Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OmEbwpH_HeAiVvIxU0VoBgP6Tts.cer
File:                     OmEbwpH_HeAiVvIxU0VoBgP6Tts.cer (raw, json)
Hash identifier:          n+Tr6GtH8iL5qvRHRZE5hcaQrW+JOUDRTE7BTbN3Xpc=
Subject key identifier:   3A:61:1B:C2:91:FF:1D:E0:22:56:F2:31:53:45:68:06:03:FA:4E:DB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7F157D1D5DCC2DE10FA03138FA75B0D3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9c/d14728-442e-44ea-afd7-1b5cd5b4d399/1/OmEbwpH_HeAiVvIxU0VoBgP6Tts.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9c/d14728-442e-44ea-afd7-1b5cd5b4d399/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 14:21:13 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 215041
                          IP: 2001:67c:1570::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 10:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:7d:1d:5d:cc:2d:e1:0f:a0:31:38:fa:75:b0:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:21:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a611bc291ff1de02256f2315345680603fa4edb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:60:d7:1c:a7:94:91:c0:b9:38:ab:f2:0d:27:
                    2d:db:a9:9b:ba:61:7f:55:b7:2a:a2:2c:ab:35:43:
                    58:5e:f5:56:86:da:f2:94:22:8d:b4:26:2a:c9:38:
                    01:ab:a2:c6:a6:58:38:2b:30:42:8e:c7:d6:4d:1c:
                    f1:fa:14:aa:6c:26:4a:5b:42:a6:4e:34:22:da:2d:
                    43:9d:4f:ba:cd:c6:5d:e7:1e:22:a4:ca:e0:58:ec:
                    b7:be:c8:50:1a:f7:e6:5c:a5:8a:7b:6c:b5:42:94:
                    6e:2c:e4:0c:4b:e1:96:e9:70:ee:99:0f:10:04:02:
                    56:d5:07:5a:02:9e:ee:91:44:c2:ad:8c:ae:e8:7c:
                    0e:91:d6:f8:75:27:01:33:ff:4d:dd:43:6f:07:dd:
                    83:6d:ef:78:60:d9:e0:df:44:61:78:68:61:f4:44:
                    ac:9d:0c:c5:1f:4b:db:ad:e8:b8:0d:aa:d9:fc:f4:
                    52:3b:ec:f3:73:d4:c0:9b:bf:75:d3:94:cd:49:69:
                    e1:eb:db:3e:5f:ea:21:c3:62:d8:93:92:19:f7:d7:
                    9e:d1:22:56:0f:f0:e9:2f:29:d7:7e:97:b6:5e:b7:
                    59:d1:dd:c4:8e:51:9e:7e:92:1f:39:b8:df:70:20:
                    0f:e2:34:5e:57:61:ce:46:1a:78:e2:e9:3a:bd:10:
                    2a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:61:1B:C2:91:FF:1D:E0:22:56:F2:31:53:45:68:06:03:FA:4E:DB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/d14728-442e-44ea-afd7-1b5cd5b4d399/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/d14728-442e-44ea-afd7-1b5cd5b4d399/1/OmEbwpH_HeAiVvIxU0VoBgP6Tts.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1570::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215041

    Signature Algorithm: sha256WithRSAEncryption
         a3:ad:46:a4:07:f1:b3:66:7a:b1:61:2e:08:10:54:ef:d9:57:
         e3:b1:5f:20:86:c2:2c:23:e2:01:4e:cd:c4:73:ad:99:3c:8c:
         9f:81:df:6f:7d:28:b0:eb:a8:f4:93:10:2e:1e:12:9e:8d:86:
         03:ae:f1:62:e1:f7:58:c1:35:37:0a:05:73:80:a1:e8:bb:9d:
         f6:54:21:82:91:84:bc:79:d5:f1:32:ef:ce:03:98:73:90:30:
         22:51:96:7b:60:09:93:d6:fd:20:1c:b2:57:03:14:8d:89:7f:
         6f:97:92:3c:df:a7:ee:1b:18:a2:9c:53:57:ee:44:a9:69:3f:
         1f:e0:31:2b:c1:70:37:35:53:b3:42:5c:d3:13:c4:58:06:4a:
         72:f0:6d:1b:31:d6:6f:6e:eb:ac:ca:aa:6a:76:3f:ff:4b:af:
         33:28:eb:02:a8:f9:01:f3:1e:59:05:91:9d:eb:37:44:a5:09:
         40:9a:62:65:c2:55:d9:86:19:de:6e:81:6d:53:bd:58:9c:9c:
         8a:d4:36:13:7f:13:c9:05:78:d1:1a:b0:8a:6b:c7:3e:af:11:
         e2:55:97:48:3b:fd:78:ef:2f:a8:07:37:b2:55:f9:48:79:b9:
         5f:c1:79:12:53:5a:b4:c8:fc:36:d2:b1:f0:cb:26:0e:c6:58:
         e1:4e:05:6a
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZt/FX0dXcwt4Q+gMTj6dbDTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTQyMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTYxMWJjMjkxZmYxZGUwMjI1NmYyMzE1MzQ1NjgwNjAzZmE0ZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmDXHKeUkcC5OKvyDSct26mbumF/
VbcqoiyrNUNYXvVWhtrylCKNtCYqyTgBq6LGplg4KzBCjsfWTRzx+hSqbCZKW0Km
TjQi2i1DnU+6zcZd5x4ipMrgWOy3vshQGvfmXKWKe2y1QpRuLOQMS+GW6XDumQ8Q
BAJW1QdaAp7ukUTCrYyu6HwOkdb4dScBM/9N3UNvB92Dbe94YNng30RheGhh9ESs
nQzFH0vbrei4DarZ/PRSO+zzc9TAm79105TNSWnh69s+X+ohw2LYk5IZ99ee0SJW
D/DpLynXfpe2XrdZ0d3EjlGefpIfObjfcCAP4jReV2HORhp44uk6vRAqEQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFDphG8KR/x3gIlbyMVNFaAYD+k7bMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzljL2QxNDcy
OC00NDJlLTQ0ZWEtYWZkNy0xYjVjZDViNGQzOTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZDE0NzI4
LTQ0MmUtNDRlYS1hZmQ3LTFiNWNkNWI0ZDM5OS8xL09tRWJ3cEhfSGVBaVZ2SXhV
MFZvQmdQNlR0cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBVwMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNIATANBgkqhkiG9w0BAQsFAAOCAQEAo61GpAfxs2Z6sWEuCBBU79lX47Ff
IIbCLCPiAU7NxHOtmTyMn4Hfb30osOuo9JMQLh4Sno2GA67xYuH3WME1NwoFc4Ch
6Lud9lQhgpGEvHnV8TLvzgOYc5AwIlGWe2AJk9b9IByyVwMUjYl/b5eSPN+n7hsY
opxTV+5EqWk/H+AxK8FwNzVTs0Jc0xPEWAZKcvBtGzHWb27rrMqqanY//0uvMyjr
Aqj5AfMeWQWRnes3RKUJQJpiZcJV2YYZ3m6BbVO9WJycitQ2E38TyQV40RqwimvH
Pq8R4lWXSDv9eO8vqAc3slX5SHm5X8F5ElNatMj8NtKx8MsmDsZY4U4Fag==
-----END CERTIFICATE-----