Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/O9RCudZP6g5VWH7hz75n7UE8h1A.cer
File:                     O9RCudZP6g5VWH7hz75n7UE8h1A.cer (raw, json)
Hash identifier:          NMX60+G+ld5hZcpAQO/UKLTFQBNtlZckpWoLI0Ib6/s=
Subject key identifier:   3B:D4:42:B9:D6:4F:EA:0E:55:58:7E:E1:CF:BE:67:ED:41:3C:87:50
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019DAC6E4824EA4CEC749F320CCF8A9C0B2B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/4af4a62e-3ef5-4a36-b0d3-7825bec134ab/0/3BD442B9D64FEA0E55587EE1CFBE67ED413C8750.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/4af4a62e-3ef5-4a36-b0d3-7825bec134ab/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 20 Apr 2026 19:46:41 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 199746
                          AS: 204464
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ac:6e:48:24:ea:4c:ec:74:9f:32:0c:cf:8a:9c:0b:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 20 19:46:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bd442b9d64fea0e55587ee1cfbe67ed413c8750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:56:b9:56:55:ea:87:8e:67:20:e8:f7:63:e0:
                    ad:4e:69:29:e5:5e:e7:51:de:e9:bc:f2:e9:52:74:
                    63:e8:04:dd:a8:a0:ba:77:7f:ba:62:59:cc:0c:9e:
                    29:98:b0:5a:7a:57:e4:a3:46:e3:00:c2:68:f1:35:
                    35:14:5a:6d:c5:6b:c7:05:00:bc:86:02:79:29:90:
                    b9:83:6c:11:fc:94:98:f5:40:f6:f4:a3:d5:81:1d:
                    5f:be:14:ae:3d:4f:52:5f:41:78:ee:62:9a:d1:a9:
                    f3:50:07:8d:2a:0f:72:e3:96:88:d4:a6:0d:23:9e:
                    73:69:eb:4f:13:60:ce:b1:9c:89:41:9a:cc:1b:e4:
                    6f:e4:9f:2c:ce:f5:d1:51:31:c8:00:41:51:82:8a:
                    c6:05:d2:03:b8:d7:02:7f:08:96:ab:a5:b7:71:08:
                    af:65:98:33:74:ec:27:0c:08:87:36:af:45:0b:4d:
                    fd:41:c1:e4:09:c0:96:17:e7:b5:37:6e:b5:24:d0:
                    ba:34:e8:7d:7b:3a:0f:af:c2:6a:e6:6c:9a:87:d7:
                    5f:e1:90:f3:ca:24:64:19:cb:62:70:00:8d:90:a0:
                    0b:e8:27:36:26:ac:06:0f:e2:83:7d:5a:42:98:be:
                    5a:9f:51:fe:8d:64:d9:67:f2:73:b0:e2:54:b8:4a:
                    ab:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D4:42:B9:D6:4F:EA:0E:55:58:7E:E1:CF:BE:67:ED:41:3C:87:50
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/4af4a62e-3ef5-4a36-b0d3-7825bec134ab/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/4af4a62e-3ef5-4a36-b0d3-7825bec134ab/0/3BD442B9D64FEA0E55587EE1CFBE67ED413C8750.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199746
                  204464

    Signature Algorithm: sha256WithRSAEncryption
         75:0d:7b:68:0c:a7:ef:81:f5:17:1d:03:0c:66:3d:4b:ae:e5:
         d2:03:41:92:91:05:09:28:ad:20:0d:85:36:66:fc:d0:26:26:
         8e:3b:3b:10:e4:5a:a4:91:98:4f:14:74:10:49:11:ad:70:c2:
         1e:31:0f:5a:1f:73:32:23:ef:33:37:18:5f:91:97:dd:dc:34:
         f0:aa:2a:76:ef:4d:98:82:a8:87:c3:de:0f:84:c3:4c:46:07:
         0c:f8:0c:30:d5:80:1e:03:34:7a:8d:e3:8c:08:c9:b4:68:2c:
         13:a9:b6:ec:02:e6:39:97:60:e1:76:d5:f9:5a:34:08:f8:0e:
         38:49:ea:d4:d9:cc:58:7c:ed:ad:86:5a:67:b6:12:5b:29:8a:
         0d:f3:92:03:a2:28:1f:48:d9:39:f8:77:69:d8:f6:05:6a:28:
         6e:5d:c3:cd:f5:d8:4b:88:18:e7:33:47:81:e9:6f:40:b2:eb:
         fb:92:d1:ba:1e:fa:de:e7:e8:91:66:8a:e1:e0:cf:c3:69:da:
         65:70:89:8b:fb:55:ee:a7:1f:6f:9c:23:98:0f:90:cf:28:56:
         c6:db:86:ea:3c:68:66:84:c6:be:7a:0f:4c:82:73:55:8a:92:
         8c:a7:a5:8f:18:3f:6d:50:e9:af:dd:f9:f7:1f:e6:9e:8e:5b:
         c2:48:1b:54
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZ2sbkgk6kzsdJ8yDM+KnAsrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNDIwMTk0NjQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQ0NDJiOWQ2NGZlYTBlNTU1ODdlZTFjZmJlNjdlZDQxM2M4NzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVa5VlXqh45nIOj3Y+CtTmkp5V7n
Ud7pvPLpUnRj6ATdqKC6d3+6YlnMDJ4pmLBaelfko0bjAMJo8TU1FFptxWvHBQC8
hgJ5KZC5g2wR/JSY9UD29KPVgR1fvhSuPU9SX0F47mKa0anzUAeNKg9y45aI1KYN
I55zaetPE2DOsZyJQZrMG+Rv5J8szvXRUTHIAEFRgorGBdIDuNcCfwiWq6W3cQiv
ZZgzdOwnDAiHNq9FC039QcHkCcCWF+e1N261JNC6NOh9ezoPr8Jq5myah9df4ZDz
yiRkGcticACNkKAL6Cc2JqwGD+KDfVpCmL5an1H+jWTZZ/JzsOJUuEqrkwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFDvUQrnWT+oOVVh+4c++Z+1BPIdQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzRhZjRh
NjJlLTNlZjUtNGEzNi1iMGQzLTc4MjViZWMxMzRhYi8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNGFm
NGE2MmUtM2VmNS00YTM2LWIwZDMtNzgyNWJlYzEzNGFiLzAvM0JENDQyQjlENjRG
RUEwRTU1NTg3RUUxQ0ZCRTY3RUQ0MTNDODc1MC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBCAEB/wQQMA6gDDAKAgMDDEIC
AwMesDANBgkqhkiG9w0BAQsFAAOCAQEAdQ17aAyn74H1Fx0DDGY9S67l0gNBkpEF
CSitIA2FNmb80CYmjjs7EORapJGYTxR0EEkRrXDCHjEPWh9zMiPvMzcYX5GX3dw0
8Koqdu9NmIKoh8PeD4TDTEYHDPgMMNWAHgM0eo3jjAjJtGgsE6m27ALmOZdg4XbV
+Vo0CPgOOEnq1NnMWHztrYZaZ7YSWymKDfOSA6IoH0jZOfh3adj2BWoobl3DzfXY
S4gY5zNHgelvQLLr+5LRuh763ufokWaK4eDPw2naZXCJi/tV7qcfb5wjmA+QzyhW
xtuG6jxoZoTGvnoPTIJzVYqSjKeljxg/bVDpr9359x/mno5bwkgbVA==
-----END CERTIFICATE-----