Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dDWQyYyt2-4a14ldOC1Q9f28SK0.cer
File:                     dDWQyYyt2-4a14ldOC1Q9f28SK0.cer (raw, json)
Hash identifier:          tT8j+XhVOkwyFkpov5gCNi5RE2aVmrlLmVgltdt4A7Y=
Subject key identifier:   74:35:90:C9:8C:AD:DB:EE:1A:D7:89:5D:38:2D:50:F5:FD:BC:48:AD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0198F5B0C8E31A0F67571353EA3146BB7FF4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0d/9a99c5-0713-4b76-b8f2-01adc1015648/1/dDWQyYyt2-4a14ldOC1Q9f28SK0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0d/9a99c5-0713-4b76-b8f2-01adc1015648/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 29 Aug 2025 11:57:40 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.218.116.0/22
                          IP: 2a0b:d5c0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f5:b0:c8:e3:1a:0f:67:57:13:53:ea:31:46:bb:7f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 29 11:57:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=743590c98caddbee1ad7895d382d50f5fdbc48ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:77:75:1d:eb:a8:f7:ab:ab:18:03:0c:0a:e9:
                    07:71:d1:6c:19:bb:c5:90:c8:34:ac:90:2e:d8:82:
                    a3:03:99:c2:53:83:b8:b9:58:61:8c:5c:e6:f1:54:
                    b9:c3:71:21:8f:2d:e1:ae:78:c1:90:c2:e9:d4:96:
                    71:de:02:38:f8:20:96:e0:a8:95:82:62:a3:dc:e1:
                    fb:bf:4c:d5:68:25:39:6c:74:13:bd:1a:75:0e:41:
                    d9:3d:15:cb:00:d6:8e:62:61:25:06:69:33:37:04:
                    c4:68:6f:c1:f3:8f:0f:5a:65:7c:75:2b:22:f0:3c:
                    be:0a:80:fa:db:13:54:23:ac:9a:67:1f:df:9f:f1:
                    7c:c4:ef:b6:dc:44:76:27:7e:cc:6a:4a:fd:e6:13:
                    35:e8:dd:14:c6:ec:d4:11:ec:97:37:09:6c:68:c2:
                    36:77:ff:cf:10:c4:33:2d:d7:da:08:04:45:97:72:
                    4d:c7:e6:1d:9a:0e:42:f7:11:fc:1d:72:61:9b:6a:
                    f8:23:95:5d:22:2a:40:72:85:1e:a6:be:f6:c6:4c:
                    1d:f2:04:2d:4b:73:38:04:06:13:18:88:99:d1:22:
                    cc:fc:19:81:66:bc:c1:7b:e7:97:35:fc:e3:9e:67:
                    f1:41:15:e4:14:3a:c9:11:f0:07:10:8a:cf:40:46:
                    2b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:35:90:C9:8C:AD:DB:EE:1A:D7:89:5D:38:2D:50:F5:FD:BC:48:AD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/9a99c5-0713-4b76-b8f2-01adc1015648/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/9a99c5-0713-4b76-b8f2-01adc1015648/1/dDWQyYyt2-4a14ldOC1Q9f28SK0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.116.0/22
                IPv6:
                  2a0b:d5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:8a:d6:1d:b2:af:ff:b4:92:96:df:4f:ec:7c:58:31:62:6b:
         d6:ad:8a:3e:cc:68:65:7d:ec:9f:97:fe:ac:12:30:74:92:29:
         e4:21:dd:ba:25:c0:45:7d:54:b0:5a:e4:81:1e:40:79:bc:47:
         4f:8c:57:81:1b:5e:92:3b:fb:86:88:81:5f:36:27:c5:6a:27:
         f1:df:ed:3c:9d:7d:f9:53:50:26:c6:d3:6d:e6:08:43:1b:4e:
         ef:15:3b:f5:82:fd:60:67:24:17:78:6c:15:66:fc:27:c0:b3:
         34:00:db:7a:9c:6d:76:ae:3b:aa:14:da:5f:00:7d:ee:f8:1a:
         c8:4f:33:66:5d:22:c7:c5:5a:e9:4f:54:30:cc:7e:4f:cb:72:
         91:62:18:48:fe:7e:33:40:10:08:13:9a:f9:44:fe:a4:4f:12:
         f9:d2:0f:fc:94:0d:1e:d6:34:02:4a:0e:01:3c:32:cd:9c:7b:
         28:32:40:70:6e:28:21:5e:d9:3d:9a:b8:d4:60:bb:cd:7a:f7:
         ef:01:dd:67:57:f0:cb:d1:33:0c:6c:e6:af:1e:6c:9f:7d:90:
         f5:35:f9:dd:e4:05:24:75:c2:cf:eb:bd:29:15:8a:52:25:0f:
         bc:c8:94:d3:26:c9:c8:16:05:f5:b7:f7:cb:c4:5b:3f:8a:0c:
         a8:02:dd:a4
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZj1sMjjGg9nVxNT6jFGu3/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwODI5MTE1NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDM1OTBjOThjYWRkYmVlMWFkNzg5NWQzODJkNTBmNWZkYmM0OGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnd1Heuo96urGAMMCukHcdFsGbvF
kMg0rJAu2IKjA5nCU4O4uVhhjFzm8VS5w3Ehjy3hrnjBkMLp1JZx3gI4+CCW4KiV
gmKj3OH7v0zVaCU5bHQTvRp1DkHZPRXLANaOYmElBmkzNwTEaG/B848PWmV8dSsi
8Dy+CoD62xNUI6yaZx/fn/F8xO+23ER2J37Makr95hM16N0UxuzUEeyXNwlsaMI2
d//PEMQzLdfaCARFl3JNx+Ydmg5C9xH8HXJhm2r4I5VdIipAcoUepr72xkwd8gQt
S3M4BAYTGIiZ0SLM/BmBZrzBe+eXNfzjnmfxQRXkFDrJEfAHEIrPQEYr8wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHQ1kMmMrdvuGteJXTgtUPX9vEitMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBkLzlhOTlj
NS0wNzEzLTRiNzYtYjhmMi0wMWFkYzEwMTU2NDgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGQvOWE5OWM1
LTA3MTMtNGI3Ni1iOGYyLTAxYWRjMTAxNTY0OC8xL2REV1F5WXl0Mi00YTE0bGRP
QzFROWYyOFNLMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCudp0MA0EAgACMAcDBQMqC9XAMA0GCSqGSIb3
DQEBCwUAA4IBAQCYitYdsq//tJKW30/sfFgxYmvWrYo+zGhlfeyfl/6sEjB0kink
Id26JcBFfVSwWuSBHkB5vEdPjFeBG16SO/uGiIFfNifFaifx3+08nX35U1AmxtNt
5ghDG07vFTv1gv1gZyQXeGwVZvwnwLM0ANt6nG12rjuqFNpfAH3u+BrITzNmXSLH
xVrpT1QwzH5Py3KRYhhI/n4zQBAIE5r5RP6kTxL50g/8lA0e1jQCSg4BPDLNnHso
MkBwbighXtk9mrjUYLvNevfvAd1nV/DL0TMMbOavHmyffZD1Nfnd5AUkdcLP670p
FYpSJQ+8yJTTJsnIFgX1t/fLxFs/igyoAt2k
-----END CERTIFICATE-----