Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qWpTYQ2O9mShJ1txquq7KFEEwk8.cer
File:                     qWpTYQ2O9mShJ1txquq7KFEEwk8.cer (raw, json)
Hash identifier:          nsFA1GTWS1aPCRPYTMfpcCzlnUhZvGbdEisM9LfcwiE=
Subject key identifier:   A9:6A:53:61:0D:8E:F6:64:A1:27:5B:71:AA:EA:BB:28:51:04:C2:4F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5C66B646A51EA73BEABC04885F0BD7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d6/5a017c-a3dc-44cf-b80e-a211175c05e0/1/qWpTYQ2O9mShJ1txquq7KFEEwk8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d6/5a017c-a3dc-44cf-b80e-a211175c05e0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:19:26 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 185.45.8.0/22
                          IP: 2a01:75e0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:66:b6:46:a5:1e:a7:3b:ea:bc:04:88:5f:0b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a96a53610d8ef664a1275b71aaeabb285104c24f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a2:32:43:06:ba:ee:27:f5:93:47:f9:8c:a4:
                    d7:6a:36:cf:cf:4d:d1:bd:55:52:de:37:81:03:04:
                    2b:bf:67:a0:87:4c:e3:a6:b9:1c:04:81:f7:4a:7c:
                    b7:a8:0d:9c:14:df:8d:74:05:82:db:5a:bb:59:8f:
                    33:5b:13:28:cd:39:1c:bb:8b:93:35:c3:f5:e8:09:
                    c5:62:0c:60:b1:dc:c9:ee:28:27:c0:dd:17:d4:04:
                    25:5b:5e:a8:94:a5:5c:92:78:c0:2a:0e:d8:e8:85:
                    89:ba:be:d4:8d:4f:c4:32:0a:fd:a2:ac:02:4c:a3:
                    ba:da:6d:f8:a3:2c:ba:55:ba:16:b1:18:d3:0f:5d:
                    a9:c1:99:83:94:4a:1d:0e:b0:c3:cf:af:dd:d8:ec:
                    38:d8:ea:ad:6a:62:ef:f3:26:a0:00:60:7d:0a:ec:
                    95:fe:eb:21:51:c6:c1:b3:15:76:3f:0c:b5:c7:c4:
                    9b:8b:67:ce:6a:bc:cb:a4:bf:12:6f:4f:1a:b3:78:
                    98:f8:f4:c7:5a:f4:29:95:51:74:f0:a7:49:dd:e0:
                    2a:e9:fa:40:04:e4:71:3a:08:40:71:f9:a2:95:dc:
                    27:35:f6:df:5f:de:04:11:a7:47:07:2b:a1:35:46:
                    90:12:67:b4:62:ae:ae:73:de:cd:f2:02:d7:08:b1:
                    94:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:6A:53:61:0D:8E:F6:64:A1:27:5B:71:AA:EA:BB:28:51:04:C2:4F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/5a017c-a3dc-44cf-b80e-a211175c05e0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/5a017c-a3dc-44cf-b80e-a211175c05e0/1/qWpTYQ2O9mShJ1txquq7KFEEwk8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.8.0/22
                IPv6:
                  2a01:75e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:f2:0e:e3:14:27:6b:80:ba:47:ce:77:3b:b0:1c:05:af:48:
         bf:06:4c:e6:01:62:52:02:e3:8c:30:b0:9c:e8:c2:1d:db:b1:
         5b:96:34:6f:ef:b5:f7:52:ed:d5:9d:6e:17:9e:ab:32:bb:15:
         ef:6e:cd:da:df:85:ff:50:30:59:3d:00:b7:67:a4:9b:3e:8f:
         31:05:f7:7f:17:e6:00:bc:fd:90:cd:0f:44:ec:41:bb:c4:2b:
         c2:bf:2a:40:0d:37:8b:60:55:d6:0b:fc:e3:a6:ae:b6:b8:bd:
         cb:b0:47:4d:e1:b4:b8:d4:93:c7:2e:75:dd:a4:6f:d7:90:a4:
         60:0e:89:1f:09:07:d9:b8:21:74:18:ff:47:7f:f2:d3:fd:f4:
         07:bc:81:f1:01:3c:5c:ba:9e:f6:19:0d:72:88:72:d3:3d:12:
         46:69:25:0c:c5:53:f2:f4:e9:eb:77:65:0c:1c:e6:81:1e:21:
         0b:1c:db:0b:6a:e1:6b:20:15:08:bf:e9:7d:f2:60:bf:6d:96:
         73:d3:79:6b:1e:7f:69:1e:11:1f:69:9f:bc:ee:46:95:96:7d:
         58:92:50:ec:8f:0b:74:31:e4:00:09:5a:9b:ec:ca:e3:dc:d8:
         bc:0a:bf:c4:72:8a:07:7d:a7:61:d5:6f:32:d2:b0:28:15:90:
         40:c8:6e:0d
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZt9XGa2RqUepzvqvASIXwvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTZhNTM2MTBkOGVmNjY0YTEyNzViNzFhYWVhYmIyODUxMDRjMjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaIyQwa67if1k0f5jKTXajbPz03R
vVVS3jeBAwQrv2egh0zjprkcBIH3Sny3qA2cFN+NdAWC21q7WY8zWxMozTkcu4uT
NcP16AnFYgxgsdzJ7ignwN0X1AQlW16olKVcknjAKg7Y6IWJur7UjU/EMgr9oqwC
TKO62m34oyy6VboWsRjTD12pwZmDlEodDrDDz6/d2Ow42OqtamLv8yagAGB9CuyV
/ushUcbBsxV2Pwy1x8Sbi2fOarzLpL8Sb08as3iY+PTHWvQplVF08KdJ3eAq6fpA
BORxOghAcfmildwnNfbfX94EEadHByuhNUaQEme0Yq6uc97N8gLXCLGU0wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKlqU2ENjvZkoSdbcarquyhRBMJPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q2LzVhMDE3
Yy1hM2RjLTQ0Y2YtYjgwZS1hMjExMTc1YzA1ZTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDYvNWEwMTdj
LWEzZGMtNDRjZi1iODBlLWEyMTExNzVjMDVlMC8xL3FXcFRZUTJPOW1TaEoxdHhx
dXE3S0ZFRXdrOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuS0IMA0EAgACMAcDBQAqAXXgMA0GCSqGSIb3
DQEBCwUAA4IBAQAZ8g7jFCdrgLpHznc7sBwFr0i/BkzmAWJSAuOMMLCc6MId27Fb
ljRv77X3Uu3VnW4XnqsyuxXvbs3a34X/UDBZPQC3Z6SbPo8xBfd/F+YAvP2QzQ9E
7EG7xCvCvypADTeLYFXWC/zjpq62uL3LsEdN4bS41JPHLnXdpG/XkKRgDokfCQfZ
uCF0GP9Hf/LT/fQHvIHxATxcup72GQ1yiHLTPRJGaSUMxVPy9Onrd2UMHOaBHiEL
HNsLauFrIBUIv+l98mC/bZZz03lrHn9pHhEfaZ+87kaVln1YklDsjwt0MeQACVqb
7Mrj3Ni8Cr/EcooHfadh1W8y0rAoFZBAyG4N
-----END CERTIFICATE-----