Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.cer
File:                     iTbfSsL0Z-pmwRl6hinT9ku1Y_A.cer (raw, json)
Hash identifier:          NE0AI4ciAyd4OkcSpmh6ZGbYn8pGUC0y7iZtXAB4NGg=
Subject key identifier:   89:36:DF:4A:C2:F4:67:EA:66:C1:19:7A:86:29:D3:F6:4B:B5:63:F0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B78A2921523E389012547EE7633556501
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 08:17:58 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 207722
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:92:15:23:e3:89:01:25:47:ee:76:33:55:65:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8936df4ac2f467ea66c1197a8629d3f64bb563f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f4:12:76:fe:f9:df:74:23:df:32:d9:47:d7:
                    c3:6e:ba:ab:7a:e4:cd:72:bf:ed:d7:bb:3b:4e:49:
                    ff:51:f5:d6:f6:22:c0:88:a0:a5:09:d1:81:35:42:
                    dc:44:bb:dd:ec:a4:8b:07:34:b3:0c:08:18:11:0f:
                    ff:21:40:49:ae:0a:8e:27:85:3d:63:f2:73:fd:79:
                    f7:b1:8e:df:68:11:1f:4b:5b:e0:f7:61:70:95:cd:
                    15:32:df:85:84:4a:92:02:3c:3c:42:2d:12:b2:52:
                    c0:6c:09:d9:e5:04:6d:24:62:39:75:ef:49:d4:d7:
                    54:8f:0d:7c:37:3a:68:b8:ac:30:1a:49:5f:ba:54:
                    1b:82:8e:07:0e:dd:ae:2a:6e:09:66:b5:8c:b3:01:
                    c6:49:6c:c7:aa:d5:de:11:8d:70:10:b2:78:9d:9e:
                    e7:5f:69:8c:82:8a:e2:85:fd:65:fc:f6:ba:27:09:
                    fe:56:f8:bf:e9:9f:14:fa:70:fa:ef:72:84:6a:f0:
                    9c:70:9a:2d:db:fc:f5:4f:a3:70:7c:80:35:d1:f4:
                    c5:3e:8e:40:67:cc:2e:1a:38:74:5b:c8:fa:5b:76:
                    8f:1a:78:d9:e2:76:ea:28:4e:01:53:b4:a2:a1:ba:
                    f7:ba:e1:ab:f7:ef:33:c9:22:93:dc:75:26:0a:68:
                    f6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:36:DF:4A:C2:F4:67:EA:66:C1:19:7A:86:29:D3:F6:4B:B5:63:F0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207722

    Signature Algorithm: sha256WithRSAEncryption
         70:54:18:21:dd:ce:f9:0e:26:57:27:82:05:cb:75:2a:2e:0b:
         c0:eb:c1:b9:f4:a0:46:29:fe:c0:81:64:aa:2b:48:1e:42:b6:
         c0:96:dd:d3:28:26:20:01:7c:8a:5b:4c:44:a8:1e:74:19:d0:
         c7:c9:99:e9:f4:97:2f:a8:26:8c:49:0a:86:8b:90:fd:38:5d:
         cb:0c:3d:62:ad:7b:37:30:33:4a:3a:f0:a5:ff:3f:06:4c:be:
         12:1d:fa:36:7f:3e:91:f4:00:24:fa:81:67:7f:b0:8f:ac:34:
         4d:d3:43:f2:f5:7d:ca:a9:ea:85:f1:47:ac:01:42:d8:18:95:
         d4:0b:71:b8:d2:22:21:35:53:7e:19:4e:7f:a8:b9:fe:c0:95:
         dd:2f:7a:46:a4:a4:50:e6:c1:62:24:3c:71:ff:99:df:bf:2c:
         2c:45:4a:c2:d5:66:4e:7c:01:61:f6:1b:80:3d:d3:be:20:15:
         1d:a9:2c:0c:ca:c2:fa:6c:da:1b:bc:4a:15:34:30:d2:19:e9:
         a9:aa:42:8c:b7:f3:ba:7f:eb:e1:f4:85:b7:3a:ad:aa:18:34:
         ff:a6:5e:77:0e:f7:25:95:69:ac:03:ec:bb:d8:7b:0c:5b:e2:
         5c:a1:50:6e:d8:58:9a:78:1a:a1:f6:f7:60:9b:a6:0e:2c:fd:
         92:14:3e:82
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt4opIVI+OJASVH7nYzVWUBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDgxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTM2ZGY0YWMyZjQ2N2VhNjZjMTE5N2E4NjI5ZDNmNjRiYjU2M2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PQSdv7533Qj3zLZR9fDbrqreuTN
cr/t17s7Tkn/UfXW9iLAiKClCdGBNULcRLvd7KSLBzSzDAgYEQ//IUBJrgqOJ4U9
Y/Jz/Xn3sY7faBEfS1vg92Fwlc0VMt+FhEqSAjw8Qi0SslLAbAnZ5QRtJGI5de9J
1NdUjw18NzpouKwwGklfulQbgo4HDt2uKm4JZrWMswHGSWzHqtXeEY1wELJ4nZ7n
X2mMgorihf1l/Pa6Jwn+Vvi/6Z8U+nD673KEavCccJot2/z1T6NwfIA10fTFPo5A
Z8wuGjh0W8j6W3aPGnjZ4nbqKE4BU7Siobr3uuGr9+8zySKT3HUmCmj23wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIk230rC9GfqZsEZeoYp0/ZLtWPwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JiLzc4OTVm
OC1hYzMxLTQ3OTgtODQwNC00ZTI3OGRkNDhhM2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIvNzg5NWY4
LWFjMzEtNDc5OC04NDA0LTRlMjc4ZGQ0OGEzZi8xL2lUYmZTc0wwWi1wbXdSbDZo
aW5UOWt1MVlfQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMrajANBgkqhkiG9w0BAQsFAAOCAQEAcFQYId3O+Q4m
VyeCBct1Ki4LwOvBufSgRin+wIFkqitIHkK2wJbd0ygmIAF8iltMRKgedBnQx8mZ
6fSXL6gmjEkKhouQ/Thdyww9Yq17NzAzSjrwpf8/Bky+Eh36Nn8+kfQAJPqBZ3+w
j6w0TdND8vV9yqnqhfFHrAFC2BiV1AtxuNIiITVTfhlOf6i5/sCV3S96RqSkUObB
YiQ8cf+Z378sLEVKwtVmTnwBYfYbgD3TviAVHaksDMrC+mzaG7xKFTQw0hnpqapC
jLfzun/r4fSFtzqtqhg0/6Zedw73JZVprAPsu9h7DFviXKFQbthYmngaofb3YJum
Diz9khQ+gg==
-----END CERTIFICATE-----