Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sZtkf-ChCzQAqQP68utko8WP6wc.cer
File:                     sZtkf-ChCzQAqQP68utko8WP6wc.cer (raw, json)
Hash identifier:          r5V+xz6pC92MhvNxdbqDhVWRgXRLqS12g4eC4OtVSKc=
Subject key identifier:   B1:9B:64:7F:E0:A1:0B:34:00:A9:03:FA:F2:EB:64:A3:C5:8F:EB:07
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019CE6F24AD2E707BF17DC580C6E64404F07
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/sZtkf-ChCzQAqQP68utko8WP6wc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 13 Mar 2026 11:26:04 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 214618
                          IP: 2a14:7240::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:f2:4a:d2:e7:07:bf:17:dc:58:0c:6e:64:40:4f:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 13 11:26:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b19b647fe0a10b3400a903faf2eb64a3c58feb07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3a:12:59:65:0c:9b:7c:e6:b0:f3:e3:16:52:
                    23:4a:73:6d:00:4a:08:02:9a:7c:0e:d0:93:ee:29:
                    99:f4:00:c7:f7:c5:d9:3e:8a:c8:9f:ce:db:6e:4e:
                    ea:37:46:5d:93:b4:04:11:ca:6f:e2:02:8f:50:94:
                    9b:a4:20:f0:08:6d:f7:85:cf:c4:e1:fd:df:1a:5f:
                    61:f4:51:d9:76:bb:0e:93:08:13:e8:77:22:ef:3c:
                    04:26:7f:d5:2b:72:02:72:6d:3d:10:4e:5f:e6:a7:
                    a7:9b:0d:3e:7c:66:11:9b:d3:d0:e1:55:d8:87:cf:
                    a4:22:3b:13:ce:85:c2:40:59:93:d0:1b:3f:d5:b2:
                    75:55:24:a1:93:c0:24:51:2f:78:20:28:e2:4a:e1:
                    df:06:26:3e:8f:19:21:24:77:ca:a0:c7:78:db:c9:
                    bf:66:7d:98:41:e6:4b:b3:a7:74:97:38:12:6a:59:
                    d3:0e:65:a4:10:76:be:b5:6b:3f:ae:72:85:10:d9:
                    31:63:30:e8:79:3f:ff:29:15:3a:7d:e4:59:dc:c8:
                    ce:29:9c:cf:6f:c8:ee:66:b9:fe:c6:3d:70:cf:d8:
                    54:cc:5d:82:2a:09:a3:ab:05:81:2f:43:c7:b2:00:
                    8d:bd:04:d5:9d:1d:a8:7b:f4:f3:50:37:99:e5:cd:
                    1b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:9B:64:7F:E0:A1:0B:34:00:A9:03:FA:F2:EB:64:A3:C5:8F:EB:07
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/sZtkf-ChCzQAqQP68utko8WP6wc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7240::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214618

    Signature Algorithm: sha256WithRSAEncryption
         8b:43:3d:0b:3f:5a:d4:af:a6:35:ad:a4:a7:9c:7f:0c:6d:e8:
         d4:51:f9:78:97:f4:a1:55:27:8c:fc:f4:27:37:a5:09:e5:73:
         f4:7b:d7:5f:59:39:10:46:80:d4:8b:4c:b5:83:81:4e:50:05:
         df:5e:01:d0:6d:3c:37:31:94:6d:81:2a:f5:f8:06:6b:90:c8:
         41:70:70:a2:20:2c:0f:c2:70:98:90:55:98:01:30:62:87:50:
         51:f5:f6:23:81:4d:15:f4:3f:55:36:36:21:59:ae:a2:d8:88:
         6d:dd:b8:fa:64:15:d0:cb:a6:95:f9:1d:79:4b:69:87:c1:0a:
         a9:5c:5b:6e:1a:b9:94:97:11:44:ab:ea:68:c6:3d:b9:ce:3b:
         b5:5a:c9:26:40:5f:a1:f0:37:c7:06:91:37:b5:40:7f:5a:cb:
         c5:92:87:8a:ff:8a:ac:60:a7:0c:f2:42:0f:f9:24:bb:73:4a:
         3c:da:b4:2b:07:cc:8f:02:5d:dc:29:77:f4:eb:63:27:72:65:
         4b:be:1e:e5:c2:e7:fb:ef:18:69:8a:9c:54:6b:68:6e:50:cd:
         88:89:84:1e:06:91:9e:3d:b0:6a:70:ac:e4:3b:7e:fe:9a:1c:
         1b:1a:87:0b:b7:65:c0:b1:11:2f:40:ea:b8:c6:93:ed:9d:49:
         bc:92:cf:08
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZzm8krS5we/F9xYDG5kQE8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMzEzMTEyNjA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTliNjQ3ZmUwYTEwYjM0MDBhOTAzZmFmMmViNjRhM2M1OGZlYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuToSWWUMm3zmsPPjFlIjSnNtAEoI
App8DtCT7imZ9ADH98XZPorIn87bbk7qN0Zdk7QEEcpv4gKPUJSbpCDwCG33hc/E
4f3fGl9h9FHZdrsOkwgT6Hci7zwEJn/VK3ICcm09EE5f5qenmw0+fGYRm9PQ4VXY
h8+kIjsTzoXCQFmT0Bs/1bJ1VSShk8AkUS94ICjiSuHfBiY+jxkhJHfKoMd428m/
Zn2YQeZLs6d0lzgSalnTDmWkEHa+tWs/rnKFENkxYzDoeT//KRU6feRZ3MjOKZzP
b8juZrn+xj1wz9hUzF2CKgmjqwWBL0PHsgCNvQTVnR2oe/TzUDeZ5c0bGwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFLGbZH/goQs0AKkD+vLrZKPFj+sHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YzLzM3YjMz
ZC1kOWEwLTRmYWUtOTA3ZC0wY2NhOTdlZmRjNTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvMzdiMzNk
LWQ5YTAtNGZhZS05MDdkLTBjY2E5N2VmZGM1Ny8xL3NadGtmLUNoQ3pRQXFRUDY4
dXRrbzhXUDZ3Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhRyQDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDRlowDQYJKoZIhvcNAQELBQADggEBAItDPQs/WtSvpjWtpKecfwxt6NRR+XiX
9KFVJ4z89Cc3pQnlc/R7119ZORBGgNSLTLWDgU5QBd9eAdBtPDcxlG2BKvX4BmuQ
yEFwcKIgLA/CcJiQVZgBMGKHUFH19iOBTRX0P1U2NiFZrqLYiG3duPpkFdDLppX5
HXlLaYfBCqlcW24auZSXEUSr6mjGPbnOO7VaySZAX6HwN8cGkTe1QH9ay8WSh4r/
iqxgpwzyQg/5JLtzSjzatCsHzI8CXdwpd/TrYydyZUu+HuXC5/vvGGmKnFRraG5Q
zYiJhB4GkZ49sGpwrOQ7fv6aHBsahwu3ZcCxES9A6rjGk+2dSbySzwg=
-----END CERTIFICATE-----