Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qI2nDOKKiJJzJtuLYipmwp-sUjw.cer
File:                     qI2nDOKKiJJzJtuLYipmwp-sUjw.cer (raw, json)
Hash identifier:          /wfjhI1EnOu1KW25c3r1t/Gu97hPSEjG85U9pwPej8o=
Subject key identifier:   A8:8D:A7:0C:E2:8A:88:92:73:26:DB:8B:62:2A:66:C2:9F:AC:52:3C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019E22159AF6CF296F6F30B559D672D251E7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d8/baf879-67c0-4785-b870-ae3b9e34d27f/1/qI2nDOKKiJJzJtuLYipmwp-sUjw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d8/baf879-67c0-4785-b870-ae3b9e34d27f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 13 May 2026 16:05:01 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 85.137.176.0/22
                          IP: 85.137.208.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:22:15:9a:f6:cf:29:6f:6f:30:b5:59:d6:72:d2:51:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 13 16:05:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a88da70ce28a88927326db8b622a66c29fac523c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:8a:59:0a:72:6f:c1:50:ff:9e:20:56:43:f9:
                    1d:48:20:c4:aa:c4:c8:4b:e6:d0:1e:19:f5:d4:76:
                    27:a3:e7:c3:b7:c5:3d:6f:52:e9:bf:13:96:b1:67:
                    a5:8b:29:59:f6:9d:3c:f3:b1:a9:b1:c8:fa:bb:8d:
                    93:76:a4:10:6a:32:7f:28:65:27:50:1e:58:14:dd:
                    c3:49:7b:05:11:ba:1e:b5:9f:32:58:17:be:ae:e2:
                    b9:94:21:16:e1:90:6b:e1:3c:d7:0f:d7:6b:f6:3a:
                    02:52:ec:27:b5:be:68:4a:7b:29:96:7a:37:de:c5:
                    84:10:2b:a3:2e:dd:f7:0f:aa:19:e4:a1:60:f4:b3:
                    e9:92:50:5b:fa:a3:15:d4:6a:a2:09:6e:24:8b:09:
                    d2:f0:1e:5f:27:9b:56:7e:53:79:63:c4:2e:b3:f5:
                    aa:40:78:47:91:e3:b5:15:78:26:9f:8a:ae:53:11:
                    3c:57:a3:d5:5d:0d:66:35:de:c2:d9:26:f6:cf:1f:
                    08:1f:61:68:ab:25:ee:5b:90:b9:c2:f1:f6:f1:55:
                    83:11:fb:4c:ce:ed:0c:9f:bc:b6:76:26:17:82:ea:
                    7f:a8:a9:12:99:3c:f4:b2:50:3d:8b:42:c4:f3:1a:
                    18:5a:f0:ef:b6:be:3a:57:a2:c1:86:c0:6e:7a:03:
                    a4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:8D:A7:0C:E2:8A:88:92:73:26:DB:8B:62:2A:66:C2:9F:AC:52:3C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/baf879-67c0-4785-b870-ae3b9e34d27f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/baf879-67c0-4785-b870-ae3b9e34d27f/1/qI2nDOKKiJJzJtuLYipmwp-sUjw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.137.176.0/22
                  85.137.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:dc:bd:4a:6c:8e:60:21:ea:24:bc:66:ff:34:e6:14:2c:46:
         21:78:f9:6c:39:29:9f:b9:0e:91:6c:da:1c:3f:5c:12:93:07:
         69:7b:55:ed:a6:16:6e:f0:c7:37:b9:06:22:70:80:b6:f7:02:
         83:07:0d:73:70:3f:8b:d2:68:48:a7:51:99:ed:74:0b:7d:f0:
         fc:67:d4:98:24:eb:6d:84:e2:bf:1a:35:d9:fa:e1:d6:e7:01:
         2f:59:15:05:d8:47:30:8c:73:b7:97:08:fe:51:a3:f5:a3:94:
         3a:c6:cf:55:69:02:41:12:89:69:10:af:02:1a:69:2a:44:34:
         d7:23:b6:42:6f:bf:ec:79:b8:a2:5c:58:a4:0b:74:40:47:2a:
         ad:7a:f1:2d:65:47:c6:b4:7a:cf:f9:97:1a:a4:61:d4:c4:4e:
         47:13:45:70:b8:17:57:ae:e5:20:17:49:6b:05:53:7f:5b:68:
         01:91:8c:6b:1d:52:e4:11:11:76:d1:85:6a:3b:5c:0d:f6:a9:
         c5:59:2f:6f:f8:05:06:76:df:f5:3c:08:9c:5f:39:4c:27:e8:
         89:ab:1c:df:8d:27:e8:a8:c9:81:91:47:77:f7:18:a0:6f:b4:
         9d:4d:9b:92:0c:eb:40:33:d3:bb:6a:a1:7d:b4:34:6b:b2:8d:
         20:ed:cd:46
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAZ4iFZr2zylvbzC1WdZy0lHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNTEzMTYwNTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODhkYTcwY2UyOGE4ODkyNzMyNmRiOGI2MjJhNjZjMjlmYWM1MjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YpZCnJvwVD/niBWQ/kdSCDEqsTI
S+bQHhn11HYno+fDt8U9b1LpvxOWsWeliylZ9p0887Gpscj6u42TdqQQajJ/KGUn
UB5YFN3DSXsFEboetZ8yWBe+ruK5lCEW4ZBr4TzXD9dr9joCUuwntb5oSnsplno3
3sWEECujLt33D6oZ5KFg9LPpklBb+qMV1GqiCW4kiwnS8B5fJ5tWflN5Y8Qus/Wq
QHhHkeO1FXgmn4quUxE8V6PVXQ1mNd7C2Sb2zx8IH2FoqyXuW5C5wvH28VWDEftM
zu0Mn7y2diYXgup/qKkSmTz0slA9i0LE8xoYWvDvtr46V6LBhsBuegOkMwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFKiNpwziioiScybbi2IqZsKfrFI8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q4L2JhZjg3
OS02N2MwLTQ3ODUtYjg3MC1hZTNiOWUzNGQyN2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgvYmFmODc5
LTY3YzAtNDc4NS1iODcwLWFlM2I5ZTM0ZDI3Zi8xL3FJMm5ET0tLaUpKekp0dUxZ
aXBtd3Atc1Vqdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQCVYmwAwQCVYnQMA0GCSqGSIb3DQEBCwUAA4IB
AQAh3L1KbI5gIeokvGb/NOYULEYhePlsOSmfuQ6RbNocP1wSkwdpe1XtphZu8Mc3
uQYicIC29wKDBw1zcD+L0mhIp1GZ7XQLffD8Z9SYJOtthOK/GjXZ+uHW5wEvWRUF
2EcwjHO3lwj+UaP1o5Q6xs9VaQJBEolpEK8CGmkqRDTXI7ZCb7/sebiiXFikC3RA
RyqtevEtZUfGtHrP+ZcapGHUxE5HE0VwuBdXruUgF0lrBVN/W2gBkYxrHVLkERF2
0YVqO1wN9qnFWS9v+AUGdt/1PAicXzlMJ+iJqxzfjSfoqMmBkUd39xigb7SdTZuS
DOtAM9O7aqF9tDRrso0g7c1G
-----END CERTIFICATE-----