Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FhQcZCnqr_caNR-yVz32A7uV8nA.cer
File:                     FhQcZCnqr_caNR-yVz32A7uV8nA.cer (raw, json)
Hash identifier:          +FckEBtfI8jvCTw4+KVgLcVu5p+S1+IXKGfl0bz7U+Y=
Subject key identifier:   16:14:1C:64:29:EA:AF:F7:1A:35:1F:B2:57:3D:F6:03:BB:95:F2:70
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196EDA61354B4F126E369CA112228A0D0E4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/97/63d28b-d152-44cd-b504-5d8fce0a0bb2/1/FhQcZCnqr_caNR-yVz32A7uV8nA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/97/63d28b-d152-44cd-b504-5d8fce0a0bb2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 20 May 2025 12:23:26 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215985
                          IP: 2001:678:f1c::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:a6:13:54:b4:f1:26:e3:69:ca:11:22:28:a0:d0:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 20 12:23:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16141c6429eaaff71a351fb2573df603bb95f270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2d:2f:06:fa:42:41:f9:a5:d7:e3:45:9a:58:
                    8c:a0:83:34:d2:45:68:ca:b3:33:d8:6b:5e:40:35:
                    1a:89:44:30:11:54:df:51:02:1d:b2:90:52:99:2f:
                    92:69:db:0d:8f:2f:13:78:82:86:20:2f:c6:3f:5c:
                    8b:44:b6:a7:b3:bb:94:51:1e:82:ec:e2:e5:b8:26:
                    0c:f1:18:d9:b3:93:5f:11:fa:e8:df:94:f3:40:5c:
                    0e:34:96:f1:a0:3a:9e:f3:f1:0e:2d:36:b5:37:cf:
                    aa:a8:92:3f:a4:ee:ac:d9:8f:ed:c7:13:f6:1b:1f:
                    0c:9b:85:6d:15:f7:64:dc:08:ce:9c:f9:bd:d5:f5:
                    72:11:b7:24:87:bd:c3:2c:35:9e:36:eb:33:b0:2d:
                    d3:05:ab:48:00:4d:1c:d7:e6:22:db:79:84:ab:d1:
                    11:25:fe:6c:8d:26:2d:6d:08:fe:31:0c:5a:63:bd:
                    22:49:fc:88:8f:a8:24:3c:47:59:56:76:13:78:ea:
                    b4:bb:4d:63:f4:5d:ae:ee:65:1b:07:b4:27:e9:eb:
                    96:57:08:b9:6b:18:bf:1f:6e:1f:db:88:b3:bf:d6:
                    52:fd:e3:f3:45:ed:7e:5c:93:e8:d0:ab:46:60:78:
                    af:b1:ff:c9:a4:bb:ee:4a:89:f8:c7:d4:ea:e3:c5:
                    c8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:14:1C:64:29:EA:AF:F7:1A:35:1F:B2:57:3D:F6:03:BB:95:F2:70
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/63d28b-d152-44cd-b504-5d8fce0a0bb2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/63d28b-d152-44cd-b504-5d8fce0a0bb2/1/FhQcZCnqr_caNR-yVz32A7uV8nA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f1c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215985

    Signature Algorithm: sha256WithRSAEncryption
         4c:dd:00:dd:7b:9d:8a:98:75:24:e0:27:78:ce:ef:76:65:d0:
         8f:d9:58:c7:17:d5:3a:10:3b:01:f7:2a:11:9c:9a:24:05:4f:
         33:e6:e2:9b:67:67:c2:4d:a3:70:99:89:21:9b:cd:3c:79:4e:
         be:14:9e:58:79:99:10:e2:71:8e:08:64:17:88:7e:dc:1d:07:
         13:8e:c0:1d:9f:cf:5e:ca:6e:87:30:2b:21:30:55:fb:a7:13:
         13:b5:f4:93:ab:74:65:d0:2b:68:5c:ff:b4:06:6d:d3:86:fd:
         95:2c:04:77:68:78:1d:4b:54:fc:b0:98:64:18:77:07:a7:2f:
         0b:7f:5a:b9:f6:5c:50:4f:03:2c:e7:d9:d4:c2:55:38:86:bd:
         4d:37:56:ff:85:5c:19:cb:0d:40:cc:0b:46:07:ff:21:b6:78:
         4b:f0:f8:5d:c3:c1:d6:54:07:fc:ce:8b:32:72:8d:69:88:f0:
         04:ce:4a:72:8d:73:d8:da:b5:c4:07:d2:80:e2:aa:39:90:e3:
         a3:17:c2:43:88:a1:65:ed:6b:59:64:7c:a1:b3:3d:e5:0d:57:
         c4:c0:03:4d:c3:be:14:82:f7:8a:ca:b3:70:0e:67:55:f7:08:
         16:2e:c8:78:2f:f1:3c:92:ec:fe:cd:db:01:dd:30:4d:8f:b7:
         0a:4f:49:33
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZbtphNUtPEm42nKESIooNDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTIwMTIyMzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjE0MWM2NDI5ZWFhZmY3MWEzNTFmYjI1NzNkZjYwM2JiOTVmMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy0vBvpCQfml1+NFmliMoIM00kVo
yrMz2GteQDUaiUQwEVTfUQIdspBSmS+SadsNjy8TeIKGIC/GP1yLRLans7uUUR6C
7OLluCYM8RjZs5NfEfro35TzQFwONJbxoDqe8/EOLTa1N8+qqJI/pO6s2Y/txxP2
Gx8Mm4VtFfdk3AjOnPm91fVyEbckh73DLDWeNuszsC3TBatIAE0c1+Yi23mEq9ER
Jf5sjSYtbQj+MQxaY70iSfyIj6gkPEdZVnYTeOq0u01j9F2u7mUbB7Qn6euWVwi5
axi/H24f24izv9ZS/ePzRe1+XJPo0KtGYHivsf/JpLvuSon4x9Tq48XIrwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFBYUHGQp6q/3GjUfslc99gO7lfJwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk3LzYzZDI4
Yi1kMTUyLTQ0Y2QtYjUwNC01ZDhmY2UwYTBiYjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTcvNjNkMjhi
LWQxNTItNDRjZC1iNTA0LTVkOGZjZTBhMGJiMi8xL0ZoUWNaQ25xcl9jYU5SLXlW
ejMyQTd1VjhuQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA8cMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNLsTANBgkqhkiG9w0BAQsFAAOCAQEATN0A3Xudiph1JOAneM7vdmXQj9lY
xxfVOhA7AfcqEZyaJAVPM+bim2dnwk2jcJmJIZvNPHlOvhSeWHmZEOJxjghkF4h+
3B0HE47AHZ/PXspuhzArITBV+6cTE7X0k6t0ZdAraFz/tAZt04b9lSwEd2h4HUtU
/LCYZBh3B6cvC39aufZcUE8DLOfZ1MJVOIa9TTdW/4VcGcsNQMwLRgf/IbZ4S/D4
XcPB1lQH/M6LMnKNaYjwBM5Kco1z2Nq1xAfSgOKqOZDjoxfCQ4ihZe1rWWR8obM9
5Q1XxMADTcO+FIL3isqzcA5nVfcIFi7IeC/xPJLs/s3bAd0wTY+3Ck9JMw==
-----END CERTIFICATE-----