Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer
File:                     mNzlp5yzGxSLLmNpBacEIvtlxmA.cer (raw, json)
Hash identifier:          IhjaPVg6d9j4lGConhqKa9E0pUQLaoZoHq048ozjVCE=
Subject key identifier:   98:DC:E5:A7:9C:B3:1B:14:8B:2E:63:69:05:A7:04:22:FB:65:C6:60
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019D549A4C7687DDE73F04E3B18B8D41E556
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 03 Apr 2026 18:28:11 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 185.145.156.0/22
                          IP: 2a07:4840::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 Apr 2026 10:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:9a:4c:76:87:dd:e7:3f:04:e3:b1:8b:8d:41:e5:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr  3 18:28:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98dce5a79cb31b148b2e636905a70422fb65c660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e4:c7:a9:b7:78:96:a0:79:43:f8:d4:37:bd:
                    03:26:42:d5:55:89:16:e1:da:01:c8:c0:3e:5c:99:
                    d9:81:30:99:d7:74:65:fb:5b:31:f0:0b:49:d5:2f:
                    0c:09:02:77:dd:69:c9:e9:c3:f8:ee:5d:71:cc:9e:
                    30:c3:cd:74:3a:44:61:08:2f:c2:9e:32:81:23:83:
                    6f:1b:d5:dc:67:65:20:13:c1:24:e0:5c:bf:15:b5:
                    58:50:53:6f:64:38:aa:c5:26:14:ef:17:81:ea:7a:
                    d0:a1:6e:43:08:bb:da:a5:63:22:21:8e:78:68:ae:
                    a8:ff:df:47:24:30:15:55:e8:aa:4a:9e:8f:b8:48:
                    83:44:34:04:5d:73:1e:95:ee:e6:68:63:79:e9:29:
                    be:0a:35:46:40:45:e9:db:20:4d:c0:2c:25:16:43:
                    85:6b:d0:ff:08:89:fb:6e:ad:03:eb:53:a9:a5:c8:
                    ee:c5:6b:f1:e9:e0:e9:10:82:10:38:45:0c:e7:a7:
                    c5:d8:38:d2:d5:8f:8c:83:98:97:6c:cf:5d:13:fe:
                    a3:6b:da:31:d2:0e:58:27:9a:35:29:45:d8:62:bd:
                    68:c1:22:1e:39:3c:3f:8d:36:2c:81:ba:97:50:bd:
                    cb:8e:8c:d2:a2:a1:c7:af:d6:5f:0d:6e:47:7d:2f:
                    fb:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:DC:E5:A7:9C:B3:1B:14:8B:2E:63:69:05:A7:04:22:FB:65:C6:60
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.156.0/22
                IPv6:
                  2a07:4840::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:a0:01:6c:76:db:3f:12:c6:5d:d7:2d:ee:87:c5:66:ac:bd:
         5a:fc:b1:3a:f2:5e:28:01:2c:b8:6a:b7:80:a0:4a:a6:f4:15:
         85:d4:8a:dd:f8:00:26:59:92:d7:df:76:3a:bc:bf:56:a3:65:
         5b:bd:82:f9:8d:8f:18:c7:8c:51:7d:ea:a3:ed:dc:32:63:ba:
         c0:d1:b4:7a:c4:96:73:da:a2:bb:30:07:d6:da:7d:97:4b:c6:
         ce:e9:06:cd:b4:ad:e1:d1:bb:b4:3d:4d:27:ba:ae:f5:63:0b:
         6f:81:fa:26:1f:7b:b6:f8:53:98:36:4e:47:05:26:09:d1:57:
         c5:ad:14:04:7c:3c:2b:07:6a:d5:56:3f:99:c6:78:ad:42:f3:
         58:94:30:24:20:fa:3f:7b:ec:d6:f6:d7:b5:0f:a0:2b:05:18:
         41:06:30:6b:28:54:b1:3c:fc:9f:dd:29:68:14:4c:99:59:e3:
         50:28:7e:48:f0:a8:3c:be:0c:4e:0b:ff:b5:ed:07:9c:92:07:
         c3:7d:62:85:a0:ee:b1:a2:eb:98:e6:59:d6:07:8a:31:5d:21:
         d5:64:ad:68:7f:76:21:bf:83:66:01:29:c9:9b:c5:63:53:3a:
         36:21:fe:f1:df:e2:52:2d:a2:a9:3c:1a:55:1a:22:9b:66:4c:
         ae:26:bf:bb
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZ1Umkx2h93nPwTjsYuNQeVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNDAzMTgyODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGRjZTVhNzljYjMxYjE0OGIyZTYzNjkwNWE3MDQyMmZiNjVjNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleTHqbd4lqB5Q/jUN70DJkLVVYkW
4doByMA+XJnZgTCZ13Rl+1sx8AtJ1S8MCQJ33WnJ6cP47l1xzJ4ww810OkRhCC/C
njKBI4NvG9XcZ2UgE8Ek4Fy/FbVYUFNvZDiqxSYU7xeB6nrQoW5DCLvapWMiIY54
aK6o/99HJDAVVeiqSp6PuEiDRDQEXXMele7maGN56Sm+CjVGQEXp2yBNwCwlFkOF
a9D/CIn7bq0D61OppcjuxWvx6eDpEIIQOEUM56fF2DjS1Y+Mg5iXbM9dE/6ja9ox
0g5YJ5o1KUXYYr1owSIeOTw/jTYsgbqXUL3LjozSoqHHr9ZfDW5HfS/74wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJjc5aecsxsUiy5jaQWnBCL7ZcZgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q3LzEzYjQ1
MS05ZTg2LTRiZjUtYjY1MS0yOTZiNTlmNmQyYjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcvMTNiNDUx
LTllODYtNGJmNS1iNjUxLTI5NmI1OWY2ZDJiNS8xL21OemxwNXl6R3hTTExtTnBC
YWNFSXZ0bHhtQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuZGcMA0EAgACMAcDBQMqB0hAMA0GCSqGSIb3
DQEBCwUAA4IBAQA/oAFsdts/EsZd1y3uh8VmrL1a/LE68l4oASy4areAoEqm9BWF
1Ird+AAmWZLX33Y6vL9Wo2VbvYL5jY8Yx4xRfeqj7dwyY7rA0bR6xJZz2qK7MAfW
2n2XS8bO6QbNtK3h0bu0PU0nuq71YwtvgfomH3u2+FOYNk5HBSYJ0VfFrRQEfDwr
B2rVVj+ZxnitQvNYlDAkIPo/e+zW9te1D6ArBRhBBjBrKFSxPPyf3SloFEyZWeNQ
KH5I8Kg8vgxOC/+17QeckgfDfWKFoO6xouuY5lnWB4oxXSHVZK1of3Yhv4NmASnJ
m8VjUzo2If7x3+JSLaKpPBpVGiKbZkyuJr+7
-----END CERTIFICATE-----