Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/I40fH8TD6PtHGzsd7jbF3zFfsjQ.cer
File:                     I40fH8TD6PtHGzsd7jbF3zFfsjQ.cer (raw, json)
Hash identifier:          of9stoj1kRNNVxNifmuq3q2FFU/kYPPFNHrpMJ1y43o=
Subject key identifier:   23:8D:1F:1F:C4:C3:E8:FB:47:1B:3B:1D:EE:36:C5:DF:31:5F:B2:34
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019DBA62C86AFCBC79EFABC38F89EA680441
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/I40fH8TD6PtHGzsd7jbF3zFfsjQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 23 Apr 2026 12:48:49 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 203958
                          IP: 194.187.54.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:62:c8:6a:fc:bc:79:ef:ab:c3:8f:89:ea:68:04:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 23 12:48:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=238d1f1fc4c3e8fb471b3b1dee36c5df315fb234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c4:42:f1:d8:11:29:10:63:79:98:b9:db:b6:
                    0a:e1:88:e1:ba:be:83:78:81:d3:b5:f7:90:4a:e0:
                    33:f1:12:7f:97:6d:ea:a8:25:44:3b:70:5c:29:cf:
                    e6:5e:db:06:ce:30:f8:f5:6f:78:ac:07:98:0c:b6:
                    e3:8e:3c:79:ad:1c:f7:94:85:df:89:0c:3a:b2:1f:
                    03:82:71:ea:fa:76:7d:2d:7f:0b:50:ce:87:0c:e9:
                    e1:c2:12:dc:f2:b3:9a:e7:61:65:75:0f:71:7c:e8:
                    3d:80:bc:45:f6:b6:6f:b4:af:95:d0:65:aa:36:e6:
                    17:80:27:04:0d:8f:e9:aa:58:d2:31:0e:78:38:d8:
                    60:0e:5a:6d:ba:16:d6:50:40:98:57:34:80:33:60:
                    7a:d5:fa:09:24:a0:b2:08:a5:37:b6:ea:d8:8b:0b:
                    da:e5:fd:db:98:d0:9e:d8:92:6e:37:08:cb:f1:c3:
                    77:46:66:a6:1a:d2:09:32:ef:30:b6:32:f1:3b:d3:
                    57:7e:e7:17:89:4f:86:7e:36:e3:5f:9c:ca:2b:5b:
                    38:51:bf:32:a0:46:30:2c:94:e7:23:8b:f5:b0:48:
                    43:12:ba:5c:32:08:32:b8:8a:9b:2c:b9:0e:b5:e6:
                    e3:74:a6:02:9d:7c:ca:66:09:c2:63:f4:3a:0a:95:
                    7b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:8D:1F:1F:C4:C3:E8:FB:47:1B:3B:1D:EE:36:C5:DF:31:5F:B2:34
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/I40fH8TD6PtHGzsd7jbF3zFfsjQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.54.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203958

    Signature Algorithm: sha256WithRSAEncryption
         60:eb:00:c5:49:eb:3b:f1:e8:67:0d:67:2a:eb:f9:ec:bf:57:
         20:c0:bb:f8:5a:20:61:97:67:63:a3:ec:f7:fc:e6:e5:d2:9c:
         8b:d1:bc:f9:a2:53:a4:42:f9:1a:4b:de:6a:87:31:86:25:d8:
         b4:cd:3b:73:91:bd:51:59:8b:7b:17:9d:26:f8:c1:bd:ac:7e:
         63:aa:8c:53:cb:37:ac:50:41:9b:32:b4:d7:70:57:54:b3:e1:
         58:64:43:46:1c:9e:ca:5f:62:53:6c:5b:65:64:81:61:1f:c2:
         39:ad:15:bf:c1:6f:5a:b5:aa:1f:49:c1:e6:fb:a4:d7:6a:c5:
         1a:cb:8b:6e:74:47:d4:30:ee:b3:e4:ee:c3:f5:be:fc:43:3f:
         cf:c1:31:8e:80:57:0c:18:af:b9:e6:79:47:82:d6:7a:cc:ef:
         34:ec:bb:62:e3:76:57:49:56:c8:5b:bc:94:a4:d5:ad:96:17:
         3d:af:f4:ef:79:a9:19:10:58:90:14:eb:c5:e6:8c:e7:4e:68:
         e5:d0:5d:7e:60:9f:a1:e1:78:b9:48:19:68:54:97:f0:05:9a:
         fd:c8:95:00:cf:34:81:7e:5e:e4:ed:09:0f:9e:b2:0a:e3:ff:
         3f:56:6c:00:ca:66:d2:9d:62:2d:4e:87:ef:41:11:1e:88:52:
         62:ac:de:0b
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZ26Yshq/Lx576vDj4nqaARBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNDIzMTI0ODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzhkMWYxZmM0YzNlOGZiNDcxYjNiMWRlZTM2YzVkZjMxNWZiMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48RC8dgRKRBjeZi527YK4Yjhur6D
eIHTtfeQSuAz8RJ/l23qqCVEO3BcKc/mXtsGzjD49W94rAeYDLbjjjx5rRz3lIXf
iQw6sh8DgnHq+nZ9LX8LUM6HDOnhwhLc8rOa52FldQ9xfOg9gLxF9rZvtK+V0GWq
NuYXgCcEDY/pqljSMQ54ONhgDlptuhbWUECYVzSAM2B61foJJKCyCKU3turYiwva
5f3bmNCe2JJuNwjL8cN3RmamGtIJMu8wtjLxO9NXfucXiU+GfjbjX5zKK1s4Ub8y
oEYwLJTnI4v1sEhDErpcMggyuIqbLLkOtebjdKYCnXzKZgnCY/Q6CpV7kwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCONHx/Ew+j7Rxs7He42xd8xX7I0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UzLzliNzAy
Ny1mMzI0LTRlY2QtODkzYS1kMzljYzMxN2ZkY2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTMvOWI3MDI3
LWYzMjQtNGVjZC04OTNhLWQzOWNjMzE3ZmRjZC8xL0k0MGZIOFRENlB0SEd6c2Q3
amJGM3pGZnNqUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwrs2MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMctjANBgkqhkiG9w0BAQsFAAOCAQEAYOsAxUnrO/HoZw1nKuv57L9XIMC7+Fog
YZdnY6Ps9/zm5dKci9G8+aJTpEL5GkveaocxhiXYtM07c5G9UVmLexedJvjBvax+
Y6qMU8s3rFBBmzK013BXVLPhWGRDRhyeyl9iU2xbZWSBYR/COa0Vv8FvWrWqH0nB
5vuk12rFGsuLbnRH1DDus+Tuw/W+/EM/z8ExjoBXDBivueZ5R4LWeszvNOy7YuN2
V0lWyFu8lKTVrZYXPa/073mpGRBYkBTrxeaM505o5dBdfmCfoeF4uUgZaFSX8AWa
/ciVAM80gX5e5O0JD56yCuP/P1ZsAMpm0p1iLU6H70ERHohSYqzeCw==
-----END CERTIFICATE-----