Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rlpSQCnY3kR4Cgzw50fsrhcacOE.cer
File:                     rlpSQCnY3kR4Cgzw50fsrhcacOE.cer (raw, json)
Hash identifier:          vdDTk7ANwZqr18Gj87AWwI7Nn0JADCiLPyyn/LYAVzs=
Subject key identifier:   AE:5A:52:40:29:D8:DE:44:78:0A:0C:F0:E7:47:EC:AE:17:1A:70:E1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019E88443CDCFC14917EA7C753F99ABC82A3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/2/AE5A524029D8DE44780A0CF0E747ECAE171A70E1.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/2/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Tue 02 Jun 2026 12:17:13 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 204518
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:44:3c:dc:fc:14:91:7e:a7:c7:53:f9:9a:bc:82:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  2 12:17:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae5a524029d8de44780a0cf0e747ecae171a70e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:56:ac:b1:8c:8f:31:c1:10:ee:80:58:3e:b9:
                    d4:d5:4f:37:04:3e:36:d9:c0:ed:65:6e:27:ce:ba:
                    70:89:4a:50:35:26:01:ce:a1:11:da:c5:5e:eb:cc:
                    38:12:1c:de:03:39:cb:50:9f:49:77:eb:09:e2:07:
                    cf:44:76:1b:ba:53:7d:91:69:2e:dc:85:ef:7a:8a:
                    3e:0d:79:f0:5a:a0:33:f1:ca:57:be:dc:31:8f:dc:
                    24:15:bc:1c:17:23:fd:6d:27:ee:aa:e0:37:7d:aa:
                    73:63:58:92:96:b8:49:be:50:1d:20:0e:b4:90:84:
                    ee:1f:65:ce:0f:b6:aa:3d:b8:b9:d9:de:03:a2:d7:
                    76:29:e8:6c:19:fc:b7:a6:b0:c2:f0:48:71:74:e6:
                    aa:5c:3e:75:3b:0f:cb:24:53:a9:02:90:1b:7b:6f:
                    96:d5:dd:94:91:10:b1:e7:3c:6a:e1:35:63:70:82:
                    03:bc:d3:55:78:5a:09:9c:12:7e:80:b0:af:77:07:
                    03:dc:d5:ec:03:68:ff:08:b5:a6:57:9e:0a:ab:8e:
                    02:d9:ef:49:38:fd:51:16:ed:cc:36:c0:b0:0f:5b:
                    55:b5:1f:02:d3:2e:8e:e7:91:71:e7:e1:ff:6a:ce:
                    93:45:55:55:87:ab:06:f8:7d:cb:e3:f6:e9:44:eb:
                    b8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:5A:52:40:29:D8:DE:44:78:0A:0C:F0:E7:47:EC:AE:17:1A:70:E1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/2/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/2/AE5A524029D8DE44780A0CF0E747ECAE171A70E1.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204518

    Signature Algorithm: sha256WithRSAEncryption
         3a:fd:37:9b:33:73:7b:98:b6:72:26:17:e9:5a:29:c1:89:53:
         94:0b:58:c2:26:37:49:3c:2a:69:52:8e:eb:c6:66:e5:b0:1e:
         6e:70:04:77:73:fc:9a:bf:fd:b4:4b:46:fd:d5:b6:cd:fa:c0:
         38:e6:61:94:05:86:f0:8b:d2:d6:06:0e:61:e0:ae:1f:e8:5c:
         2e:a0:44:50:1a:37:f2:f8:12:9b:60:db:4a:a1:0c:8e:f4:7b:
         ea:b2:0c:de:a8:2d:19:5a:12:28:3c:31:68:e0:ee:f4:e6:23:
         f3:ad:9d:c9:2b:f1:91:0d:d5:56:5b:f6:02:c4:2e:e3:3a:40:
         9b:77:44:05:5f:03:7f:cc:dc:77:32:b1:ea:63:e0:a8:ee:d3:
         c3:94:d9:ec:67:1b:74:06:d9:b5:e4:7f:f9:4e:69:7d:57:3d:
         0b:84:ea:c5:e3:b9:5a:6a:95:60:b4:92:a6:81:5e:51:aa:62:
         22:9d:4d:57:6e:26:7e:62:7f:c6:44:b0:99:47:b1:fe:7f:0e:
         e2:a7:15:4e:a6:82:af:76:7b:79:af:aa:0c:b6:b1:20:db:f6:
         15:67:40:24:f3:a4:57:dd:40:17:d7:68:46:37:df:17:0b:f3:
         e6:7d:ea:d5:3e:94:c1:eb:eb:c5:6e:b1:79:1b:dc:20:27:a0:
         12:79:d3:ef
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZ6IRDzc/BSRfqfHU/mavIKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNjAyMTIxNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTVhNTI0MDI5ZDhkZTQ0NzgwYTBjZjBlNzQ3ZWNhZTE3MWE3MGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1assYyPMcEQ7oBYPrnU1U83BD42
2cDtZW4nzrpwiUpQNSYBzqER2sVe68w4EhzeAznLUJ9Jd+sJ4gfPRHYbulN9kWku
3IXveoo+DXnwWqAz8cpXvtwxj9wkFbwcFyP9bSfuquA3fapzY1iSlrhJvlAdIA60
kITuH2XOD7aqPbi52d4Dotd2KehsGfy3prDC8EhxdOaqXD51Ow/LJFOpApAbe2+W
1d2UkRCx5zxq4TVjcIIDvNNVeFoJnBJ+gLCvdwcD3NXsA2j/CLWmV54Kq44C2e9J
OP1RFu3MNsCwD1tVtR8C0y6O55Fx5+H/as6TRVVVh6sG+H3L4/bpROu4xQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFK5aUkAp2N5EeAoM8OdH7K4XGnDhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzhhZmI1
ZmUyLTNjMmEtNDkzOS05NWU5LTAwNzdiODBiNGYwZS8yLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGFm
YjVmZTItM2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0ZjBlLzIvQUU1QTUyNDAyOUQ4
REU0NDc4MEEwQ0YwRTc0N0VDQUUxNzFBNzBFMS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDHuYw
DQYJKoZIhvcNAQELBQADggEBADr9N5szc3uYtnImF+laKcGJU5QLWMImN0k8KmlS
juvGZuWwHm5wBHdz/Jq//bRLRv3Vts36wDjmYZQFhvCL0tYGDmHgrh/oXC6gRFAa
N/L4Eptg20qhDI70e+qyDN6oLRlaEig8MWjg7vTmI/Otnckr8ZEN1VZb9gLELuM6
QJt3RAVfA3/M3Hcysepj4Kju08OU2exnG3QG2bXkf/lOaX1XPQuE6sXjuVpqlWC0
kqaBXlGqYiKdTVduJn5if8ZEsJlHsf5/DuKnFU6mgq92e3mvqgy2sSDb9hVnQCTz
pFfdQBfXaEY33xcL8+Z96tU+lMHr68VusXkb3CAnoBJ50+8=
-----END CERTIFICATE-----