Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5ZqeAAzN5nXzYIOMJcRZHPKQus.cer
File:                     a5ZqeAAzN5nXzYIOMJcRZHPKQus.cer (raw, json)
Hash identifier:          lPfyzXIWXa+baLYb4hVt30995+tOtQdfYe7GC6DFF2U=
Subject key identifier:   6B:96:6A:78:00:33:37:99:D7:CD:82:0E:30:97:11:64:73:CA:42:EB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019DB094B599BA6FBE5A47C49052C176F137
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4f/70936b-1deb-4ede-964f-4502f2d65375/1/a5ZqeAAzN5nXzYIOMJcRZHPKQus.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4f/70936b-1deb-4ede-964f-4502f2d65375/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 21 Apr 2026 15:07:09 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 205163
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:94:b5:99:ba:6f:be:5a:47:c4:90:52:c1:76:f1:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 21 15:07:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b966a7800333799d7cd820e3097116473ca42eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:60:99:b6:a9:ad:b1:9a:18:a5:72:7c:8f:63:
                    62:20:1b:a5:f1:97:79:83:eb:ad:a9:a8:c7:61:ea:
                    1a:1c:b1:4b:ea:69:01:e4:d5:b2:e0:a7:eb:f7:4a:
                    4c:e0:df:91:51:35:1d:0d:f7:2b:80:9e:ce:e2:ee:
                    8a:52:8d:09:5c:58:be:56:5e:fc:1b:b2:8c:43:ae:
                    b3:a1:88:77:a6:b5:e8:23:33:cd:e5:51:d1:f9:48:
                    2a:48:be:92:e6:56:26:28:96:57:e7:29:4f:14:ab:
                    a8:50:7f:f9:d0:c6:60:09:e8:1a:87:95:68:6f:05:
                    97:07:ba:aa:f3:28:55:3f:8c:6f:00:96:1e:d3:0c:
                    9e:7f:c7:89:74:45:48:c8:31:a8:c4:56:99:50:f3:
                    a3:e6:d9:0d:c7:53:08:ea:71:de:fd:2b:cb:f8:83:
                    44:d4:68:d0:6b:4c:bd:e7:37:5d:df:a9:de:39:6e:
                    0b:c4:76:52:10:53:b5:d2:78:c1:9c:03:79:d0:52:
                    e7:59:b4:17:e4:b3:2f:b0:0b:d8:b0:87:76:f6:fd:
                    72:81:bc:11:f0:90:22:a2:22:ff:96:02:e2:ad:9f:
                    c8:82:62:06:2a:93:76:5e:e9:a9:1f:31:5e:0d:e7:
                    ab:5f:b7:03:83:3e:75:b8:67:b2:ff:3f:6a:04:3f:
                    90:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:96:6A:78:00:33:37:99:D7:CD:82:0E:30:97:11:64:73:CA:42:EB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/70936b-1deb-4ede-964f-4502f2d65375/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/70936b-1deb-4ede-964f-4502f2d65375/1/a5ZqeAAzN5nXzYIOMJcRZHPKQus.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205163

    Signature Algorithm: sha256WithRSAEncryption
         17:31:db:75:c5:a4:33:74:84:80:0b:f3:13:0e:35:54:72:f4:
         17:f8:9e:e1:db:60:a9:53:18:c5:c5:04:6f:c6:ae:85:73:a0:
         88:aa:70:e4:72:2b:59:f3:5a:d0:44:2b:ea:8e:7c:ab:4c:33:
         ec:de:e4:8f:68:f0:1e:42:52:2e:e1:24:fd:22:e6:6e:72:7f:
         92:4b:bd:b2:e2:93:cf:fd:33:9b:aa:69:a0:5a:ee:03:ac:a5:
         90:ea:4a:e8:71:27:f4:17:b8:7c:92:e6:a8:a4:b5:82:28:91:
         17:1c:48:a5:c6:a1:2c:bb:5f:7f:97:a3:cf:d1:43:96:5e:da:
         35:38:17:b6:a0:72:ea:db:f9:01:9d:d0:60:20:22:fe:4b:08:
         26:99:51:65:4f:92:78:d8:33:f6:28:21:59:60:cf:79:ba:7d:
         c5:fc:a7:6c:13:28:c2:1c:de:b0:c8:e3:a2:89:a1:d5:31:87:
         7f:12:50:57:14:e0:47:94:9a:82:e0:90:13:f2:01:cb:0e:3d:
         06:9c:92:d7:95:7a:52:6a:d1:42:25:e6:0e:97:e4:80:a6:6c:
         36:8e:bc:8c:45:00:c5:99:78:82:46:54:20:27:b0:0d:65:32:
         34:74:0e:33:41:b3:15:5a:e3:ef:61:29:9b:28:ab:18:d8:f5:
         0c:5f:e6:78
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZ2wlLWZum++WkfEkFLBdvE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNDIxMTUwNzA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjk2NmE3ODAwMzMzNzk5ZDdjZDgyMGUzMDk3MTE2NDczY2E0MmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWCZtqmtsZoYpXJ8j2NiIBul8Zd5
g+utqajHYeoaHLFL6mkB5NWy4Kfr90pM4N+RUTUdDfcrgJ7O4u6KUo0JXFi+Vl78
G7KMQ66zoYh3prXoIzPN5VHR+UgqSL6S5lYmKJZX5ylPFKuoUH/50MZgCegah5Vo
bwWXB7qq8yhVP4xvAJYe0wyef8eJdEVIyDGoxFaZUPOj5tkNx1MI6nHe/SvL+INE
1GjQa0y95zdd36neOW4LxHZSEFO10njBnAN50FLnWbQX5LMvsAvYsId29v1ygbwR
8JAioiL/lgLirZ/IgmIGKpN2XumpHzFeDeerX7cDgz51uGey/z9qBD+QmQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGuWangAMzeZ182CDjCXEWRzykLrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmLzcwOTM2
Yi0xZGViLTRlZGUtOTY0Zi00NTAyZjJkNjUzNzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvNzA5MzZi
LTFkZWItNGVkZS05NjRmLTQ1MDJmMmQ2NTM3NS8xL2E1WnFlQUF6TjVuWHpZSU9N
SmNSWkhQS1F1cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMhazANBgkqhkiG9w0BAQsFAAOCAQEAFzHbdcWkM3SE
gAvzEw41VHL0F/ie4dtgqVMYxcUEb8auhXOgiKpw5HIrWfNa0EQr6o58q0wz7N7k
j2jwHkJSLuEk/SLmbnJ/kku9suKTz/0zm6ppoFruA6ylkOpK6HEn9Be4fJLmqKS1
giiRFxxIpcahLLtff5ejz9FDll7aNTgXtqBy6tv5AZ3QYCAi/ksIJplRZU+SeNgz
9ighWWDPebp9xfynbBMowhzesMjjoomh1TGHfxJQVxTgR5SaguCQE/IByw49BpyS
15V6UmrRQiXmDpfkgKZsNo68jEUAxZl4gkZUICewDWUyNHQOM0GzFVrj72Epmyir
GNj1DF/meA==
-----END CERTIFICATE-----