Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fmT8p3Ppn2rcgao85cY2I-4rHdc.cer
File:                     fmT8p3Ppn2rcgao85cY2I-4rHdc.cer (raw, json)
Hash identifier:          qwSNzJzfu0rfAkPCE/A6DdHhrYxABSj7vs6rtd8ew5A=
Subject key identifier:   7E:64:FC:A7:73:E9:9F:6A:DC:81:AA:3C:E5:C6:36:23:EE:2B:1D:D7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019A2A00ED1AA808F160E4FD8F3EBF6F656C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/fmT8p3Ppn2rcgao85cY2I-4rHdc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 28 Oct 2025 08:48:15 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 56811
                          IP: 91.227.255.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 00:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:00:ed:1a:a8:08:f1:60:e4:fd:8f:3e:bf:6f:65:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 28 08:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e64fca773e99f6adc81aa3ce5c63623ee2b1dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:af:ae:2d:ce:6d:99:04:2d:75:b8:9c:ce:e9:
                    0f:66:dd:df:24:86:e0:f0:7b:a2:c7:ad:32:67:8d:
                    3c:b9:e1:13:60:52:aa:33:6b:f4:86:0a:72:28:41:
                    2c:41:97:00:44:87:a0:8c:38:6e:a5:43:39:2a:5f:
                    42:a3:e4:09:43:f9:a6:96:a4:ff:ea:7e:c8:18:23:
                    89:63:fb:92:cf:07:a9:b9:69:e0:cc:37:0a:c5:23:
                    e1:9d:c9:df:da:5f:16:1a:e9:90:23:0f:86:e7:8f:
                    a9:8a:f3:80:44:39:53:b0:96:fa:ea:fe:77:8d:42:
                    de:39:b7:83:ba:bf:a4:24:4e:ac:d4:06:14:05:48:
                    73:4b:5b:4e:b1:1e:7c:73:2f:64:7a:dc:14:6b:88:
                    38:34:90:2f:80:19:90:c1:87:ff:dc:ad:6b:48:cd:
                    30:33:9a:81:b6:dd:c7:72:b0:37:1c:25:78:2c:ba:
                    61:cf:8a:21:fe:9b:16:21:60:c7:bd:2b:7a:b2:a1:
                    96:7d:5a:e3:e9:8c:74:5b:2c:18:b2:83:04:fb:8e:
                    52:2f:ce:9c:a1:17:c6:0c:76:ea:70:91:38:dd:db:
                    76:a7:8a:05:56:25:8a:fb:aa:55:e7:84:31:e0:e3:
                    ff:3d:58:0d:d6:cc:c1:31:71:ff:76:fe:e2:ed:42:
                    79:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:64:FC:A7:73:E9:9F:6A:DC:81:AA:3C:E5:C6:36:23:EE:2B:1D:D7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/fmT8p3Ppn2rcgao85cY2I-4rHdc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.255.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  56811

    Signature Algorithm: sha256WithRSAEncryption
         12:cc:d2:09:0e:09:08:d4:bd:cf:8b:7a:01:50:b3:27:e3:74:
         d0:e0:dc:fa:1a:ee:6f:5e:0c:f8:33:3b:78:d1:aa:2f:bd:17:
         e9:f0:86:fd:27:30:5f:17:59:9f:12:ca:bf:38:9f:ca:17:49:
         58:89:31:de:f8:49:4d:44:12:86:9c:35:d5:02:65:b0:ea:8b:
         bf:ed:30:26:46:48:60:e0:c8:80:06:7e:f4:58:42:3e:5e:ea:
         ef:77:b2:f6:a9:65:7b:11:52:ba:f5:16:26:bf:6e:c6:99:73:
         c9:19:09:be:f3:05:a1:86:4b:a4:cb:23:f4:b6:db:c3:a3:11:
         a2:14:82:68:f6:1b:6e:fa:44:a2:ae:21:a6:f0:22:6e:ec:04:
         37:7f:5f:a1:0b:08:9f:b9:7a:6c:03:af:fb:55:ba:9f:5f:ec:
         b8:9e:1d:21:de:b8:22:d9:a0:02:e6:1e:bb:58:75:5a:50:dd:
         57:f1:6d:5f:95:f1:35:81:fa:c6:a0:a6:18:c3:47:83:3d:31:
         a4:f3:59:23:89:71:4f:b4:d2:c0:f7:bb:39:8d:8c:dd:ea:76:
         ea:59:26:be:29:d9:f8:f7:30:3d:0f:ea:ac:95:77:55:e8:ed:
         80:0b:40:b2:8e:c7:4c:1f:07:95:af:13:4d:d6:39:3f:e3:90:
         78:58:e8:3c
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZoqAO0aqAjxYOT9jz6/b2VsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUxMDI4MDg0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTY0ZmNhNzczZTk5ZjZhZGM4MWFhM2NlNWM2MzYyM2VlMmIxZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8K+uLc5tmQQtdbiczukPZt3fJIbg
8Huix60yZ408ueETYFKqM2v0hgpyKEEsQZcARIegjDhupUM5Kl9Co+QJQ/mmlqT/
6n7IGCOJY/uSzwepuWngzDcKxSPhncnf2l8WGumQIw+G54+pivOARDlTsJb66v53
jULeObeDur+kJE6s1AYUBUhzS1tOsR58cy9ketwUa4g4NJAvgBmQwYf/3K1rSM0w
M5qBtt3HcrA3HCV4LLphz4oh/psWIWDHvSt6sqGWfVrj6Yx0WywYsoME+45SL86c
oRfGDHbqcJE43dt2p4oFViWK+6pV54Qx4OP/PVgN1szBMXH/dv7i7UJ5iQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFH5k/Kdz6Z9q3IGqPOXGNiPuKx3XMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk0LzQ4MGQz
Ni1kMWZkLTRlZWItYjliOC1jNTJkZmIyODk4NDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTQvNDgwZDM2
LWQxZmQtNGVlYi1iOWI4LWM1MmRmYjI4OTg0My8xL2ZtVDhwM1BwbjJyY2dhbzg1
Y1kySS00ckhkYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+P/MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDd6zANBgkqhkiG9w0BAQsFAAOCAQEAEszSCQ4JCNS9z4t6AVCzJ+N00ODc+hru
b14M+DM7eNGqL70X6fCG/ScwXxdZnxLKvzifyhdJWIkx3vhJTUQShpw11QJlsOqL
v+0wJkZIYODIgAZ+9FhCPl7q73ey9qllexFSuvUWJr9uxplzyRkJvvMFoYZLpMsj
9Lbbw6MRohSCaPYbbvpEoq4hpvAibuwEN39foQsIn7l6bAOv+1W6n1/suJ4dId64
ItmgAuYeu1h1WlDdV/FtX5XxNYH6xqCmGMNHgz0xpPNZI4lxT7TSwPe7OY2M3ep2
6lkmvinZ+PcwPQ/qrJV3VejtgAtAso7HTB8Hla8TTdY5P+OQeFjoPA==
-----END CERTIFICATE-----