Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2l8l6JUPaeLXW5O5L1QEGZ4ER2I.cer
File:                     2l8l6JUPaeLXW5O5L1QEGZ4ER2I.cer (raw, json)
Hash identifier:          lvjXBM0V0Rk0qqXWGG3Gn69JI1fNAHchIe1mW6Jp8Ng=
Subject key identifier:   DA:5F:25:E8:95:0F:69:E2:D7:5B:93:B9:2F:54:04:19:9E:04:47:62
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7CEDF2ED48FD904FFD0FF616797B9A27
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/2l8l6JUPaeLXW5O5L1QEGZ4ER2I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 04:18:47 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 215125
                          IP: 2001:67c:e60::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:f2:ed:48:fd:90:4f:fd:0f:f6:16:79:7b:9a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da5f25e8950f69e2d75b93b92f5404199e044762
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9c:cd:29:5e:9e:55:e5:3a:41:0a:85:fc:7b:
                    40:6e:8f:83:a7:db:d0:fe:b3:7e:88:70:bd:c0:ac:
                    60:83:eb:83:7a:dd:3d:00:ed:cd:cf:0d:d1:8b:35:
                    05:c5:d4:c6:47:7b:4c:27:00:c9:f9:e2:e5:20:44:
                    f7:3d:8f:bb:97:69:1c:ae:4c:d8:89:d4:5b:b3:ed:
                    5d:e8:08:bc:80:33:a5:dd:ef:b2:68:ed:a2:c4:b7:
                    8e:f1:53:3f:ec:84:cb:72:7a:46:5b:b4:e4:6c:95:
                    f8:0a:67:13:fe:65:70:1f:fe:64:ca:5e:59:bf:6e:
                    24:37:68:1a:c9:91:dc:0a:33:dc:52:d5:78:04:0b:
                    09:ee:b1:5c:bd:d0:72:1a:39:6b:38:78:69:98:a9:
                    ef:36:1b:63:85:aa:ba:2a:34:17:ed:64:c1:ee:f9:
                    9a:fe:b4:3e:5c:da:02:29:d2:d4:0b:09:2b:f0:39:
                    83:e1:b9:cc:84:ed:bf:32:6c:de:2c:06:bc:97:58:
                    12:29:03:17:42:7b:f7:9b:99:c9:54:08:0a:25:80:
                    de:62:b3:85:1e:15:58:7d:a2:a9:16:41:76:b7:03:
                    2e:1a:43:23:c5:33:9d:21:12:29:a7:43:67:16:44:
                    1e:1e:67:cb:cc:44:56:9c:1e:e3:82:66:3d:03:f6:
                    7b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:5F:25:E8:95:0F:69:E2:D7:5B:93:B9:2F:54:04:19:9E:04:47:62
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/2l8l6JUPaeLXW5O5L1QEGZ4ER2I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e60::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215125

    Signature Algorithm: sha256WithRSAEncryption
         25:45:36:e0:b3:af:b4:89:87:fd:90:3c:11:80:77:d6:d0:5e:
         42:00:91:77:da:05:5d:2f:a7:fd:47:7e:db:57:47:57:61:23:
         7d:9a:9c:ac:53:d1:e8:e1:ae:d7:e8:1f:57:5e:ca:1c:a0:07:
         4f:89:f7:5e:a2:f9:2b:93:00:02:20:0a:7d:33:20:c1:08:10:
         06:5b:df:fd:2b:66:96:7f:f0:24:de:0a:64:26:bc:aa:70:71:
         a3:e8:0e:3f:4d:2e:f5:22:35:03:d5:80:da:a8:e4:03:d9:75:
         20:dd:6a:6f:4a:09:de:b5:04:f1:c2:2e:a5:8e:3a:08:dc:df:
         cd:77:95:0e:7b:8a:43:84:16:66:b7:2b:11:4f:50:7b:38:ca:
         f3:de:52:21:71:d3:04:c2:61:79:0d:48:a9:77:5a:81:6f:55:
         18:c1:ac:0d:da:d4:4b:ad:5e:f8:ca:b6:42:30:7a:e0:48:ba:
         e0:e8:bb:aa:dd:1c:66:e4:f3:dd:15:17:34:30:f8:4c:fc:2c:
         79:aa:1a:7a:95:f6:1f:51:5c:17:b6:b6:ec:de:27:6d:72:f3:
         2b:9f:ed:9f:49:ab:3f:6d:b3:bb:19:37:dd:51:d6:30:30:da:
         ad:5f:06:0d:fa:77:48:f3:21:cc:c6:5e:a6:99:c2:8f:de:3d:
         28:3e:23:56
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZt87fLtSP2QT/0P9hZ5e5onMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDQxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTVmMjVlODk1MGY2OWUyZDc1YjkzYjkyZjU0MDQxOTllMDQ0NzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJzNKV6eVeU6QQqF/HtAbo+Dp9vQ
/rN+iHC9wKxgg+uDet09AO3Nzw3RizUFxdTGR3tMJwDJ+eLlIET3PY+7l2kcrkzY
idRbs+1d6Ai8gDOl3e+yaO2ixLeO8VM/7ITLcnpGW7TkbJX4CmcT/mVwH/5kyl5Z
v24kN2gayZHcCjPcUtV4BAsJ7rFcvdByGjlrOHhpmKnvNhtjhaq6KjQX7WTB7vma
/rQ+XNoCKdLUCwkr8DmD4bnMhO2/MmzeLAa8l1gSKQMXQnv3m5nJVAgKJYDeYrOF
HhVYfaKpFkF2twMuGkMjxTOdIRIpp0NnFkQeHmfLzERWnB7jgmY9A/Z7QQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFNpfJeiVD2ni11uTuS9UBBmeBEdiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjL2I0ZGY0
ZC04YTg0LTRiZTMtOGU3OS1lMmFiYzYzMTAwYmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWMvYjRkZjRk
LThhODQtNGJlMy04ZTc5LWUyYWJjNjMxMDBiYi8xLzJsOGw2SlVQYWVMWFc1TzVM
MVFFR1o0RVIySS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA5gMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNIVTANBgkqhkiG9w0BAQsFAAOCAQEAJUU24LOvtImH/ZA8EYB31tBeQgCR
d9oFXS+n/Ud+21dHV2EjfZqcrFPR6OGu1+gfV17KHKAHT4n3XqL5K5MAAiAKfTMg
wQgQBlvf/Stmln/wJN4KZCa8qnBxo+gOP00u9SI1A9WA2qjkA9l1IN1qb0oJ3rUE
8cIupY46CNzfzXeVDnuKQ4QWZrcrEU9QezjK895SIXHTBMJheQ1IqXdagW9VGMGs
DdrUS61e+Mq2QjB64Ei64Oi7qt0cZuTz3RUXNDD4TPwseaoaepX2H1FcF7a27N4n
bXLzK5/tn0mrP22zuxk33VHWMDDarV8GDfp3SPMhzMZeppnCj949KD4jVg==
-----END CERTIFICATE-----