Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1bFX6mgu908PHvZ_oekWDRfNLpM.cer
File:                     1bFX6mgu908PHvZ_oekWDRfNLpM.cer (raw, json)
Hash identifier:          HYjMfCkskQOqWFnmoJ9KvRirMunVPJVQ+QC8d8LiGmc=
Subject key identifier:   D5:B1:57:EA:68:2E:F7:4F:0F:1E:F6:7F:A1:E9:16:0D:17:CD:2E:93
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5CDB3A31712057241AB0C64EDA6FC2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ae/f76e8c-82b3-47d4-b4b6-021c9eec0077/1/1bFX6mgu908PHvZ_oekWDRfNLpM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ae/f76e8c-82b3-47d4-b4b6-021c9eec0077/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:19:56 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 24825
                          IP: 91.198.17.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:db:3a:31:71:20:57:24:1a:b0:c6:4e:da:6f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5b157ea682ef74f0f1ef67fa1e9160d17cd2e93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b2:b0:6d:a0:6f:6e:03:ba:43:ea:96:c8:4d:
                    bb:03:53:2e:80:cb:2e:64:6b:04:30:10:da:22:e7:
                    7c:be:33:9a:6a:ce:bd:d1:e1:ba:1c:7d:7a:88:06:
                    6c:a6:5d:a6:0e:a8:e9:76:7c:7c:9c:09:1c:9c:8d:
                    e7:57:2e:af:61:08:a2:68:83:7f:ba:d7:54:81:53:
                    c8:ee:3f:c6:ce:57:fd:6c:94:ad:7a:0f:bb:07:49:
                    34:bc:21:d5:8d:c0:8a:90:00:f9:da:46:a5:ef:b6:
                    74:c5:a8:fb:c5:e0:54:e7:16:b8:f3:f1:b6:33:52:
                    dd:1d:27:65:51:ae:d0:a0:ce:c3:eb:a0:69:39:33:
                    56:71:1c:89:61:8f:68:9c:cd:21:62:2f:57:87:8b:
                    7b:8b:0b:81:79:68:6a:fb:1b:ca:d0:ef:4b:73:9f:
                    b8:80:87:ff:2a:29:b4:eb:d0:80:9e:7b:31:be:0e:
                    36:b5:62:f6:40:00:23:4f:2d:b1:28:53:40:15:8c:
                    d0:fc:a0:2f:c1:d4:c4:40:71:00:ba:43:51:09:ba:
                    cd:24:1c:2c:61:fe:46:a8:c2:06:70:2f:71:ba:28:
                    f4:16:74:97:4a:f3:57:c7:65:f7:7d:21:a8:ad:d8:
                    55:bd:42:12:5b:39:c6:43:10:89:98:08:d0:e8:e6:
                    34:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B1:57:EA:68:2E:F7:4F:0F:1E:F6:7F:A1:E9:16:0D:17:CD:2E:93
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/f76e8c-82b3-47d4-b4b6-021c9eec0077/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/f76e8c-82b3-47d4-b4b6-021c9eec0077/1/1bFX6mgu908PHvZ_oekWDRfNLpM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.17.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  24825

    Signature Algorithm: sha256WithRSAEncryption
         ab:e8:c6:00:ad:c4:19:f5:e9:3d:dc:6b:14:ce:03:f8:8c:2a:
         b4:26:6c:6b:af:f9:bc:17:f7:89:aa:f6:82:62:42:c6:4d:66:
         b8:91:c2:22:7f:fb:3b:87:5b:5a:ca:e8:8d:64:51:cc:04:51:
         2f:05:ec:54:37:87:f8:36:4d:3f:ac:0a:2d:d6:2c:df:ed:21:
         83:72:f7:19:e6:aa:22:24:b0:92:1b:3a:7e:2e:87:22:68:24:
         cd:a5:06:c1:f4:1f:73:c5:bc:86:f8:ab:c0:fe:9f:6b:9c:1a:
         c6:e4:c1:d6:f8:0b:d5:09:36:ba:8d:9b:f2:af:57:03:cf:d3:
         1e:0b:75:5f:e7:4c:55:4b:7b:f3:c9:2b:a3:d0:ff:66:fd:62:
         79:03:6b:2e:e3:8a:8e:bc:5f:0f:e8:14:f5:33:cf:ac:fa:2f:
         15:e9:17:f5:98:70:e6:43:3e:c6:38:0c:c2:7b:df:ba:d8:04:
         9e:44:23:56:c1:e0:7d:eb:d5:29:bc:f2:49:c3:22:c4:df:69:
         41:fa:41:cb:6b:01:66:f3:50:29:1b:80:2c:6e:9c:74:5c:b3:
         20:66:d6:ce:e7:24:ba:ac:c5:16:fb:8c:53:15:bd:8f:dd:34:
         57:ee:3e:e5:8a:45:80:a1:f9:9e:fa:72:b6:d1:0a:89:f1:c5:
         2e:49:c4:aa
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZt9XNs6MXEgVyQasMZO2m/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWIxNTdlYTY4MmVmNzRmMGYxZWY2N2ZhMWU5MTYwZDE3Y2QyZTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLKwbaBvbgO6Q+qWyE27A1MugMsu
ZGsEMBDaIud8vjOaas690eG6HH16iAZspl2mDqjpdnx8nAkcnI3nVy6vYQiiaIN/
utdUgVPI7j/Gzlf9bJSteg+7B0k0vCHVjcCKkAD52kal77Z0xaj7xeBU5xa48/G2
M1LdHSdlUa7QoM7D66BpOTNWcRyJYY9onM0hYi9Xh4t7iwuBeWhq+xvK0O9Lc5+4
gIf/Kim069CAnnsxvg42tWL2QAAjTy2xKFNAFYzQ/KAvwdTEQHEAukNRCbrNJBws
Yf5GqMIGcC9xuij0FnSXSvNXx2X3fSGordhVvUISWznGQxCJmAjQ6OY0yQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFNWxV+poLvdPDx72f6HpFg0XzS6TMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FlL2Y3NmU4
Yy04MmIzLTQ3ZDQtYjRiNi0wMjFjOWVlYzAwNzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWUvZjc2ZThj
LTgyYjMtNDdkNC1iNGI2LTAyMWM5ZWVjMDA3Ny8xLzFiRlg2bWd1OTA4UEh2Wl9v
ZWtXRFJmTkxwTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8YRMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AmD5MA0GCSqGSIb3DQEBCwUAA4IBAQCr6MYArcQZ9ek93GsUzgP4jCq0Jmxrr/m8
F/eJqvaCYkLGTWa4kcIif/s7h1tayuiNZFHMBFEvBexUN4f4Nk0/rAot1izf7SGD
cvcZ5qoiJLCSGzp+LociaCTNpQbB9B9zxbyG+KvA/p9rnBrG5MHW+AvVCTa6jZvy
r1cDz9MeC3Vf50xVS3vzySuj0P9m/WJ5A2su44qOvF8P6BT1M8+s+i8V6Rf1mHDm
Qz7GOAzCe9+62ASeRCNWweB969UpvPJJwyLE32lB+kHLawFm81ApG4Asbpx0XLMg
ZtbO5yS6rMUW+4xTFb2P3TRX7j7likWAofme+nK20QqJ8cUuScSq
-----END CERTIFICATE-----