Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/L72QjQxb06rPUoDdgeogOCzZeOo.cer
File:                     L72QjQxb06rPUoDdgeogOCzZeOo.cer (raw, json)
Hash identifier:          njuliy/AxprCiey9XcVfNON4d+2dJq94PbYNRnZUvlU=
Subject key identifier:   2F:BD:90:8D:0C:5B:D3:AA:CF:52:80:DD:81:EA:20:38:2C:D9:78:EA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01985668FF1493C5B67A5BD8C549839C1D0F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/L72QjQxb06rPUoDdgeogOCzZeOo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 29 Jul 2025 13:39:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.228.196.0/22
                          IP: 2a0d:3600::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:68:ff:14:93:c5:b6:7a:5b:d8:c5:49:83:9c:1d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 29 13:39:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fbd908d0c5bd3aacf5280dd81ea20382cd978ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:23:22:07:f3:fb:38:e0:b9:9a:3f:70:24:1a:
                    4d:4f:63:78:24:2f:c1:fd:5a:5a:a3:de:c0:02:c4:
                    f8:6b:af:b1:10:7b:54:90:af:57:24:ad:df:6d:11:
                    ba:83:7f:c2:31:66:d2:91:65:12:17:88:44:e3:e8:
                    a3:c6:b4:f2:2a:bb:c8:63:47:9b:ff:c2:1a:91:aa:
                    7f:77:7a:33:7c:d6:70:6d:89:e5:99:fa:3b:23:47:
                    ee:1b:cb:1a:97:1e:50:6d:8d:cd:24:17:14:de:92:
                    62:16:84:0a:51:bb:f6:51:ae:c1:cd:0c:6c:55:ed:
                    33:99:68:8a:bd:2b:93:28:4c:66:a6:f9:9d:f8:0b:
                    f4:4c:dc:3a:53:ea:4f:e6:b4:96:b3:52:be:4b:44:
                    59:c1:bf:71:63:46:7a:1d:a3:06:79:28:a4:1c:d0:
                    e4:4c:46:12:97:91:9e:9a:49:a7:82:63:f5:ba:c2:
                    cb:a4:c0:33:12:ee:f3:46:5a:70:ed:08:92:f1:4d:
                    a5:2d:81:74:36:32:62:fe:ed:fe:37:19:e7:bf:68:
                    f9:14:59:79:d6:bf:99:fd:ae:1c:63:b9:85:8c:45:
                    7a:15:38:41:d7:24:2f:8c:66:94:b4:16:62:70:96:
                    ed:f3:df:41:7d:b5:54:63:63:38:53:84:bb:2f:2c:
                    61:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:BD:90:8D:0C:5B:D3:AA:CF:52:80:DD:81:EA:20:38:2C:D9:78:EA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/L72QjQxb06rPUoDdgeogOCzZeOo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.196.0/22
                IPv6:
                  2a0d:3600::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:25:af:d9:07:64:ce:af:15:4f:0d:f4:21:2c:22:eb:64:93:
         57:9b:5e:90:dd:19:31:ef:82:f8:4b:48:ec:fd:16:90:e8:a0:
         e9:5b:10:0a:e2:69:0e:3c:4f:7f:6d:81:94:95:18:22:de:d8:
         c8:2e:f7:32:78:87:da:92:48:f5:67:10:d0:6b:25:99:5a:7f:
         b7:cd:0f:17:0b:40:77:5c:7a:e0:88:5c:15:b6:c7:cf:4e:9c:
         b2:75:4c:99:80:95:b0:21:44:75:61:c1:a8:60:3d:4e:88:c5:
         e5:b4:90:2c:4e:ed:f3:05:5c:48:e4:c0:e7:5e:46:3e:08:d8:
         cc:76:db:ff:76:3a:01:15:d9:13:17:b5:be:a4:a4:da:36:56:
         84:9e:bc:13:7e:5d:f2:13:1f:0e:b6:8c:0a:2f:04:11:6e:83:
         3a:46:4d:67:b0:98:11:b2:b0:97:6a:ab:96:63:95:fd:b8:52:
         49:3e:8e:d0:c9:d5:9c:7d:2f:69:ae:6b:fd:da:34:ca:65:b1:
         e9:b0:13:13:72:c3:f7:b2:bc:ee:d3:e5:c5:6f:bc:79:7f:5c:
         34:06:1c:58:72:3a:69:de:ab:16:03:7f:48:4f:4d:8c:7d:d4:
         bf:6a:d3:f7:ee:6d:3e:05:16:88:2c:e7:26:b3:06:ac:f9:43:
         07:d3:f5:14
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZhWaP8Uk8W2elvYxUmDnB0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNzI5MTMzOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmJkOTA4ZDBjNWJkM2FhY2Y1MjgwZGQ4MWVhMjAzODJjZDk3OGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyMiB/P7OOC5mj9wJBpNT2N4JC/B
/Vpao97AAsT4a6+xEHtUkK9XJK3fbRG6g3/CMWbSkWUSF4hE4+ijxrTyKrvIY0eb
/8Iakap/d3ozfNZwbYnlmfo7I0fuG8salx5QbY3NJBcU3pJiFoQKUbv2Ua7BzQxs
Ve0zmWiKvSuTKExmpvmd+Av0TNw6U+pP5rSWs1K+S0RZwb9xY0Z6HaMGeSikHNDk
TEYSl5GemkmngmP1usLLpMAzEu7zRlpw7QiS8U2lLYF0NjJi/u3+Nxnnv2j5FFl5
1r+Z/a4cY7mFjEV6FThB1yQvjGaUtBZicJbt899BfbVUY2M4U4S7Lyxh5wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFC+9kI0MW9Oqz1KA3YHqIDgs2XjqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwL2U3MjM0
Yy04ODdlLTQxZTktYWQzYy03ZWNkZDJmNjRkMmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvZTcyMzRj
LTg4N2UtNDFlOS1hZDNjLTdlY2RkMmY2NGQyZC8xL0w3MlFqUXhiMDZyUFVvRGRn
ZW9nT0N6WmVPby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCueTEMA0EAgACMAcDBQMqDTYAMA0GCSqGSIb3
DQEBCwUAA4IBAQCRJa/ZB2TOrxVPDfQhLCLrZJNXm16Q3Rkx74L4S0js/RaQ6KDp
WxAK4mkOPE9/bYGUlRgi3tjILvcyeIfakkj1ZxDQayWZWn+3zQ8XC0B3XHrgiFwV
tsfPTpyydUyZgJWwIUR1YcGoYD1OiMXltJAsTu3zBVxI5MDnXkY+CNjMdtv/djoB
FdkTF7W+pKTaNlaEnrwTfl3yEx8OtowKLwQRboM6Rk1nsJgRsrCXaquWY5X9uFJJ
Po7QydWcfS9prmv92jTKZbHpsBMTcsP3srzu0+XFb7x5f1w0BhxYcjpp3qsWA39I
T02MfdS/atP37m0+BRaILOcmswas+UMH0/UU
-----END CERTIFICATE-----