Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zt0NcV6X-5H3jQf-EGltpgFgURU.cer
File:                     zt0NcV6X-5H3jQf-EGltpgFgURU.cer (raw, json)
Hash identifier:          wJXdRo2cxcq557hdfaQ3o7WEikthHn6tlEzMNlDtQGI=
Subject key identifier:   CE:DD:0D:71:5E:97:FB:91:F7:8D:07:FE:10:69:6D:A6:01:60:51:15
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019A4EDA9AE3649469FA0AE8B66DA253FF29
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/zt0NcV6X-5H3jQf-EGltpgFgURU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 04 Nov 2025 12:32:20 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.202.224.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 00:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:da:9a:e3:64:94:69:fa:0a:e8:b6:6d:a2:53:ff:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov  4 12:32:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cedd0d715e97fb91f78d07fe10696da601605115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:54:f1:59:0e:69:92:3c:4e:24:92:94:3a:2e:
                    c3:a5:5b:be:17:b4:04:da:61:db:81:09:eb:8d:35:
                    6d:c3:1a:82:b4:f9:ee:60:43:39:cd:a8:4d:0b:50:
                    05:0f:34:62:1a:fe:0e:16:1f:d0:99:41:f3:fb:1c:
                    91:f6:f5:d8:12:dd:7e:1b:ca:72:15:52:5b:f4:f4:
                    62:23:cf:00:fa:b7:9c:5b:0f:0e:04:9f:0c:40:c1:
                    6d:e3:cf:8d:aa:35:b4:fb:01:a5:13:37:dc:b9:d1:
                    b0:b3:fb:ab:8e:5f:6f:b7:21:e6:91:48:e6:e1:80:
                    86:31:be:c6:ad:9d:b8:ca:26:6d:07:4d:6e:01:14:
                    f8:76:c1:2f:a4:c2:0f:b6:a3:cd:f2:d2:ec:51:d3:
                    7f:6a:49:5d:8f:76:df:3b:1e:a1:23:e5:b2:c7:c2:
                    01:37:52:30:dc:e1:bd:98:cb:8c:93:98:7e:09:61:
                    e0:41:76:13:0e:13:78:89:01:07:bb:de:fa:31:5c:
                    fe:52:6a:5c:a7:c8:03:5f:24:a3:2b:32:f0:e8:b8:
                    a4:95:f1:a9:2d:29:37:98:f5:0f:83:25:b2:8a:e3:
                    c1:8d:f1:a8:95:6d:9d:8e:be:6c:ae:30:45:c0:7d:
                    80:99:69:68:dc:fc:6d:7b:de:d5:68:90:03:9f:36:
                    b5:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DD:0D:71:5E:97:FB:91:F7:8D:07:FE:10:69:6D:A6:01:60:51:15
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/zt0NcV6X-5H3jQf-EGltpgFgURU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:29:86:6e:8f:f6:9f:01:51:d8:0e:96:6d:96:c4:5c:3d:c8:
         29:13:40:43:2a:a9:3d:ed:1b:eb:56:72:00:ee:2c:81:26:37:
         b4:9f:cb:f9:98:04:5b:7e:ce:7b:59:16:04:fd:d1:21:83:0c:
         cc:6b:7f:a1:21:b6:f0:88:7c:41:c3:90:76:c6:a8:5e:50:a6:
         5d:bd:80:b1:98:1d:a3:16:60:7d:55:5b:b4:6b:fa:08:9f:3b:
         a5:9d:7f:eb:da:5e:a9:b1:fb:12:78:72:4f:b8:67:f8:af:1c:
         18:de:4c:e9:08:3c:9f:46:f4:b0:f7:06:2d:d4:31:c4:0b:b9:
         2c:e2:c2:6b:4c:90:b8:fe:d1:4f:48:af:70:3b:2d:5f:aa:43:
         2c:b7:b8:16:3a:b1:0e:0b:6c:25:eb:c7:d4:82:90:97:0d:fe:
         7b:92:6a:9f:81:59:75:62:36:07:09:ef:86:98:0b:92:49:00:
         2d:b5:a4:11:01:78:d8:8a:69:be:b0:20:ec:81:f7:9e:c9:16:
         d4:a2:d9:ba:b3:e6:6f:7f:e0:e0:f7:ae:03:4d:91:4c:ec:be:
         fa:04:96:e3:de:69:9a:87:11:a6:cc:42:fe:07:cc:1d:22:cf:
         19:ca:31:32:b0:34:af:50:f7:31:5f:d4:46:25:5f:12:bc:82:
         b7:44:d0:53
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZpO2prjZJRp+grotm2iU/8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUxMTA0MTIzMjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWRkMGQ3MTVlOTdmYjkxZjc4ZDA3ZmUxMDY5NmRhNjAxNjA1MTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VTxWQ5pkjxOJJKUOi7DpVu+F7QE
2mHbgQnrjTVtwxqCtPnuYEM5zahNC1AFDzRiGv4OFh/QmUHz+xyR9vXYEt1+G8py
FVJb9PRiI88A+recWw8OBJ8MQMFt48+NqjW0+wGlEzfcudGws/urjl9vtyHmkUjm
4YCGMb7GrZ24yiZtB01uART4dsEvpMIPtqPN8tLsUdN/akldj3bfOx6hI+Wyx8IB
N1Iw3OG9mMuMk5h+CWHgQXYTDhN4iQEHu976MVz+Umpcp8gDXySjKzLw6LiklfGp
LSk3mPUPgyWyiuPBjfGolW2djr5srjBFwH2AmWlo3Pxte97VaJADnza1GQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFM7dDXFel/uR940H/hBpbaYBYFEVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE2LzMzYTE5
ZC0yYzAzLTQ0ZDAtOGNiYy1hYWYzMjE3MWVhYTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTYvMzNhMTlk
LTJjMDMtNDRkMC04Y2JjLWFhZjMyMTcxZWFhMS8xL3p0ME5jVjZYLTVIM2pRZi1F
R2x0cGdGZ1VSVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCucrgMA0GCSqGSIb3DQEBCwUAA4IBAQAkKYZu
j/afAVHYDpZtlsRcPcgpE0BDKqk97RvrVnIA7iyBJje0n8v5mARbfs57WRYE/dEh
gwzMa3+hIbbwiHxBw5B2xqheUKZdvYCxmB2jFmB9VVu0a/oInzulnX/r2l6psfsS
eHJPuGf4rxwY3kzpCDyfRvSw9wYt1DHEC7ks4sJrTJC4/tFPSK9wOy1fqkMst7gW
OrEOC2wl68fUgpCXDf57kmqfgVl1YjYHCe+GmAuSSQAttaQRAXjYimm+sCDsgfee
yRbUotm6s+Zvf+Dg964DTZFM7L76BJbj3mmahxGmzEL+B8wdIs8ZyjEysDSvUPcx
X9RGJV8SvIK3RNBT
-----END CERTIFICATE-----