Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jQUehOX8xAADVSbzfn3qC1Iq2Cw.cer
File:                     jQUehOX8xAADVSbzfn3qC1Iq2Cw.cer (raw, json)
Hash identifier:          qCEs9PugI6fGDiNc+Dss07uycmbOk3JQTH2YMhMwLWE=
Subject key identifier:   8D:05:1E:84:E5:FC:C4:00:03:55:26:F3:7E:7D:EA:0B:52:2A:D8:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019D879F663864D334FFC0A36056D1C776C2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/90/2a6a99-0a61-49c5-b815-1c0500980cbf/1/jQUehOX8xAADVSbzfn3qC1Iq2Cw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/90/2a6a99-0a61-49c5-b815-1c0500980cbf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 13 Apr 2026 16:14:23 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 200825
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Apr 2026 22:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:9f:66:38:64:d3:34:ff:c0:a3:60:56:d1:c7:76:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 13 16:14:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d051e84e5fcc400035526f37e7dea0b522ad82c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:26:46:e3:6a:42:d8:0d:a9:4f:0e:43:7e:a7:
                    49:9c:81:4a:fb:2a:af:d1:54:7a:86:92:79:54:c6:
                    ff:0c:07:32:15:21:3d:fd:bc:10:9e:46:80:ae:47:
                    4c:05:11:9b:39:04:d0:d7:08:f7:52:69:a5:79:8a:
                    a4:df:e6:ef:89:25:8c:a8:72:1c:c3:43:72:2f:56:
                    02:b4:01:13:1f:73:33:74:ff:3b:75:18:89:87:98:
                    b2:e5:2e:d3:56:47:eb:be:03:04:89:8f:d0:c0:58:
                    ad:79:0b:c7:e2:ef:73:a3:0b:bb:bb:a7:d5:b7:9f:
                    c4:ce:39:9d:6c:fa:87:ab:5e:4e:a9:35:d5:57:98:
                    c6:de:67:4f:15:3c:6c:7d:12:8d:cd:b9:c1:77:da:
                    29:72:98:1f:28:b1:ac:5c:09:23:74:e2:dc:75:ae:
                    3a:67:fe:57:86:86:a5:62:a6:3d:7c:d2:55:d1:86:
                    63:3d:7c:af:b3:0d:32:f6:23:07:c5:77:75:3a:99:
                    a1:54:a2:3a:28:48:d2:c0:ff:7b:85:9a:fb:be:14:
                    f5:66:d3:90:2d:7d:31:18:2e:f7:9c:d5:ba:95:dc:
                    e1:81:32:44:ef:37:2f:46:fb:92:e4:75:4e:0e:42:
                    b6:db:92:ea:52:c6:4f:20:9b:d7:2e:c1:d7:03:9e:
                    ee:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:05:1E:84:E5:FC:C4:00:03:55:26:F3:7E:7D:EA:0B:52:2A:D8:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/2a6a99-0a61-49c5-b815-1c0500980cbf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/2a6a99-0a61-49c5-b815-1c0500980cbf/1/jQUehOX8xAADVSbzfn3qC1Iq2Cw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200825

    Signature Algorithm: sha256WithRSAEncryption
         82:fe:39:a9:14:59:8f:ce:f7:c5:d8:f9:f2:75:0f:9c:df:18:
         36:b9:36:54:2d:9c:00:1b:57:7d:67:e4:b8:ef:52:ab:da:7c:
         3e:97:fd:4f:78:ae:05:ee:12:df:58:98:a0:a6:53:02:4d:a5:
         3e:60:73:87:c2:0d:0a:a2:ee:ed:5a:3a:64:fe:fb:94:08:9a:
         89:96:01:69:88:d3:53:b8:91:80:50:71:b5:f2:38:22:b7:b8:
         6b:aa:7e:2a:85:de:97:ae:24:36:be:d7:0c:1d:b5:cf:03:4a:
         15:ab:89:1a:0e:1f:4a:67:46:5a:3b:bf:8e:be:c8:19:c1:67:
         d7:74:7c:d9:da:47:bf:10:80:5c:87:ef:1a:48:db:b8:e0:0a:
         44:40:c8:23:e9:2e:c4:13:f3:67:f7:d1:f3:71:4a:28:fe:b0:
         3e:ad:55:07:45:94:13:ee:34:fe:31:44:bb:fb:a1:c1:6b:dd:
         1b:16:e6:d1:60:d1:73:a3:78:2a:ea:7c:c3:ff:99:06:e1:40:
         55:20:72:5f:44:c4:f8:79:a7:f6:45:ee:ad:3c:a5:33:66:ab:
         9e:99:3d:7c:d8:f7:24:1b:7d:ee:85:30:00:ba:ee:d7:2d:b4:
         ee:bc:43:67:4a:2a:c8:6a:fa:23:e5:de:39:81:e0:ea:ac:1a:
         d9:b0:0c:6b
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZ2Hn2Y4ZNM0/8CjYFbRx3bCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNDEzMTYxNDIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDA1MWU4NGU1ZmNjNDAwMDM1NTI2ZjM3ZTdkZWEwYjUyMmFkODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryZG42pC2A2pTw5DfqdJnIFK+yqv
0VR6hpJ5VMb/DAcyFSE9/bwQnkaArkdMBRGbOQTQ1wj3UmmleYqk3+bviSWMqHIc
w0NyL1YCtAETH3MzdP87dRiJh5iy5S7TVkfrvgMEiY/QwFiteQvH4u9zowu7u6fV
t5/EzjmdbPqHq15OqTXVV5jG3mdPFTxsfRKNzbnBd9opcpgfKLGsXAkjdOLcda46
Z/5XhoalYqY9fNJV0YZjPXyvsw0y9iMHxXd1OpmhVKI6KEjSwP97hZr7vhT1ZtOQ
LX0xGC73nNW6ldzhgTJE7zcvRvuS5HVODkK225LqUsZPIJvXLsHXA57ueQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFI0FHoTl/MQAA1Um83596gtSKtgsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkwLzJhNmE5
OS0wYTYxLTQ5YzUtYjgxNS0xYzA1MDA5ODBjYmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAvMmE2YTk5
LTBhNjEtNDljNS1iODE1LTFjMDUwMDk4MGNiZi8xL2pRVWVoT1g4eEFBRFZTYnpm
bjNxQzFJcTJDdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMQeTANBgkqhkiG9w0BAQsFAAOCAQEAgv45qRRZj873
xdj58nUPnN8YNrk2VC2cABtXfWfkuO9Sq9p8Ppf9T3iuBe4S31iYoKZTAk2lPmBz
h8INCqLu7Vo6ZP77lAiaiZYBaYjTU7iRgFBxtfI4Ire4a6p+KoXel64kNr7XDB21
zwNKFauJGg4fSmdGWju/jr7IGcFn13R82dpHvxCAXIfvGkjbuOAKREDII+kuxBPz
Z/fR83FKKP6wPq1VB0WUE+40/jFEu/uhwWvdGxbm0WDRc6N4Kup8w/+ZBuFAVSBy
X0TE+Hmn9kXurTylM2arnpk9fNj3JBt97oUwALru1y207rxDZ0oqyGr6I+XeOYHg
6qwa2bAMaw==
-----END CERTIFICATE-----