Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rXLWZFEKa_uW8qalwSCYfcl3S_g.cer
File:                     rXLWZFEKa_uW8qalwSCYfcl3S_g.cer (raw, json)
Hash identifier:          LyB61jqzwzgRV+/116fOIjviUAULBD/8yBQYktFLYlA=
Subject key identifier:   AD:72:D6:64:51:0A:6B:FB:96:F2:A6:A5:C1:20:98:7D:C9:77:4B:F8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7EA5251020B669D0C55DD597CFB22A1D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d8/94f2b9-cff6-42d5-8fb9-770d9a389295/1/rXLWZFEKa_uW8qalwSCYfcl3S_g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d8/94f2b9-cff6-42d5-8fb9-770d9a389295/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 12:18:30 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.163.90.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:25:10:20:b6:69:d0:c5:5d:d5:97:cf:b2:2a:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad72d664510a6bfb96f2a6a5c120987dc9774bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:da:14:41:23:72:6b:a2:98:4b:9d:6b:d7:a2:
                    f4:57:96:c8:26:0e:ba:12:76:18:eb:29:2f:ed:c8:
                    d3:a5:87:47:0c:5e:4a:85:d6:d9:50:50:b7:63:a7:
                    f2:d1:24:bc:89:b9:23:56:55:d8:fc:24:c8:99:78:
                    24:29:b1:c1:71:c5:18:86:b1:d7:88:c5:b3:03:17:
                    18:01:2b:f1:f8:a7:f6:2c:f7:9e:b2:c2:ad:50:bd:
                    69:73:f2:2d:fc:63:08:f0:0f:b9:55:57:b6:8f:7f:
                    67:eb:35:8d:00:24:f9:12:26:0a:68:20:3d:20:5b:
                    30:56:5d:c3:07:42:ba:97:0d:24:39:6c:7a:3d:d1:
                    f5:7e:34:48:65:4d:f5:0b:43:2d:65:cf:e5:12:c0:
                    60:ea:50:59:7a:be:9d:59:ba:6a:2b:ec:cb:6e:f3:
                    36:de:f3:c9:a3:ac:76:29:c8:94:54:b0:ca:d7:8a:
                    d5:03:37:ce:d6:21:c9:40:84:01:13:c1:5f:41:85:
                    c1:fc:f1:fb:ae:3f:d3:1a:98:4e:36:76:d3:f8:dd:
                    20:79:0c:99:cf:a3:cb:3d:cb:8c:d3:43:2e:58:89:
                    8d:03:d9:10:24:c1:bc:9e:8b:3b:ea:52:50:46:a2:
                    4d:e7:7c:db:4c:fb:e6:15:4f:c5:6e:6a:30:29:a7:
                    28:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:72:D6:64:51:0A:6B:FB:96:F2:A6:A5:C1:20:98:7D:C9:77:4B:F8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/94f2b9-cff6-42d5-8fb9-770d9a389295/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/94f2b9-cff6-42d5-8fb9-770d9a389295/1/rXLWZFEKa_uW8qalwSCYfcl3S_g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:9c:32:57:f4:c8:e1:ed:ec:7f:95:4a:8e:34:98:2d:16:22:
         23:57:ff:dc:0e:9f:3f:5e:30:e1:37:fa:95:36:14:c9:e9:73:
         c5:89:4d:94:a5:76:bb:57:23:b8:73:06:ec:4b:f9:7e:4a:b3:
         e2:32:f5:0d:ee:4b:99:ef:a1:3d:67:5e:41:46:60:c5:17:ac:
         ce:ed:96:75:15:d2:77:3c:3b:7f:b3:a1:98:52:14:21:1f:5a:
         99:75:4d:38:7b:cc:fc:9d:4a:28:ec:bf:18:9a:37:79:42:4f:
         41:1b:11:8e:f6:96:65:7a:ea:2a:04:c7:0a:db:a8:36:bd:5f:
         00:d3:98:e0:c4:54:de:3b:49:cb:b5:1c:3d:54:4e:26:da:41:
         16:63:1f:8a:72:cf:55:76:18:1e:24:fb:0f:d6:10:d9:57:72:
         56:57:a7:38:3f:84:7c:dd:c7:8c:75:06:d3:b7:ce:2a:7e:23:
         77:cc:ac:7c:ee:55:f1:7e:b9:32:90:e6:43:b6:08:a1:ae:9a:
         7c:71:b5:05:bd:75:4a:0e:a3:86:6d:14:5f:5f:b2:80:21:ab:
         39:2a:04:f3:4d:bd:3f:d8:c7:75:51:01:0d:3b:3a:2c:09:e1:
         97:dc:2b:2f:39:93:16:73:cf:fb:e0:0c:8e:95:f4:b8:a1:97:
         51:70:2d:c3
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt+pSUQILZp0MVd1ZfPsiodMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTIxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDcyZDY2NDUxMGE2YmZiOTZmMmE2YTVjMTIwOTg3ZGM5Nzc0YmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA99oUQSNya6KYS51r16L0V5bIJg66
EnYY6ykv7cjTpYdHDF5KhdbZUFC3Y6fy0SS8ibkjVlXY/CTImXgkKbHBccUYhrHX
iMWzAxcYASvx+Kf2LPeessKtUL1pc/It/GMI8A+5VVe2j39n6zWNACT5EiYKaCA9
IFswVl3DB0K6lw0kOWx6PdH1fjRIZU31C0MtZc/lEsBg6lBZer6dWbpqK+zLbvM2
3vPJo6x2KciUVLDK14rVAzfO1iHJQIQBE8FfQYXB/PH7rj/TGphONnbT+N0geQyZ
z6PLPcuM00MuWImNA9kQJMG8nos76lJQRqJN53zbTPvmFU/FbmowKacoawIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFK1y1mRRCmv7lvKmpcEgmH3Jd0v4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q4Lzk0ZjJi
OS1jZmY2LTQyZDUtOGZiOS03NzBkOWEzODkyOTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgvOTRmMmI5
LWNmZjYtNDJkNS04ZmI5LTc3MGQ5YTM4OTI5NS8xL3JYTFdaRkVLYV91VzhxYWx3
U0NZZmNsM1NfZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwaNaMA0GCSqGSIb3DQEBCwUAA4IBAQA9nDJX
9Mjh7ex/lUqONJgtFiIjV//cDp8/XjDhN/qVNhTJ6XPFiU2UpXa7VyO4cwbsS/l+
SrPiMvUN7kuZ76E9Z15BRmDFF6zO7ZZ1FdJ3PDt/s6GYUhQhH1qZdU04e8z8nUoo
7L8Ymjd5Qk9BGxGO9pZleuoqBMcK26g2vV8A05jgxFTeO0nLtRw9VE4m2kEWYx+K
cs9VdhgeJPsP1hDZV3JWV6c4P4R83ceMdQbTt84qfiN3zKx87lXxfrkykOZDtgih
rpp8cbUFvXVKDqOGbRRfX7KAIas5KgTzTb0/2Md1UQENOzosCeGX3CsvOZMWc8/7
4AyOlfS4oZdRcC3D
-----END CERTIFICATE-----