Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2rdA9mZfmYP1QGHcoWUCYa1vITg.cer
File:                     2rdA9mZfmYP1QGHcoWUCYa1vITg.cer (raw, json)
Hash identifier:          ZMDz/ZS85yKHVjzr2zsBv9RTW/IRx8lplVtVCwIsGw0=
Subject key identifier:   DA:B7:40:F6:66:5F:99:83:F5:40:61:DC:A1:65:02:61:AD:6F:21:38
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0198185ED751E51FD6BA901354C7E93A389E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/2rdA9mZfmYP1QGHcoWUCYa1vITg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 17 Jul 2025 12:32:05 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.100.16.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:18:5e:d7:51:e5:1f:d6:ba:90:13:54:c7:e9:3a:38:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 17 12:32:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dab740f6665f9983f54061dca1650261ad6f2138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6f:fe:5a:b0:ed:77:7d:31:6c:78:b0:72:b5:
                    51:89:4f:e1:eb:f4:00:62:43:d6:1e:24:96:39:3a:
                    7c:68:9e:e1:13:df:4c:48:ad:2e:eb:24:33:32:16:
                    56:f1:94:a9:c3:37:56:90:86:3e:8e:43:41:45:c0:
                    8d:31:9a:53:35:ad:f9:1a:13:60:9c:8d:ff:90:d3:
                    ce:58:ff:bf:ac:90:f3:73:b0:3a:df:84:5e:9a:e4:
                    9a:84:cf:fa:65:76:7f:12:1c:8b:fe:e5:ed:04:2a:
                    34:cd:26:ec:b1:b0:b4:a5:90:0d:cd:e4:cc:9b:c3:
                    df:7b:55:55:28:5a:e7:dc:16:e3:82:4b:20:4d:18:
                    3f:68:5e:1b:d1:20:92:e1:80:8a:4b:5b:16:12:ec:
                    35:60:35:df:fc:34:7a:f8:5e:1e:2b:42:17:58:b5:
                    de:4b:b1:33:60:a6:17:38:ee:15:d5:2f:6f:25:b7:
                    41:d2:f7:2f:28:cd:9c:bf:7f:e1:6e:03:c2:63:dd:
                    3b:4c:3a:e2:55:d0:b7:95:30:a0:a2:1c:7e:a9:f5:
                    0c:d8:54:6e:a3:bc:06:eb:e6:da:e8:9a:43:00:97:
                    ee:87:4d:73:12:1e:67:81:a8:eb:d5:58:f7:1f:48:
                    82:b4:af:c6:15:22:fa:8d:53:b4:2c:b5:6b:8b:2b:
                    91:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:B7:40:F6:66:5F:99:83:F5:40:61:DC:A1:65:02:61:AD:6F:21:38
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/2rdA9mZfmYP1QGHcoWUCYa1vITg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:3d:fc:10:87:39:5d:ad:ca:39:f1:45:f9:3c:9a:b4:2f:40:
         f6:5d:b3:17:34:ce:bc:0f:24:df:e8:4e:62:65:ee:90:e5:ac:
         e4:20:3d:33:dd:5c:c7:f5:16:70:2a:1c:a9:78:5f:68:3b:ec:
         61:0b:49:1f:db:44:45:86:b4:3c:09:56:14:4d:d0:b8:53:b1:
         71:fb:55:53:48:17:b1:0e:01:db:3f:c1:4d:b2:d2:be:05:9c:
         63:d2:9b:ac:a1:1b:02:fd:8a:e7:6e:ae:f4:69:83:0e:46:c1:
         d9:4a:7e:b3:58:f9:7c:b2:41:96:74:22:b2:ce:4e:9b:b1:17:
         70:6b:b6:f1:bb:24:1e:10:67:07:ef:d9:a3:3a:34:7d:23:e1:
         4d:3e:7d:02:23:5a:41:aa:02:fb:0b:57:c6:f3:09:78:b3:80:
         8b:2b:44:8a:24:a8:6e:bc:d5:b7:77:9c:b5:a6:bf:a3:b7:3b:
         0e:60:dc:7d:66:db:c8:8f:4a:22:1e:1c:b4:46:80:43:f3:9b:
         dd:ca:64:8b:03:24:ea:3e:82:58:d4:b9:c0:15:77:e7:32:8d:
         5f:15:fd:ee:01:32:01:f6:fd:ed:3a:c4:fe:8c:02:71:1c:11:
         67:b6:ee:23:1b:bd:f0:6b:d1:e3:99:52:2f:48:99:31:c3:c9:
         b8:09:7c:06
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZgYXtdR5R/WupATVMfpOjieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNzE3MTIzMjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWI3NDBmNjY2NWY5OTgzZjU0MDYxZGNhMTY1MDI2MWFkNmYyMTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsW/+WrDtd30xbHiwcrVRiU/h6/QA
YkPWHiSWOTp8aJ7hE99MSK0u6yQzMhZW8ZSpwzdWkIY+jkNBRcCNMZpTNa35GhNg
nI3/kNPOWP+/rJDzc7A634RemuSahM/6ZXZ/EhyL/uXtBCo0zSbssbC0pZANzeTM
m8Pfe1VVKFrn3BbjgksgTRg/aF4b0SCS4YCKS1sWEuw1YDXf/DR6+F4eK0IXWLXe
S7EzYKYXOO4V1S9vJbdB0vcvKM2cv3/hbgPCY907TDriVdC3lTCgohx+qfUM2FRu
o7wG6+ba6JpDAJfuh01zEh5ngajr1Vj3H0iCtK/GFSL6jVO0LLVriyuRVQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNq3QPZmX5mD9UBh3KFlAmGtbyE4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY1LzEzNWNm
NC0wODZmLTQ1MTYtYTNlYi0xYjdjOTJhNjFkZjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUvMTM1Y2Y0
LTA4NmYtNDUxNi1hM2ViLTFiN2M5MmE2MWRmNi8xLzJyZEE5bVpmbVlQMVFHSGNv
V1VDWWExdklUZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuWQQMA0GCSqGSIb3DQEBCwUAA4IBAQAsPfwQ
hzldrco58UX5PJq0L0D2XbMXNM68DyTf6E5iZe6Q5azkID0z3VzH9RZwKhypeF9o
O+xhC0kf20RFhrQ8CVYUTdC4U7Fx+1VTSBexDgHbP8FNstK+BZxj0pusoRsC/Yrn
bq70aYMORsHZSn6zWPl8skGWdCKyzk6bsRdwa7bxuyQeEGcH79mjOjR9I+FNPn0C
I1pBqgL7C1fG8wl4s4CLK0SKJKhuvNW3d5y1pr+jtzsOYNx9ZtvIj0oiHhy0RoBD
85vdymSLAyTqPoJY1LnAFXfnMo1fFf3uATIB9v3tOsT+jAJxHBFntu4jG73wa9Hj
mVIvSJkxw8m4CXwG
-----END CERTIFICATE-----