Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/U_rXyaSF_rKReT654tuY9BjlxLg.cer
File:                     U_rXyaSF_rKReT654tuY9BjlxLg.cer (raw, json)
Hash identifier:          /Z0JUBCbQ/ja0fHBnM9+gzFJU84LCdMxs2TfzCaJafw=
Subject key identifier:   53:FA:D7:C9:A4:85:FE:B2:91:79:3E:B9:E2:DB:98:F4:18:E5:C4:B8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019A32B38E58111504FE87DAA38182EDEC13
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/5140e8-c7fc-48bf-960e-0f04c6a995fd/1/U_rXyaSF_rKReT654tuY9BjlxLg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/5140e8-c7fc-48bf-960e-0f04c6a995fd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 30 Oct 2025 01:20:19 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.134.232.0/22
                          IP: 2a06:ef80::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 00:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:32:b3:8e:58:11:15:04:fe:87:da:a3:81:82:ed:ec:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 30 01:20:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53fad7c9a485feb291793eb9e2db98f418e5c4b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b3:14:93:37:7c:3c:bb:38:ae:d4:91:94:50:
                    f5:94:f3:0b:90:43:f3:87:24:21:46:1b:4e:78:b3:
                    7f:08:da:41:d8:5e:3d:42:46:a3:12:ec:29:a1:3e:
                    8e:59:87:56:e8:d5:53:a0:f0:b0:ef:95:59:15:fb:
                    15:eb:71:6d:6f:df:45:7b:1e:c3:f9:b3:36:e6:75:
                    5b:56:94:aa:8b:21:67:63:62:96:aa:39:14:4e:f8:
                    65:60:34:62:f1:07:f8:93:a4:34:ef:09:0b:c9:9e:
                    2d:f6:01:83:4a:bd:48:42:ba:a5:c2:9a:98:f7:6b:
                    12:cc:92:7c:c8:49:af:64:4d:af:b8:85:d2:ed:37:
                    2d:ac:e7:33:2c:24:ea:1f:20:0a:2f:28:ea:ae:2d:
                    dc:00:ff:d7:a0:91:a0:16:91:49:9d:8e:92:ac:a9:
                    d4:e0:62:c3:22:1a:97:d1:b5:6c:5c:b8:0c:28:28:
                    7b:d1:e5:3e:01:cf:16:01:77:bd:75:f1:5e:c7:4c:
                    6f:3c:14:d0:8d:dd:c2:08:66:3d:3e:20:02:ed:28:
                    9c:15:b4:99:92:8a:53:18:5c:e3:0b:6f:61:fe:68:
                    d9:73:c1:15:04:d6:9c:6b:a9:43:46:1f:89:e7:30:
                    05:a5:d6:00:3a:d1:ee:69:4f:8c:18:d8:e0:8b:70:
                    51:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FA:D7:C9:A4:85:FE:B2:91:79:3E:B9:E2:DB:98:F4:18:E5:C4:B8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/5140e8-c7fc-48bf-960e-0f04c6a995fd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/5140e8-c7fc-48bf-960e-0f04c6a995fd/1/U_rXyaSF_rKReT654tuY9BjlxLg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.232.0/22
                IPv6:
                  2a06:ef80::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:c0:82:ae:fe:73:21:99:48:27:2b:43:2c:ad:5f:53:13:54:
         ea:37:61:fb:fd:12:44:b2:0c:40:35:2c:a2:78:5c:66:fc:bb:
         3b:05:df:c3:e2:29:2f:68:d7:25:56:9b:26:87:77:6e:6c:d2:
         07:8a:57:0b:89:3c:5f:83:7e:c2:6e:aa:7a:72:a3:04:50:c1:
         93:70:00:57:91:17:b1:95:e3:94:3f:ae:37:20:02:24:7c:be:
         23:59:79:ad:82:17:27:a9:56:40:f7:36:1b:a6:12:6e:86:f2:
         4f:7e:df:a7:f9:3e:3d:f3:20:e9:29:2d:e0:a6:dc:7b:e0:07:
         55:e7:d0:7e:81:ac:17:8f:4b:a9:47:ab:9d:d9:5a:c1:27:d0:
         ab:5d:be:7d:4e:de:69:d9:74:42:aa:ea:13:85:1f:f3:40:51:
         bf:f9:29:20:48:df:6a:39:d4:a8:aa:b9:ca:8d:ef:2a:54:1f:
         58:e8:2b:43:3f:e0:5c:17:79:10:f8:e6:21:f8:21:b0:cc:7d:
         f7:d9:7b:a2:0f:1b:df:5e:de:26:71:17:83:4a:c7:d1:c4:b0:
         c4:8b:f7:52:17:5d:ba:7a:d0:66:1b:0a:02:21:0e:10:ce:ad:
         dd:b4:1b:6e:66:6c:a4:e5:f4:07:4d:16:9c:50:f0:e1:c9:cf:
         6b:54:df:21
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZoys45YERUE/ofao4GC7ewTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUxMDMwMDEyMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ZhZDdjOWE0ODVmZWIyOTE3OTNlYjllMmRiOThmNDE4ZTVjNGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbMUkzd8PLs4rtSRlFD1lPMLkEPz
hyQhRhtOeLN/CNpB2F49QkajEuwpoT6OWYdW6NVToPCw75VZFfsV63Ftb99Fex7D
+bM25nVbVpSqiyFnY2KWqjkUTvhlYDRi8Qf4k6Q07wkLyZ4t9gGDSr1IQrqlwpqY
92sSzJJ8yEmvZE2vuIXS7TctrOczLCTqHyAKLyjqri3cAP/XoJGgFpFJnY6SrKnU
4GLDIhqX0bVsXLgMKCh70eU+Ac8WAXe9dfFex0xvPBTQjd3CCGY9PiAC7SicFbSZ
kopTGFzjC29h/mjZc8EVBNaca6lDRh+J5zAFpdYAOtHuaU+MGNjgi3BRXwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFFP618mkhf6ykXk+ueLbmPQY5cS4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2LzUxNDBl
OC1jN2ZjLTQ4YmYtOTYwZS0wZjA0YzZhOTk1ZmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvNTE0MGU4
LWM3ZmMtNDhiZi05NjBlLTBmMDRjNmE5OTVmZC8xL1Vfclh5YVNGX3JLUmVUNjU0
dHVZOUJqbHhMZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuYboMA0EAgACMAcDBQMqBu+AMA0GCSqGSIb3
DQEBCwUAA4IBAQCTwIKu/nMhmUgnK0MsrV9TE1TqN2H7/RJEsgxANSyieFxm/Ls7
Bd/D4ikvaNclVpsmh3dubNIHilcLiTxfg37Cbqp6cqMEUMGTcABXkRexleOUP643
IAIkfL4jWXmtghcnqVZA9zYbphJuhvJPft+n+T498yDpKS3gptx74AdV59B+gawX
j0upR6ud2VrBJ9CrXb59Tt5p2XRCquoThR/zQFG/+SkgSN9qOdSoqrnKje8qVB9Y
6CtDP+BcF3kQ+OYh+CGwzH332XuiDxvfXt4mcReDSsfRxLDEi/dSF126etBmGwoC
IQ4Qzq3dtBtuZmyk5fQHTRacUPDhyc9rVN8h
-----END CERTIFICATE-----