Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer
File:                     t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer (raw, json)
Hash identifier:          2VAVNRzyraUzzW+CEccW7zhY/0MbzYw3xcMdLAGxcmc=
Subject key identifier:   B7:9D:E9:45:8D:19:0E:63:43:29:F9:DF:15:03:B5:22:2C:16:24:EE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C7FD011DE5E444D8FE89D812796D1B7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/t53pRY0ZDmNDKfnfFQO1IiwWJO4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 02:18:29 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.198.102.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:d0:11:de:5e:44:4d:8f:e8:9d:81:27:96:d1:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b79de9458d190e634329f9df1503b5222c1624ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2c:aa:30:58:31:af:8a:b5:29:4a:5a:ba:e6:
                    48:36:76:ef:2e:86:6b:40:29:66:d3:b4:d2:09:e5:
                    5d:e5:ec:cf:6f:b0:0b:0b:62:ad:c4:70:3a:09:49:
                    68:d6:27:0e:0e:2e:82:6b:ae:ea:cb:21:1b:f8:b4:
                    6f:97:c2:97:f5:c3:fd:89:ec:bd:2f:53:24:b1:35:
                    74:30:8c:68:a0:cd:c1:41:2f:8a:38:93:11:90:37:
                    5f:c7:60:cb:5c:7c:4e:3b:74:47:e1:dd:4d:31:ab:
                    94:f3:82:ea:35:0b:bb:af:5f:3a:b4:73:76:c7:79:
                    e9:c4:09:54:84:6e:a6:a9:55:26:06:4c:b1:21:d7:
                    bd:61:5d:48:af:98:32:08:53:e1:3a:13:c9:fb:51:
                    e1:0c:f9:fd:74:f0:63:92:67:6d:2a:0f:38:4e:59:
                    47:12:f1:15:ab:3b:c2:ce:15:66:ee:2a:98:b3:90:
                    5d:c2:35:07:f6:0d:15:c5:5e:69:d4:8f:71:9b:02:
                    9d:09:a1:34:1c:16:80:45:a5:86:82:1b:44:cc:03:
                    90:e8:2e:b0:d1:c0:4c:1b:dd:d8:ec:b3:a9:fe:b1:
                    87:f2:29:e1:0a:8e:83:1b:7e:b1:79:52:93:2a:03:
                    99:49:0b:b6:fc:7d:80:09:d2:6d:ee:2b:70:a4:22:
                    b1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:9D:E9:45:8D:19:0E:63:43:29:F9:DF:15:03:B5:22:2C:16:24:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/t53pRY0ZDmNDKfnfFQO1IiwWJO4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:1a:73:51:09:a5:e0:5d:9f:eb:b3:3d:ea:9f:16:3c:09:a0:
         64:39:26:9c:d4:a2:77:15:0a:d5:ac:12:05:54:b7:5d:31:53:
         ce:3c:db:b0:a5:9e:dc:c9:2b:f2:72:2b:f2:ac:3d:d5:f6:a6:
         21:fe:8e:b0:c5:0d:ba:0b:fb:82:84:b3:05:ee:eb:6f:9d:92:
         a2:c5:8c:f3:59:73:d8:f7:48:d0:22:00:ed:0d:67:43:54:06:
         e3:5b:c7:d8:7b:b5:6f:a9:1e:19:13:eb:62:4b:c4:94:5a:93:
         db:91:f2:bf:0b:17:0b:d4:4a:a1:ce:67:02:de:d0:59:ac:0b:
         57:a0:00:3a:5c:85:7b:3f:e0:08:11:dc:7b:2e:1f:53:0a:9e:
         12:7b:d2:6c:8b:d1:bc:23:ee:b3:25:42:a5:7f:d4:36:a9:10:
         23:16:86:b3:d8:fc:90:55:8f:1f:4c:64:94:e8:f9:c0:8c:b1:
         d6:1a:0d:5b:0b:33:3b:03:53:2d:b6:d6:87:f0:4d:a7:12:c7:
         fc:5e:ed:6d:63:e9:19:04:31:31:c6:80:a8:5e:a0:96:ec:2c:
         3b:23:ef:2e:1e:1d:35:3c:48:ae:0c:6b:de:c7:94:26:43:7a:
         45:7e:c9:10:04:50:90:b3:75:d0:82:14:5c:ed:50:c3:c6:9c:
         cd:ce:ff:b9
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt8f9AR3l5ETY/onYEnltG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDIxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzlkZTk0NThkMTkwZTYzNDMyOWY5ZGYxNTAzYjUyMjJjMTYyNGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriyqMFgxr4q1KUpauuZINnbvLoZr
QClm07TSCeVd5ezPb7ALC2KtxHA6CUlo1icODi6Ca67qyyEb+LRvl8KX9cP9iey9
L1MksTV0MIxooM3BQS+KOJMRkDdfx2DLXHxOO3RH4d1NMauU84LqNQu7r186tHN2
x3npxAlUhG6mqVUmBkyxIde9YV1Ir5gyCFPhOhPJ+1HhDPn9dPBjkmdtKg84TllH
EvEVqzvCzhVm7iqYs5BdwjUH9g0VxV5p1I9xmwKdCaE0HBaARaWGghtEzAOQ6C6w
0cBMG93Y7LOp/rGH8inhCo6DG36xeVKTKgOZSQu2/H2ACdJt7itwpCKxPwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFLed6UWNGQ5jQyn53xUDtSIsFiTuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y1LzNiZTg5
OS1hNTJmLTQzYWQtOGU4OS1mMWNkOWZhMjhjYzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjUvM2JlODk5
LWE1MmYtNDNhZC04ZTg5LWYxY2Q5ZmEyOGNjNS8xL3Q1M3BSWTBaRG1OREtmbmZG
UU8xSWl3V0pPNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZmMA0GCSqGSIb3DQEBCwUAA4IBAQCCGnNR
CaXgXZ/rsz3qnxY8CaBkOSac1KJ3FQrVrBIFVLddMVPOPNuwpZ7cySvycivyrD3V
9qYh/o6wxQ26C/uChLMF7utvnZKixYzzWXPY90jQIgDtDWdDVAbjW8fYe7VvqR4Z
E+tiS8SUWpPbkfK/CxcL1EqhzmcC3tBZrAtXoAA6XIV7P+AIEdx7Lh9TCp4Se9Js
i9G8I+6zJUKlf9Q2qRAjFoaz2PyQVY8fTGSU6PnAjLHWGg1bCzM7A1MtttaH8E2n
Esf8Xu1tY+kZBDExxoCoXqCW7Cw7I+8uHh01PEiuDGvex5QmQ3pFfskQBFCQs3XQ
ghRc7VDDxpzNzv+5
-----END CERTIFICATE-----