Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40HGEPYYEikNrK1gvG0QHWPAjmU.cer
File:                     40HGEPYYEikNrK1gvG0QHWPAjmU.cer (raw, json)
Hash identifier:          sxk1tKiK2H6KmSh2l/vYhcTgbPLJ9eAOx7SCJxwAdjs=
Subject key identifier:   E3:41:C6:10:F6:18:12:29:0D:AC:AD:60:BC:6D:10:1D:63:C0:8E:65
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019D2F05BE82BF1D1384F0A0029DEC5FE4C2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cb/d63ee0-57a4-4598-90ed-feb73cd3d185/1/40HGEPYYEikNrK1gvG0QHWPAjmU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cb/d63ee0-57a4-4598-90ed-feb73cd3d185/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 27 Mar 2026 11:19:58 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 199652
                          IP: 131.222.132.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2f:05:be:82:bf:1d:13:84:f0:a0:02:9d:ec:5f:e4:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 27 11:19:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e341c610f61812290dacad60bc6d101d63c08e65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7c:84:c6:c7:94:ae:04:e5:c4:29:4b:ba:b1:
                    01:8e:38:28:b6:c0:43:a1:64:22:fd:d5:d1:30:c1:
                    e2:bc:82:8f:38:72:79:a5:bd:85:7f:43:36:e7:43:
                    b1:c6:ed:cc:91:bc:ab:a2:38:90:fd:e8:ba:97:90:
                    70:2c:6a:aa:85:c8:79:87:cd:fc:0c:c6:fb:af:2e:
                    c8:ac:82:f1:b7:ef:49:8c:4d:25:ef:c4:ad:a8:a5:
                    04:16:d1:c5:7a:ab:2d:03:c5:06:30:a9:07:a9:65:
                    6a:2f:8b:21:f1:30:5d:0d:f5:98:1b:5e:40:45:37:
                    0f:7e:3c:60:71:6b:26:63:44:7f:77:e8:88:b3:5a:
                    34:7a:c1:b1:6c:71:87:a9:64:a9:f9:df:0c:d6:53:
                    05:ea:8d:26:cf:32:34:09:42:f2:39:59:c4:eb:26:
                    c9:57:77:cb:8e:d5:57:17:78:de:e8:70:0a:02:0f:
                    73:2f:69:fb:52:74:5b:11:3d:fc:1d:9d:b0:96:78:
                    32:ce:54:25:3e:f7:3f:84:f0:45:64:f9:2e:45:43:
                    38:a3:a0:c5:3c:2b:e6:0e:cd:61:b6:58:f3:ff:31:
                    fb:c3:c2:e2:17:97:5c:b0:93:91:05:6a:a6:a4:f8:
                    81:1c:9b:c2:e1:a5:8b:ab:84:81:c9:bf:74:54:83:
                    f0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:41:C6:10:F6:18:12:29:0D:AC:AD:60:BC:6D:10:1D:63:C0:8E:65
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d63ee0-57a4-4598-90ed-feb73cd3d185/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d63ee0-57a4-4598-90ed-feb73cd3d185/1/40HGEPYYEikNrK1gvG0QHWPAjmU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.132.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199652

    Signature Algorithm: sha256WithRSAEncryption
         a4:45:bf:56:11:95:19:69:5a:1a:76:c4:e2:08:8a:38:dc:41:
         c9:66:18:9d:91:07:c9:10:59:cb:bc:64:fb:f1:63:a8:ce:61:
         e7:72:a2:25:23:8f:f4:52:72:a5:3b:1a:c3:80:c1:f5:5d:f8:
         cc:0d:eb:f5:98:98:06:b7:a2:a1:39:8e:a7:52:54:ed:34:42:
         72:02:a5:d1:ca:71:21:2a:60:13:8e:66:39:15:c2:9f:68:cb:
         30:f7:d7:3e:1e:22:b4:f9:52:d1:67:ea:89:07:5b:12:b2:8e:
         aa:af:a8:94:5b:46:70:23:c8:a1:d7:bb:1a:b3:48:fa:3c:fe:
         67:fc:18:91:a0:a1:58:5e:fa:81:e5:8a:7e:57:62:6c:b3:df:
         ad:57:12:ef:a1:d7:17:b3:27:81:83:2a:f8:29:c4:da:02:e7:
         2c:f4:32:ac:56:7c:7d:cd:df:48:c3:4c:d8:b7:05:88:5a:cc:
         df:1c:c1:6b:2c:ca:7b:9d:e4:f1:6e:83:f9:65:fe:d2:1e:d0:
         35:52:6e:70:bf:df:15:bd:95:46:8d:d1:4b:a7:cf:e0:5f:66:
         25:85:b4:48:0e:e6:54:61:bd:a9:c0:0b:83:ad:f2:1f:5c:9f:
         ce:3d:12:b2:72:83:73:46:4e:5f:45:00:16:aa:97:68:a7:b3:
         5f:1f:87:4c
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZ0vBb6Cvx0ThPCgAp3sX+TCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMzI3MTExOTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzQxYzYxMGY2MTgxMjI5MGRhY2FkNjBiYzZkMTAxZDYzYzA4ZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnyExseUrgTlxClLurEBjjgotsBD
oWQi/dXRMMHivIKPOHJ5pb2Ff0M250Oxxu3MkbyrojiQ/ei6l5BwLGqqhch5h838
DMb7ry7IrILxt+9JjE0l78StqKUEFtHFeqstA8UGMKkHqWVqL4sh8TBdDfWYG15A
RTcPfjxgcWsmY0R/d+iIs1o0esGxbHGHqWSp+d8M1lMF6o0mzzI0CULyOVnE6ybJ
V3fLjtVXF3je6HAKAg9zL2n7UnRbET38HZ2wlngyzlQlPvc/hPBFZPkuRUM4o6DF
PCvmDs1htljz/zH7w8LiF5dcsJORBWqmpPiBHJvC4aWLq4SByb90VIPwiQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFONBxhD2GBIpDaytYLxtEB1jwI5lMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NiL2Q2M2Vl
MC01N2E0LTQ1OTgtOTBlZC1mZWI3M2NkM2QxODUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2IvZDYzZWUw
LTU3YTQtNDU5OC05MGVkLWZlYjczY2QzZDE4NS8xLzQwSEdFUFlZRWlrTnJLMWd2
RzBRSFdQQWptVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAg96EMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwML5DANBgkqhkiG9w0BAQsFAAOCAQEApEW/VhGVGWlaGnbE4giKONxByWYYnZEH
yRBZy7xk+/FjqM5h53KiJSOP9FJypTsaw4DB9V34zA3r9ZiYBreioTmOp1JU7TRC
cgKl0cpxISpgE45mORXCn2jLMPfXPh4itPlS0WfqiQdbErKOqq+olFtGcCPIode7
GrNI+jz+Z/wYkaChWF76geWKfldibLPfrVcS76HXF7MngYMq+CnE2gLnLPQyrFZ8
fc3fSMNM2LcFiFrM3xzBayzKe53k8W6D+WX+0h7QNVJucL/fFb2VRo3RS6fP4F9m
JYW0SA7mVGG9qcALg63yH1yfzj0SsnKDc0ZOX0UAFqqXaKezXx+HTA==
-----END CERTIFICATE-----