Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.cer
File:                     wl7W3iOzIOMCiI-UJ3I_IgHykZ8.cer (raw, json)
Hash identifier:          DvA8dZUIUWHZaqAG10RE+/yjHmK6eHxtOY4ZzS+SkKA=
Subject key identifier:   C2:5E:D6:DE:23:B3:20:E3:02:88:8F:94:27:72:3F:22:01:F2:91:9F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019D296E358492B4974A9F5A3193FF77CE04
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 26 Mar 2026 09:16:21 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 140.150.48.0/20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:6e:35:84:92:b4:97:4a:9f:5a:31:93:ff:77:ce:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 26 09:16:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c25ed6de23b320e302888f9427723f2201f2919f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d1:47:7c:06:e5:28:e8:14:06:fc:08:b2:26:
                    dc:5f:77:95:1f:9a:fd:a7:7a:c1:be:de:cd:1e:7d:
                    96:f1:47:b8:81:9d:04:5f:c7:e6:50:a6:bc:7f:74:
                    85:eb:a5:39:00:95:1f:15:53:07:68:53:81:84:f8:
                    2c:ec:3d:37:34:b7:6a:d2:37:01:48:54:30:27:81:
                    44:91:f2:6d:0b:a4:43:cf:9f:fb:09:bf:09:5d:e8:
                    60:17:2a:34:d5:c8:d4:ac:a6:e0:2e:67:46:97:bc:
                    78:ea:8f:36:27:87:cb:a3:e9:e8:6b:66:98:fc:02:
                    68:b3:55:92:6e:0e:1d:9b:ec:9a:ca:cf:0f:7c:e5:
                    46:d5:3d:81:9b:c8:73:15:e8:7d:7c:ec:ca:6c:03:
                    98:64:2e:0d:cf:5a:de:7f:bb:b2:06:aa:0a:bc:69:
                    47:8d:8c:4a:e5:bb:41:a5:3c:78:2b:05:05:51:1a:
                    e9:20:ea:98:1c:92:14:e7:02:3f:a3:18:47:3f:6e:
                    58:52:de:fb:c1:0a:a6:99:c7:50:5d:d7:dc:61:53:
                    58:4e:75:cd:b5:3a:41:34:9f:5c:24:89:1c:af:98:
                    84:e7:d4:1a:90:5f:90:10:03:7a:c5:77:25:22:d9:
                    e8:ea:7c:19:49:2b:37:f1:2b:0f:35:65:55:9d:df:
                    de:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:5E:D6:DE:23:B3:20:E3:02:88:8F:94:27:72:3F:22:01:F2:91:9F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8a:48:cc:46:0b:b8:3c:14:46:8b:04:c5:72:2e:9d:68:1c:9c:
         e3:c2:cc:32:6e:7c:89:d8:d7:f1:a1:b9:28:95:02:42:62:45:
         ac:16:a6:87:88:f4:fc:35:19:32:5e:9b:92:da:9a:62:4f:f5:
         c6:a2:33:1e:de:a2:7f:4a:2b:7e:b2:bc:05:fc:20:e7:8b:b5:
         5d:66:d8:6c:03:b5:ef:06:c4:5b:6e:cd:45:cf:b7:a5:df:b2:
         15:74:c5:b1:f9:60:6f:66:68:fa:c2:a8:bc:c5:83:10:47:74:
         62:55:ee:48:bb:ab:fa:77:99:c6:6c:5c:cb:ce:bc:df:fc:3c:
         97:28:f0:c3:2d:00:51:aa:13:54:f3:3e:72:e2:cb:14:3c:e0:
         0f:82:15:19:9e:8f:70:92:19:46:11:82:e9:75:4d:8d:08:d8:
         3e:f3:10:83:1e:51:e3:95:64:30:29:d6:06:3e:fd:9e:57:ec:
         09:95:b1:40:fe:20:5b:3c:d3:00:d8:e9:b3:a4:44:69:da:d1:
         e3:09:66:17:47:0d:d8:c3:1a:04:fc:22:0c:40:e4:01:57:ba:
         a1:41:c2:3a:73:bc:d2:f5:38:82:bf:6e:fe:98:95:bf:52:86:
         12:41:66:1c:9c:77:59:1b:67:f9:e1:01:27:e5:a2:40:4b:99:
         48:18:9e:39
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZ0pbjWEkrSXSp9aMZP/d84EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMzI2MDkxNjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjVlZDZkZTIzYjMyMGUzMDI4ODhmOTQyNzcyM2YyMjAxZjI5MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdFHfAblKOgUBvwIsibcX3eVH5r9
p3rBvt7NHn2W8Ue4gZ0EX8fmUKa8f3SF66U5AJUfFVMHaFOBhPgs7D03NLdq0jcB
SFQwJ4FEkfJtC6RDz5/7Cb8JXehgFyo01cjUrKbgLmdGl7x46o82J4fLo+noa2aY
/AJos1WSbg4dm+yays8PfOVG1T2Bm8hzFeh9fOzKbAOYZC4Nz1ref7uyBqoKvGlH
jYxK5btBpTx4KwUFURrpIOqYHJIU5wI/oxhHP25YUt77wQqmmcdQXdfcYVNYTnXN
tTpBNJ9cJIkcr5iE59QakF+QEAN6xXclItno6nwZSSs38SsPNWVVnd/epwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFMJe1t4jsyDjAoiPlCdyPyIB8pGfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzL2ZkNDQw
MS03OGYyLTQ2NWEtOWRjMC0zM2NhYWUwZTQzNzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvZmQ0NDAx
LTc4ZjItNDY1YS05ZGMwLTMzY2FhZTBlNDM3Ni8xL3dsN1czaU96SU9NQ2lJLVVK
M0lfSWdIeWtaOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQEjJYwMA0GCSqGSIb3DQEBCwUAA4IBAQCKSMxG
C7g8FEaLBMVyLp1oHJzjwswybnyJ2NfxobkolQJCYkWsFqaHiPT8NRkyXpuS2ppi
T/XGojMe3qJ/Sit+srwF/CDni7VdZthsA7XvBsRbbs1Fz7el37IVdMWx+WBvZmj6
wqi8xYMQR3RiVe5Iu6v6d5nGbFzLzrzf/DyXKPDDLQBRqhNU8z5y4ssUPOAPghUZ
no9wkhlGEYLpdU2NCNg+8xCDHlHjlWQwKdYGPv2eV+wJlbFA/iBbPNMA2OmzpERp
2tHjCWYXRw3YwxoE/CIMQOQBV7qhQcI6c7zS9TiCv27+mJW/UoYSQWYcnHdZG2f5
4QEn5aJAS5lIGJ45
-----END CERTIFICATE-----