Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gNHAtO8JDETXi3zLC_cvCdCDHzQ.cer
File:                     gNHAtO8JDETXi3zLC_cvCdCDHzQ.cer (raw, json)
Hash identifier:          QuFYoLzDqXhIphsVGvXoyuWR+oC+M6iE5FvQf+Sb8dA=
Subject key identifier:   80:D1:C0:B4:EF:09:0C:44:D7:8B:7C:CB:0B:F7:2F:09:D0:83:1F:34
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7EA54B44C9E5512D05B18B7AEEC348A5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/gNHAtO8JDETXi3zLC_cvCdCDHzQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 12:18:40 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 25099
                          IP: 194.0.157.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:4b:44:c9:e5:51:2d:05:b1:8b:7a:ee:c3:48:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80d1c0b4ef090c44d78b7ccb0bf72f09d0831f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:66:4b:28:17:2e:32:6c:6d:6d:5e:d7:d1:2b:
                    0f:2e:a2:b6:e8:25:03:c4:6d:ce:94:e4:e0:e4:b0:
                    e7:ae:e7:3e:23:11:a4:d2:b0:c2:9a:12:24:03:03:
                    4e:7b:53:71:90:58:15:78:7f:d4:83:65:b8:05:c0:
                    92:e0:a2:cd:d9:e7:ef:dc:37:0f:38:2b:4e:7f:9c:
                    da:b0:72:80:ba:37:0c:a1:80:88:15:6f:24:d4:a3:
                    0c:bd:1a:ff:c7:bf:c5:ba:c3:92:9a:cd:05:e1:2b:
                    74:fc:07:bc:25:6f:ef:e0:ca:79:0c:12:4c:f1:ad:
                    5e:0b:48:0c:9a:22:35:a2:b3:1b:37:c4:cc:7d:00:
                    31:48:c9:e7:81:65:b0:b7:a9:21:46:a4:ce:bb:59:
                    7e:34:cb:45:d2:fb:78:c2:12:22:18:c6:7f:29:71:
                    4e:2b:1d:02:f7:42:a4:d5:76:db:ce:c7:1e:24:b3:
                    b9:ac:55:54:56:e5:d2:bd:9a:4c:90:b3:31:c2:f2:
                    94:de:e5:99:90:a7:18:fd:66:1b:57:da:39:69:72:
                    00:05:34:a7:61:86:fe:33:58:b9:21:5f:4f:ac:3e:
                    f6:00:49:f3:1f:d8:ef:7d:39:62:98:44:ba:0b:7b:
                    16:cf:0c:f4:c4:fe:19:24:73:21:ae:a7:4d:29:b9:
                    e7:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:D1:C0:B4:EF:09:0C:44:D7:8B:7C:CB:0B:F7:2F:09:D0:83:1F:34
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/gNHAtO8JDETXi3zLC_cvCdCDHzQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.157.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25099

    Signature Algorithm: sha256WithRSAEncryption
         5b:b7:a6:fe:57:d3:42:03:2a:67:47:85:a1:0c:19:b3:ca:f2:
         5a:04:3e:e7:97:26:c7:c6:f9:49:cf:98:ea:20:dd:9b:7e:4f:
         46:00:44:5a:ce:49:9d:a3:2d:78:37:7b:c0:47:00:14:c1:32:
         17:28:76:23:e5:e9:b9:f0:04:b0:bd:b1:d8:11:5d:04:f8:a4:
         1e:a3:38:d9:43:13:1e:d0:12:50:78:a0:95:1a:bd:3a:3b:a4:
         d6:25:33:e3:b2:58:7f:95:ec:53:c3:4a:b6:41:10:38:17:0a:
         ca:39:39:cc:04:30:0f:57:f6:ae:76:fe:a8:96:16:c4:2b:ad:
         d1:ad:42:76:8a:f2:90:ec:0f:37:38:2f:e2:ee:ce:c5:5b:ab:
         2c:05:db:d0:26:dd:7f:67:15:40:ed:be:f8:5a:9a:6e:4e:6a:
         f8:4f:19:81:4a:76:c9:3b:fd:e0:b2:0b:e8:be:1a:8a:8b:72:
         d1:d9:b1:cf:84:01:5b:d9:5e:25:9e:be:94:d7:2e:c7:bc:9d:
         91:24:10:e4:b9:c3:d2:78:40:e4:97:92:47:74:d0:bd:42:57:
         14:9a:80:5b:6a:93:19:aa:a9:34:ad:42:c6:c6:d6:2d:34:5d:
         85:45:25:17:a8:5a:c5:4e:d4:3f:6b:eb:c7:d4:7d:bd:37:62:
         50:36:37:f1
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZt+pUtEyeVRLQWxi3ruw0ilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTIxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGQxYzBiNGVmMDkwYzQ0ZDc4YjdjY2IwYmY3MmYwOWQwODMxZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2ZLKBcuMmxtbV7X0SsPLqK26CUD
xG3OlOTg5LDnruc+IxGk0rDCmhIkAwNOe1NxkFgVeH/Ug2W4BcCS4KLN2efv3DcP
OCtOf5zasHKAujcMoYCIFW8k1KMMvRr/x7/FusOSms0F4St0/Ae8JW/v4Mp5DBJM
8a1eC0gMmiI1orMbN8TMfQAxSMnngWWwt6khRqTOu1l+NMtF0vt4whIiGMZ/KXFO
Kx0C90Kk1XbbzsceJLO5rFVUVuXSvZpMkLMxwvKU3uWZkKcY/WYbV9o5aXIABTSn
YYb+M1i5IV9PrD72AEnzH9jvfTlimES6C3sWzwz0xP4ZJHMhrqdNKbnnpwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFIDRwLTvCQxE14t8ywv3LwnQgx80MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwL2RlNjRm
Ny0zOWQ5LTRiYmQtYjAyMy1iZWRjYmM1YTAxNzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvZGU2NGY3
LTM5ZDktNGJiZC1iMDIzLWJlZGNiYzVhMDE3NC8xL2dOSEF0TzhKREVUWGkzekxD
X2N2Q2RDREh6US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwgCdMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AmILMA0GCSqGSIb3DQEBCwUAA4IBAQBbt6b+V9NCAypnR4WhDBmzyvJaBD7nlybH
xvlJz5jqIN2bfk9GAERazkmdoy14N3vARwAUwTIXKHYj5em58ASwvbHYEV0E+KQe
ozjZQxMe0BJQeKCVGr06O6TWJTPjslh/lexTw0q2QRA4FwrKOTnMBDAPV/audv6o
lhbEK63RrUJ2ivKQ7A83OC/i7s7FW6ssBdvQJt1/ZxVA7b74WppuTmr4TxmBSnbJ
O/3gsgvovhqKi3LR2bHPhAFb2V4lnr6U1y7HvJ2RJBDkucPSeEDkl5JHdNC9QlcU
moBbapMZqqk0rULGxtYtNF2FRSUXqFrFTtQ/a+vH1H29N2JQNjfx
-----END CERTIFICATE-----