Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/J4YXdA7NlbcE2pel-eU8AxFEQms.cer
File:                     J4YXdA7NlbcE2pel-eU8AxFEQms.cer (raw, json)
Hash identifier:          SGgBFVLnja2+dzUhONsQH0ochtaM3rbHArDTn8wUj+4=
Subject key identifier:   27:86:17:74:0E:CD:95:B7:04:DA:97:A5:F9:E5:3C:03:11:44:42:6B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7DC9DC65B2B035E9C712A87032C5E83C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 08:18:59 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 185.236.128.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Mar 2026 21:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:dc:65:b2:b0:35:e9:c7:12:a8:70:32:c5:e8:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=278617740ecd95b704da97a5f9e53c031144426b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ee:68:ed:ce:fb:06:90:e7:9a:d3:f4:dd:de:
                    6c:5f:83:ed:a4:58:9a:1c:fb:2e:9d:13:5d:d5:67:
                    99:a0:e7:6a:88:5e:3d:1c:ce:5d:93:40:ad:b1:0d:
                    b6:79:04:3e:2b:5e:eb:5b:60:97:8b:02:9e:33:c3:
                    39:a3:95:28:78:70:2b:37:01:39:81:aa:e0:11:4d:
                    b1:db:36:3c:a2:63:33:b9:0f:fe:40:e1:17:5c:b3:
                    43:70:08:41:92:fa:eb:8e:5a:35:8e:4a:41:98:82:
                    fb:8c:2d:4b:0c:ce:22:78:3c:e4:31:93:56:ea:13:
                    2c:96:27:63:f5:46:a7:2e:53:c0:44:85:65:3e:cc:
                    61:eb:fb:39:44:d0:77:7e:51:e5:4d:90:6f:3f:41:
                    15:cb:93:ca:c0:d8:8f:b9:4b:66:b0:cd:f4:b3:b8:
                    43:1c:3c:41:f4:0f:11:80:59:dd:b3:7f:51:aa:96:
                    c8:12:0b:02:d7:86:3f:51:74:97:46:d1:39:47:7d:
                    49:c5:33:e0:d7:5f:5e:54:53:67:d6:18:9a:e7:95:
                    6e:b6:fb:71:00:87:3a:33:a0:5a:83:89:43:50:68:
                    79:6c:01:72:3e:a7:fe:38:6f:6d:a4:7b:3d:16:f3:
                    52:38:82:0d:63:85:fd:f0:aa:ae:2e:af:6f:0d:c9:
                    19:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:86:17:74:0E:CD:95:B7:04:DA:97:A5:F9:E5:3C:03:11:44:42:6B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:18:77:5a:ef:9e:62:fa:53:77:ff:3f:a5:27:b0:d3:ef:bf:
         c5:bf:0e:42:e9:49:11:ee:0d:b4:41:e3:d5:b8:23:65:68:5d:
         aa:e3:76:73:74:50:49:6c:54:e9:f4:3e:9a:54:ac:a6:48:a4:
         d3:8d:f2:c3:71:6e:50:64:11:c5:96:57:8c:22:ba:66:87:be:
         b9:67:4f:2b:17:ae:1a:d2:67:bc:7a:07:4d:28:85:b4:df:e3:
         df:e1:e6:7d:ce:a2:80:9d:74:63:b8:49:5a:2e:31:cc:c9:52:
         be:c7:d7:16:ba:6b:d6:85:f5:34:34:11:a0:16:58:63:d0:d0:
         ea:28:97:22:99:dd:00:2e:b2:ce:02:7c:5c:97:cf:05:b4:f5:
         34:bd:c7:3d:8b:9c:f2:34:d9:04:c2:32:40:18:a4:6a:4f:e4:
         1c:ae:9f:e7:f0:a2:de:eb:c6:eb:7d:3e:fe:0f:61:10:f6:06:
         b9:5b:37:6a:f6:fa:79:97:ae:8e:04:24:76:78:0d:fc:90:21:
         a4:0b:90:31:da:e8:d7:6e:dc:9f:13:24:13:f8:6b:2a:2d:c9:
         c7:da:7c:ca:b9:04:0a:40:53:f9:a2:78:60:ce:6f:41:b1:5a:
         68:2c:ad:fd:2c:54:98:d5:30:10:5b:89:6b:dc:ee:f7:99:c8:
         60:e9:42:a4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt9ydxlsrA16ccSqHAyxeg8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDgxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzg2MTc3NDBlY2Q5NWI3MDRkYTk3YTVmOWU1M2MwMzExNDQ0MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+5o7c77BpDnmtP03d5sX4PtpFia
HPsunRNd1WeZoOdqiF49HM5dk0CtsQ22eQQ+K17rW2CXiwKeM8M5o5UoeHArNwE5
gargEU2x2zY8omMzuQ/+QOEXXLNDcAhBkvrrjlo1jkpBmIL7jC1LDM4ieDzkMZNW
6hMslidj9UanLlPARIVlPsxh6/s5RNB3flHlTZBvP0EVy5PKwNiPuUtmsM30s7hD
HDxB9A8RgFnds39RqpbIEgsC14Y/UXSXRtE5R31JxTPg119eVFNn1hia55Vutvtx
AIc6M6Bag4lDUGh5bAFyPqf+OG9tpHs9FvNSOIINY4X98KquLq9vDckZgwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCeGF3QOzZW3BNqXpfnlPAMRREJrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2L2I3OGFi
NC0zNDkwLTQwMGItOTAxOS05ZWRkMDFkMDcyM2MvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvYjc4YWI0
LTM0OTAtNDAwYi05MDE5LTllZGQwMWQwNzIzYy8xL0o0WVhkQTdObGJjRTJwZWwt
ZVU4QXhGRVFtcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAueyAMA0GCSqGSIb3DQEBCwUAA4IBAQCTGHda
755i+lN3/z+lJ7DT77/Fvw5C6UkR7g20QePVuCNlaF2q43ZzdFBJbFTp9D6aVKym
SKTTjfLDcW5QZBHFlleMIrpmh765Z08rF64a0me8egdNKIW03+Pf4eZ9zqKAnXRj
uElaLjHMyVK+x9cWumvWhfU0NBGgFlhj0NDqKJcimd0ALrLOAnxcl88FtPU0vcc9
i5zyNNkEwjJAGKRqT+Qcrp/n8KLe68brfT7+D2EQ9ga5Wzdq9vp5l66OBCR2eA38
kCGkC5Ax2ujXbtyfEyQT+GsqLcnH2nzKuQQKQFP5onhgzm9BsVpoLK39LFSY1TAQ
W4lr3O73mchg6UKk
-----END CERTIFICATE-----