Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PEi5LoCU13gCF-MlTFlyC8Kpdjg.cer
File:                     PEi5LoCU13gCF-MlTFlyC8Kpdjg.cer (raw, json)
Hash identifier:          P11Q73VBLo6rAy3oj1bWq4GsBTykO2WYUN7+8kMUBzA=
Subject key identifier:   3C:48:B9:2E:80:94:D7:78:02:17:E3:25:4C:59:72:0B:C2:A9:76:38
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019A0B08BE049D361C63D5FF581398AF347B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ed/870c2a-394c-45c2-a434-b21e0f4c0c0a/1/PEi5LoCU13gCF-MlTFlyC8Kpdjg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ed/870c2a-394c-45c2-a434-b21e0f4c0c0a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 22 Oct 2025 08:28:33 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 195.93.155.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 00:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:08:be:04:9d:36:1c:63:d5:ff:58:13:98:af:34:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 22 08:28:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c48b92e8094d7780217e3254c59720bc2a97638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:79:22:94:cf:b1:47:f5:ed:d3:06:e5:02:e6:
                    4e:bc:36:4b:ce:a6:6c:61:b0:2c:95:51:e9:6e:0c:
                    5b:3f:2a:71:4a:46:6f:66:01:6b:3b:8d:10:67:ef:
                    05:66:6f:7f:b7:0e:44:e0:6a:29:b4:02:d8:1b:dc:
                    2f:56:1d:0c:ba:68:9b:be:35:4e:39:8e:d8:00:11:
                    ed:03:4b:d5:02:04:47:c0:28:0e:1a:ca:d6:96:03:
                    0b:80:91:3d:35:92:b1:70:b5:9d:1c:a8:bd:fb:7d:
                    45:00:60:4c:e4:17:23:d9:8f:96:ac:db:06:dc:4c:
                    52:b6:a8:32:5a:d3:ba:e7:cd:c0:ae:29:84:e9:0e:
                    33:76:23:a4:2c:87:11:0e:9c:42:78:83:8d:f5:87:
                    49:b0:0a:c9:5c:0e:a2:a7:40:0a:97:5f:56:86:7f:
                    d8:ff:e8:47:30:16:9c:9f:c4:77:2e:ee:d0:01:4f:
                    46:04:ec:87:46:26:e7:9e:b6:ba:dc:e7:59:24:42:
                    c1:bf:6c:99:9d:ae:b9:23:c1:b4:f6:08:d0:98:3e:
                    5d:92:b0:4d:df:02:77:0d:42:62:05:86:ad:c7:13:
                    88:99:f6:fa:e3:29:13:82:b8:29:69:49:e1:45:39:
                    c7:e6:69:b3:ff:00:cc:96:8b:20:f3:cc:c0:91:b9:
                    b3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:48:B9:2E:80:94:D7:78:02:17:E3:25:4C:59:72:0B:C2:A9:76:38
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/870c2a-394c-45c2-a434-b21e0f4c0c0a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/870c2a-394c-45c2-a434-b21e0f4c0c0a/1/PEi5LoCU13gCF-MlTFlyC8Kpdjg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:e7:aa:de:6e:97:75:79:90:e2:48:53:d5:61:f1:bf:f5:0d:
         bd:90:11:ce:28:86:12:b7:f5:c2:29:d1:44:e1:67:26:2b:7d:
         d2:fe:09:37:c7:3f:a8:c1:51:66:0f:8e:17:67:06:6f:30:af:
         30:39:74:5f:f3:fa:3d:48:14:ad:74:3d:8e:65:30:89:f8:6e:
         ff:58:c2:3a:f3:09:42:eb:0c:a3:16:49:0d:3a:2c:ca:d1:f3:
         23:5e:d7:f9:dd:64:17:10:f1:a4:76:73:70:d7:79:9e:45:d4:
         68:3a:b0:dd:f2:ac:47:e2:85:95:e5:49:89:f1:35:ac:e2:e2:
         4e:57:2d:12:76:3b:09:47:66:5e:1f:ab:02:07:b6:2c:33:dd:
         d7:ca:11:ca:0f:63:ad:57:a9:e3:65:23:b1:a1:86:b6:40:9e:
         1b:7b:a0:7e:59:ed:b6:c2:2a:a4:b7:c2:70:c4:d0:f1:df:41:
         99:58:79:91:6d:10:6c:d4:0c:bd:30:89:ba:41:fa:8a:a7:4d:
         a0:2c:1d:58:df:4c:d5:fc:74:2f:d2:7f:27:5a:fe:c8:37:5b:
         7b:1a:b0:85:96:a6:23:b6:b8:7c:f1:74:f8:27:d7:40:a0:bb:
         36:64:1c:43:c0:34:fa:a2:4c:f6:7f:00:55:b5:86:4a:42:2c:
         f3:4c:57:55
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZoLCL4EnTYcY9X/WBOYrzR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUxMDIyMDgyODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzQ4YjkyZTgwOTRkNzc4MDIxN2UzMjU0YzU5NzIwYmMyYTk3NjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3kilM+xR/Xt0wblAuZOvDZLzqZs
YbAslVHpbgxbPypxSkZvZgFrO40QZ+8FZm9/tw5E4GoptALYG9wvVh0MumibvjVO
OY7YABHtA0vVAgRHwCgOGsrWlgMLgJE9NZKxcLWdHKi9+31FAGBM5Bcj2Y+WrNsG
3ExStqgyWtO6583ArimE6Q4zdiOkLIcRDpxCeION9YdJsArJXA6ip0AKl19Whn/Y
/+hHMBacn8R3Lu7QAU9GBOyHRibnnra63OdZJELBv2yZna65I8G09gjQmD5dkrBN
3wJ3DUJiBYatxxOImfb64ykTgrgpaUnhRTnH5mmz/wDMlosg88zAkbmzxwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFDxIuS6AlNd4AhfjJUxZcgvCqXY4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VkLzg3MGMy
YS0zOTRjLTQ1YzItYTQzNC1iMjFlMGY0YzBjMGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvODcwYzJh
LTM5NGMtNDVjMi1hNDM0LWIyMWUwZjRjMGMwYS8xL1BFaTVMb0NVMTNnQ0YtTWxU
Rmx5QzhLcGRqZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw12bMA0GCSqGSIb3DQEBCwUAA4IBAQAb56re
bpd1eZDiSFPVYfG/9Q29kBHOKIYSt/XCKdFE4WcmK33S/gk3xz+owVFmD44XZwZv
MK8wOXRf8/o9SBStdD2OZTCJ+G7/WMI68wlC6wyjFkkNOizK0fMjXtf53WQXEPGk
dnNw13meRdRoOrDd8qxH4oWV5UmJ8TWs4uJOVy0SdjsJR2ZeH6sCB7YsM93XyhHK
D2OtV6njZSOxoYa2QJ4be6B+We22wiqkt8JwxNDx30GZWHmRbRBs1Ay9MIm6QfqK
p02gLB1Y30zV/HQv0n8nWv7IN1t7GrCFlqYjtrh88XT4J9dAoLs2ZBxDwDT6okz2
fwBVtYZKQizzTFdV
-----END CERTIFICATE-----