Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
File:                     668NIPmOOiBVDJltdCkmiPDSJ50.cer (raw, json)
Hash identifier:          v8qYMG0ptJAjcYxoDqR9KKz4nWU2TopPGL5Bf2hOaA0=
Subject key identifier:   EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019C9569AFF1BF0E816105AAB5AA9F3733E3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 25 Feb 2026 15:27:37 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 64.83.0.0/18
                          IP: 64.90.0.0/19
                          IP: 64.178.96.0/19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:69:af:f1:bf:0e:81:61:05:aa:b5:aa:9f:37:33:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 25 15:27:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d6:c4:7c:99:f8:74:7f:d1:77:23:cb:be:7c:
                    b1:7f:94:8f:56:26:8c:f0:2f:e7:34:aa:91:05:ba:
                    25:62:be:61:5b:1e:0a:38:9b:e3:fc:78:e9:60:72:
                    2e:3d:ed:82:0d:21:a2:49:81:41:46:98:57:37:16:
                    c1:60:1f:d4:78:18:f5:9d:86:64:06:ed:94:fe:fd:
                    15:0d:b3:b7:64:28:4c:8b:fa:54:82:88:4e:81:02:
                    84:71:79:0a:8f:83:78:8c:26:d8:54:cf:af:92:5c:
                    45:ef:2e:19:82:ba:b2:b6:cc:36:1f:d7:ea:75:2d:
                    59:a3:e0:3b:5d:45:22:ce:9b:76:71:98:22:45:52:
                    a4:b7:67:0d:8d:e2:86:d8:e6:da:38:01:5f:65:30:
                    c5:8f:e1:a6:13:37:b8:f1:a2:3f:53:d4:0e:37:d7:
                    ee:b9:c2:7c:c1:ae:9a:53:2b:3e:8d:a7:85:fa:5e:
                    b5:37:ce:79:39:5f:a1:08:f1:a0:54:ca:81:07:c4:
                    fe:12:b7:9f:bb:69:9d:ce:f2:5a:81:b6:1c:a8:2b:
                    2e:58:2d:14:9b:b6:e1:aa:25:36:7e:9a:fc:c6:dd:
                    5f:c2:c8:ff:ec:71:6c:bb:79:b7:98:42:d9:c1:87:
                    49:55:32:37:de:62:78:98:e5:09:48:9a:2f:d8:b7:
                    a4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.83.0.0/18
                  64.90.0.0/19
                  64.178.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         27:5c:6b:9a:87:f4:33:29:1d:b5:a5:a2:7c:e2:24:44:a3:c8:
         a9:3e:7c:67:2d:dc:9c:20:e5:d5:3c:9c:be:6d:70:4e:34:46:
         b2:9e:91:d3:b0:e9:5c:50:48:d9:c1:6d:e7:01:59:cd:cc:e2:
         38:79:72:2d:04:4d:28:8f:66:78:02:09:2e:dc:11:35:77:bf:
         eb:ab:1c:f4:cf:76:21:61:4d:a4:8a:fe:49:e8:0b:08:83:29:
         bb:00:60:0a:77:86:29:2e:18:d6:34:44:c0:f2:33:fa:63:ad:
         53:5f:67:50:05:16:1b:d2:13:a4:ad:42:ea:b0:da:02:65:f0:
         46:97:b4:3d:35:c9:51:0d:9c:3a:71:72:be:3f:86:cc:46:3f:
         c5:09:3b:63:39:22:41:c8:58:a2:16:8e:61:e2:19:28:3b:77:
         25:ca:a1:39:b1:6c:5b:ff:90:d5:e2:1e:1c:03:24:42:09:0b:
         e1:0b:92:33:c8:1c:01:02:d3:20:4b:b7:63:f0:87:03:59:16:
         20:db:41:e2:b4:11:b6:d0:aa:97:71:f8:51:7a:9e:59:11:8c:
         92:e7:a3:67:cc:59:f3:71:42:82:5e:56:73:de:07:2e:b0:23:
         dc:0c:50:3c:f7:69:5e:25:04:ef:54:d3:5b:b1:80:b5:48:4b:
         24:3f:09:fa
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZyVaa/xvw6BYQWqtaqfNzPjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMjI1MTUyNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmFmMGQyMGY5OGUzYTIwNTUwYzk5NmQ3NDI5MjY4OGYwZDIyNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtbEfJn4dH/RdyPLvnyxf5SPViaM
8C/nNKqRBbolYr5hWx4KOJvj/HjpYHIuPe2CDSGiSYFBRphXNxbBYB/UeBj1nYZk
Bu2U/v0VDbO3ZChMi/pUgohOgQKEcXkKj4N4jCbYVM+vklxF7y4Zgrqytsw2H9fq
dS1Zo+A7XUUizpt2cZgiRVKkt2cNjeKG2ObaOAFfZTDFj+GmEze48aI/U9QON9fu
ucJ8wa6aUys+jaeF+l61N855OV+hCPGgVMqBB8T+Erefu2mdzvJagbYcqCsuWC0U
m7bhqiU2fpr8xt1fwsj/7HFsu3m3mELZwYdJVTI33mJ4mOUJSJov2LekUwIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFOuvDSD5jjogVQyZbXQpJojw0iedMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE0L2QwYmUw
Ni1lZjVmLTQ0MTgtYWYxYy0zMjA5MzYyODhlOTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQvZDBiZTA2
LWVmNWYtNDQxOC1hZjFjLTMyMDkzNjI4OGU5NS8xLzY2OE5JUG1PT2lCVkRKbHRk
Q2ttaVBEU0o1MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUF
BwEHAQH/BBwwGjAYBAIAATASAwQGQFMAAwQFQFoAAwQFQLJgMA0GCSqGSIb3DQEB
CwUAA4IBAQAnXGuah/QzKR21paJ84iREo8ipPnxnLdycIOXVPJy+bXBONEaynpHT
sOlcUEjZwW3nAVnNzOI4eXItBE0oj2Z4Agku3BE1d7/rqxz0z3YhYU2kiv5J6AsI
gym7AGAKd4YpLhjWNETA8jP6Y61TX2dQBRYb0hOkrULqsNoCZfBGl7Q9NclRDZw6
cXK+P4bMRj/FCTtjOSJByFiiFo5h4hkoO3clyqE5sWxb/5DV4h4cAyRCCQvhC5Iz
yBwBAtMgS7dj8IcDWRYg20HitBG20KqXcfhRep5ZEYyS56NnzFnzcUKCXlZz3gcu
sCPcDFA892leJQTvVNNbsYC1SEskPwn6
-----END CERTIFICATE-----