Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q2TnsO7yBINcffKon2DAK-HYmt0.cer
File:                     Q2TnsO7yBINcffKon2DAK-HYmt0.cer (raw, json)
Hash identifier:          g3ry8UYF6/2CBmEBXNpRzGQlRNRbt+Kc0GynChxiEak=
Subject key identifier:   43:64:E7:B0:EE:F2:04:83:5C:7D:F2:A8:9F:60:C0:2B:E1:D8:9A:DD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0197D40B85E71CD167013525581B5AD55D12
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/Q2TnsO7yBINcffKon2DAK-HYmt0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 04 Jul 2025 06:06:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213500
                          IP: 94.232.252.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:0b:85:e7:1c:d1:67:01:35:25:58:1b:5a:d5:5d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul  4 06:06:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4364e7b0eef204835c7df2a89f60c02be1d89add
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bf:ec:97:8b:18:5e:47:c8:de:a7:8b:e8:6d:
                    ff:50:00:05:5b:f1:93:bb:9b:db:07:a2:86:c4:7a:
                    f2:cd:b8:4f:98:13:14:80:5e:85:b5:9c:a9:ed:91:
                    b8:c4:53:78:43:63:00:b4:aa:10:83:b0:57:50:d4:
                    4a:21:fa:c7:03:20:56:d9:04:e6:a7:93:d6:62:51:
                    1a:13:39:88:88:c5:58:03:c1:0d:54:94:0f:e2:a4:
                    f3:9d:6b:20:c5:a2:06:4c:ba:45:89:72:6c:70:48:
                    3b:0d:b2:bb:cd:1d:ef:2d:1e:59:6b:83:99:11:a1:
                    96:16:9e:84:37:cd:d5:fc:9f:31:c0:9a:52:e8:39:
                    9a:84:5e:0b:7f:73:53:6b:ae:59:cd:68:aa:47:f2:
                    c1:87:36:8c:eb:1c:9a:c1:a6:55:2e:ff:b4:fd:29:
                    1e:12:ad:06:d4:83:9a:11:f1:43:81:bc:2e:f9:a7:
                    58:81:f4:4b:d8:b9:20:ac:c2:0c:b1:64:21:aa:8f:
                    d0:e6:4f:dc:4b:c3:d4:f9:24:33:1c:f7:e1:b7:48:
                    07:6d:5c:cb:12:b0:41:9a:35:8a:44:93:6a:4f:c9:
                    61:8f:08:9f:fa:4b:24:4b:27:0a:c7:c7:b3:3b:18:
                    be:1b:96:ef:c0:fd:b9:43:ca:f8:80:eb:ed:37:79:
                    2e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:64:E7:B0:EE:F2:04:83:5C:7D:F2:A8:9F:60:C0:2B:E1:D8:9A:DD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/Q2TnsO7yBINcffKon2DAK-HYmt0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.252.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213500

    Signature Algorithm: sha256WithRSAEncryption
         18:ad:47:b0:d4:e5:67:c3:55:b6:6b:9b:50:29:44:fa:fe:a3:
         2f:3a:2e:25:ed:46:fe:69:7a:03:10:2a:40:f8:7f:fa:e9:71:
         ae:4b:a9:c0:2e:8c:20:93:d3:6c:8a:e9:b9:a8:4c:ec:ed:49:
         34:83:5a:a0:0b:33:93:cd:4e:01:6c:b3:ed:cf:d1:44:20:1e:
         1d:f4:56:46:05:e0:8e:56:db:6d:0f:03:ce:99:95:3f:c3:48:
         65:42:6c:7d:31:6b:0f:a2:da:e1:27:85:ef:fb:6a:e2:f7:76:
         34:98:96:84:82:db:80:4c:5b:26:94:0c:ff:6d:60:c7:14:ff:
         e4:e4:93:10:15:22:59:3f:17:92:2b:26:d6:8a:6f:bd:bf:05:
         6b:e6:26:06:8a:d0:0b:5e:80:48:02:43:48:44:fa:23:61:a4:
         2d:27:40:71:8d:a9:2a:6f:ff:a4:f4:8b:29:30:8c:77:44:ce:
         25:0d:57:52:50:2c:ba:06:57:1d:2d:fb:eb:29:93:06:46:ea:
         7a:72:39:b3:51:6b:01:9a:02:4e:f9:47:08:45:ae:0d:9e:53:
         1c:bc:85:3a:71:6b:19:97:bc:d4:2e:e3:a0:35:96:71:b4:fe:
         1a:ab:48:1e:0b:13:b5:30:b3:f2:45:33:0d:4a:5b:48:d6:3e:
         01:e9:09:9b
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZfUC4XnHNFnATUlWBta1V0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNzA0MDYwNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzY0ZTdiMGVlZjIwNDgzNWM3ZGYyYTg5ZjYwYzAyYmUxZDg5YWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7/sl4sYXkfI3qeL6G3/UAAFW/GT
u5vbB6KGxHryzbhPmBMUgF6FtZyp7ZG4xFN4Q2MAtKoQg7BXUNRKIfrHAyBW2QTm
p5PWYlEaEzmIiMVYA8ENVJQP4qTznWsgxaIGTLpFiXJscEg7DbK7zR3vLR5Za4OZ
EaGWFp6EN83V/J8xwJpS6DmahF4Lf3NTa65ZzWiqR/LBhzaM6xyawaZVLv+0/Ske
Eq0G1IOaEfFDgbwu+adYgfRL2LkgrMIMsWQhqo/Q5k/cS8PU+SQzHPfht0gHbVzL
ErBBmjWKRJNqT8lhjwif+kskSycKx8ezOxi+G5bvwP25Q8r4gOvtN3kupwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFENk57Du8gSDXH3yqJ9gwCvh2JrdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzllL2E5YTUx
YS1lOGUzLTQ5N2EtYWJhMi1lNzk5YzIzYWFjMjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUvYTlhNTFh
LWU4ZTMtNDk3YS1hYmEyLWU3OTljMjNhYWMyMC8xL1EyVG5zTzd5QklOY2ZmS29u
MkRBSy1IWW10MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAXuj8MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNB/DANBgkqhkiG9w0BAQsFAAOCAQEAGK1HsNTlZ8NVtmubUClE+v6jLzouJe1G
/ml6AxAqQPh/+ulxrkupwC6MIJPTbIrpuahM7O1JNINaoAszk81OAWyz7c/RRCAe
HfRWRgXgjlbbbQ8DzpmVP8NIZUJsfTFrD6La4SeF7/tq4vd2NJiWhILbgExbJpQM
/21gxxT/5OSTEBUiWT8Xkism1opvvb8Fa+YmBorQC16ASAJDSET6I2GkLSdAcY2p
Km//pPSLKTCMd0TOJQ1XUlAsugZXHS376ymTBkbqenI5s1FrAZoCTvlHCEWuDZ5T
HLyFOnFrGZe81C7joDWWcbT+GqtIHgsTtTCz8kUzDUpbSNY+AekJmw==
-----END CERTIFICATE-----