+Up25ZvYD9Dh2SKzBpPv5838Wd8EkjoIWTpqg==
-----END CERTIFICATE-----