Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bXCSMh13tuXct8pQXXQ6I4AI1PI.cer
File:                     bXCSMh13tuXct8pQXXQ6I4AI1PI.cer (raw, json)
Hash identifier:          n349K1l3J37e3Ibso7GGaIMj5g//K8RHUX1T1RHFoA0=
Subject key identifier:   6D:70:92:32:1D:77:B6:E5:DC:B7:CA:50:5D:74:3A:23:80:08:D4:F2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019E30CD831EF9F803AB448ED4FEFE981AE1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/bXCSMh13tuXct8pQXXQ6I4AI1PI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 16 May 2026 12:40:35 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 213640
                          IP: 185.60.220.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:30:cd:83:1e:f9:f8:03:ab:44:8e:d4:fe:fe:98:1a:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 16 12:40:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d7092321d77b6e5dcb7ca505d743a238008d4f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:53:7d:10:95:2f:11:86:19:98:0a:83:a1:c8:
                    bb:fe:1a:6b:e7:60:2d:55:db:9a:d1:ae:6e:80:0d:
                    19:3f:43:11:ea:ee:08:38:80:36:84:86:a5:ff:33:
                    cc:dd:6e:eb:bd:60:b1:8d:de:2b:83:29:b1:f0:7f:
                    68:81:80:fb:03:de:4e:32:0e:89:87:fe:40:37:89:
                    1f:5c:4a:db:ce:c5:08:a1:51:e0:bb:2e:8a:a4:7a:
                    cd:d8:63:20:d0:f8:84:1b:33:27:97:65:8c:97:b6:
                    11:0f:92:eb:de:7e:3b:4b:2e:78:a9:37:8a:c4:a8:
                    5f:0d:0a:0e:40:dd:fa:5a:19:da:93:60:16:c4:31:
                    05:30:40:77:04:cd:67:7d:18:f6:b6:0d:e4:a3:56:
                    30:cd:08:35:83:22:95:98:ea:c8:69:88:1c:32:ea:
                    d3:35:7f:fc:1e:e0:fa:e7:7c:bb:71:e7:ec:17:d6:
                    c7:19:16:4f:b1:3d:c3:01:c2:52:28:60:ef:72:fe:
                    04:ac:59:71:51:9f:8c:ec:55:5f:fb:a9:7e:e4:3f:
                    e6:00:11:dc:bb:71:49:fd:90:a7:69:b3:d2:76:2c:
                    e7:53:ab:ed:ba:5e:aa:b9:fa:1d:e0:f7:b0:3e:37:
                    97:14:29:69:f1:87:88:e6:02:77:3c:ed:b9:26:ab:
                    b0:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:70:92:32:1D:77:B6:E5:DC:B7:CA:50:5D:74:3A:23:80:08:D4:F2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/bXCSMh13tuXct8pQXXQ6I4AI1PI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.220.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213640

    Signature Algorithm: sha256WithRSAEncryption
         69:1e:45:c5:03:36:ff:e8:a8:63:63:52:12:c7:65:cb:a7:07:
         f6:e4:83:0f:bb:7a:05:4d:bd:c0:47:9c:a3:30:d2:49:ad:f8:
         24:ac:94:95:76:4d:33:03:11:8a:85:c2:59:d6:00:2e:09:c4:
         41:47:1a:18:db:69:4b:ff:7f:a0:e0:75:3b:22:74:0b:7d:b7:
         44:5d:9e:f9:ea:4c:75:52:2f:c0:36:0b:ff:c0:54:f6:1d:07:
         77:ef:bf:b5:6a:7e:4b:a9:62:55:55:3a:16:e8:3e:6c:68:af:
         96:d4:3b:3d:c1:cb:56:14:19:0b:85:fd:00:ce:ad:d0:fa:68:
         ae:63:a5:92:ab:20:ac:4c:53:62:cd:e6:b7:fb:1f:b0:c2:9c:
         45:d5:45:eb:84:7d:be:fd:dc:f6:39:0c:1f:7c:9c:9d:1d:48:
         dd:76:d3:1a:98:04:5e:67:da:f2:32:51:4b:2c:dd:91:ec:2e:
         10:d8:b9:54:e0:ff:5a:d2:c9:0c:f5:6d:2b:12:06:a2:7a:b0:
         ae:f1:1c:06:17:fe:ee:a7:4a:7d:ea:b9:fa:83:05:e1:dd:85:
         e7:2c:ec:9f:2f:20:7b:70:0e:af:9c:1f:47:ac:9c:eb:a4:f2:
         13:dd:d9:b7:14:41:ac:10:ee:87:b0:d7:87:e7:85:fd:36:6f:
         dc:65:32:e1
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZ4wzYMe+fgDq0SO1P7+mBrhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNTE2MTI0MDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDcwOTIzMjFkNzdiNmU1ZGNiN2NhNTA1ZDc0M2EyMzgwMDhkNGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1N9EJUvEYYZmAqDoci7/hpr52At
Vdua0a5ugA0ZP0MR6u4IOIA2hIal/zPM3W7rvWCxjd4rgymx8H9ogYD7A95OMg6J
h/5AN4kfXErbzsUIoVHguy6KpHrN2GMg0PiEGzMnl2WMl7YRD5Lr3n47Sy54qTeK
xKhfDQoOQN36Whnak2AWxDEFMEB3BM1nfRj2tg3ko1YwzQg1gyKVmOrIaYgcMurT
NX/8HuD653y7cefsF9bHGRZPsT3DAcJSKGDvcv4ErFlxUZ+M7FVf+6l+5D/mABHc
u3FJ/ZCnabPSdiznU6vtul6qufod4PewPjeXFClp8YeI5gJ3PO25JquwtQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFG1wkjIdd7bl3LfKUF10OiOACNTyMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliL2ZiZjEz
ZS1lMjViLTQ5N2EtYmU1NS0zODQ3ZjRmMjRlYTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvZmJmMTNl
LWUyNWItNDk3YS1iZTU1LTM4NDdmNGYyNGVhNy8xL2JYQ1NNaDEzdHVYY3Q4cFFY
WFE2STRBSTFQSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuTzcMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNCiDANBgkqhkiG9w0BAQsFAAOCAQEAaR5FxQM2/+ioY2NSEsdly6cH9uSDD7t6
BU29wEecozDSSa34JKyUlXZNMwMRioXCWdYALgnEQUcaGNtpS/9/oOB1OyJ0C323
RF2e+epMdVIvwDYL/8BU9h0Hd++/tWp+S6liVVU6Fug+bGivltQ7PcHLVhQZC4X9
AM6t0PpormOlkqsgrExTYs3mt/sfsMKcRdVF64R9vv3c9jkMH3ycnR1I3XbTGpgE
Xmfa8jJRSyzdkewuENi5VOD/WtLJDPVtKxIGonqwrvEcBhf+7qdKfeq5+oMF4d2F
5yzsny8ge3AOr5wfR6yc66TyE93ZtxRBrBDuh7DXh+eF/TZv3GUy4Q==
-----END CERTIFICATE-----