Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2GucF3igUp7n4jIAPL5cmTw2_ds.cer
File:                     2GucF3igUp7n4jIAPL5cmTw2_ds.cer (raw, json)
Hash identifier:          bkc1bT45ILhmpXFERGGoLji5D5g2thM92qrOUaSlkTI=
Subject key identifier:   D8:6B:9C:17:78:A0:52:9E:E7:E2:32:00:3C:BE:5C:99:3C:36:FD:DB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7CEE3AEDA2BBAE35C7AC4880B1FECFA9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c4/970f9a-9480-4fdd-a4f4-a80a95e5a099/1/2GucF3igUp7n4jIAPL5cmTw2_ds.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c4/970f9a-9480-4fdd-a4f4-a80a95e5a099/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 04:19:06 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.200.147.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:3a:ed:a2:bb:ae:35:c7:ac:48:80:b1:fe:cf:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d86b9c1778a0529ee7e232003cbe5c993c36fddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:32:81:7f:54:62:35:e7:50:fb:d1:47:f1:40:
                    64:12:b5:7d:91:b1:9e:58:29:60:87:4e:be:f7:9a:
                    4d:8a:47:cc:cb:6e:39:11:cb:b0:69:ad:c3:fd:2e:
                    d5:3b:4a:90:9c:93:13:6c:82:c5:8c:37:55:e6:ad:
                    07:db:0e:f3:c5:32:75:b8:d3:3e:70:11:7a:cf:15:
                    f2:d5:29:0b:0c:19:52:ee:a2:d1:80:ee:03:e9:33:
                    ee:ab:10:01:5c:c3:05:03:16:93:52:63:c8:3b:df:
                    8b:99:e6:ee:f9:cf:80:61:13:b9:f3:d5:00:14:4c:
                    27:4e:fd:2f:99:de:a6:85:38:aa:29:56:20:f0:44:
                    52:31:7c:eb:90:4b:9c:ec:9b:b6:f6:a1:76:3f:1e:
                    42:7b:14:53:f8:22:81:0c:0c:32:8c:5d:45:c8:06:
                    eb:e4:f3:81:84:d2:92:7b:44:eb:3e:27:63:98:55:
                    ae:4b:28:56:0c:b2:ab:b9:63:78:6a:77:b7:5d:dd:
                    be:c7:ee:10:d5:35:b5:80:f9:81:99:0a:8b:5f:79:
                    2f:8b:86:dc:39:07:56:a9:fb:d1:9a:cf:9a:2d:6c:
                    6c:3d:14:bb:7b:30:44:8e:2e:07:19:fb:3f:d1:0e:
                    ff:d2:fa:eb:08:96:70:05:13:ee:67:fc:3e:51:e3:
                    27:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:6B:9C:17:78:A0:52:9E:E7:E2:32:00:3C:BE:5C:99:3C:36:FD:DB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/970f9a-9480-4fdd-a4f4-a80a95e5a099/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/970f9a-9480-4fdd-a4f4-a80a95e5a099/1/2GucF3igUp7n4jIAPL5cmTw2_ds.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:7b:50:f3:ff:44:db:ff:29:c5:9b:50:ea:e7:64:7c:68:d2:
         20:bd:14:51:1b:2d:b8:46:0a:57:2e:d5:aa:07:97:3a:2f:75:
         30:ce:12:21:69:ff:8a:ff:1f:a4:73:d7:61:4d:0d:26:1e:ab:
         86:9a:5b:ef:4e:6c:aa:1d:d5:13:52:5a:7b:d1:ff:dc:7f:90:
         9f:99:ce:c9:56:a4:8f:3c:8a:26:e7:f6:ab:a8:ac:8f:fc:01:
         fe:0c:f4:1c:e6:ac:96:2d:6f:bc:89:5a:e6:4a:7f:e9:ae:1b:
         52:47:fd:e1:0c:c2:ea:cb:67:02:da:d1:76:43:dc:39:d2:38:
         2d:09:97:82:c1:e8:63:31:af:67:8c:8d:a8:24:7d:ec:1f:1b:
         d1:a1:d7:ba:23:0c:65:9e:25:96:e2:30:ef:39:e4:d7:ce:d7:
         5e:c5:42:a1:ab:e9:4d:bf:ec:32:b7:ec:9b:2b:8f:7c:59:8e:
         e8:ff:90:63:bc:45:7f:cd:a8:b7:17:72:9b:ad:d6:49:19:92:
         94:3f:03:98:63:55:81:be:70:34:03:75:1d:3c:1d:1b:2e:a7:
         d9:14:f4:c9:fb:36:cd:b5:fb:43:93:ca:ab:c9:21:71:a8:ec:
         95:56:a8:da:14:2e:50:d0:2e:0c:a6:bf:e7:87:b5:03:0b:3d:
         f1:95:68:2f
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt87jrtoruuNcesSICx/s+pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDQxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODZiOWMxNzc4YTA1MjllZTdlMjMyMDAzY2JlNWM5OTNjMzZmZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszKBf1RiNedQ+9FH8UBkErV9kbGe
WClgh06+95pNikfMy245Ecuwaa3D/S7VO0qQnJMTbILFjDdV5q0H2w7zxTJ1uNM+
cBF6zxXy1SkLDBlS7qLRgO4D6TPuqxABXMMFAxaTUmPIO9+Lmebu+c+AYRO589UA
FEwnTv0vmd6mhTiqKVYg8ERSMXzrkEuc7Ju29qF2Px5CexRT+CKBDAwyjF1FyAbr
5POBhNKSe0TrPidjmFWuSyhWDLKruWN4ane3Xd2+x+4Q1TW1gPmBmQqLX3kvi4bc
OQdWqfvRms+aLWxsPRS7ezBEji4HGfs/0Q7/0vrrCJZwBRPuZ/w+UeMnBwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNhrnBd4oFKe5+IyADy+XJk8Nv3bMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M0Lzk3MGY5
YS05NDgwLTRmZGQtYTRmNC1hODBhOTVlNWEwOTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzQvOTcwZjlh
LTk0ODAtNGZkZC1hNGY0LWE4MGE5NWU1YTA5OS8xLzJHdWNGM2lnVXA3bjRqSUFQ
TDVjbVR3Ml9kcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwciTMA0GCSqGSIb3DQEBCwUAA4IBAQB7e1Dz
/0Tb/ynFm1Dq52R8aNIgvRRRGy24RgpXLtWqB5c6L3UwzhIhaf+K/x+kc9dhTQ0m
HquGmlvvTmyqHdUTUlp70f/cf5Cfmc7JVqSPPIom5/arqKyP/AH+DPQc5qyWLW+8
iVrmSn/prhtSR/3hDMLqy2cC2tF2Q9w50jgtCZeCwehjMa9njI2oJH3sHxvRode6
IwxlniWW4jDvOeTXztdexUKhq+lNv+wyt+ybK498WY7o/5BjvEV/zai3F3KbrdZJ
GZKUPwOYY1WBvnA0A3UdPB0bLqfZFPTJ+zbNtftDk8qrySFxqOyVVqjaFC5Q0C4M
pr/nh7UDCz3xlWgv
-----END CERTIFICATE-----