Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7Aa1YGFFf_XAg4rx0lNe4NHytDw.cer
File:                     7Aa1YGFFf_XAg4rx0lNe4NHytDw.cer (raw, json)
Hash identifier:          FLEg2IpRVeM8U7PeyOAOSPfidxHvB1+jKSltNjs9Erw=
Subject key identifier:   EC:06:B5:60:61:45:7F:F5:C0:83:8A:F1:D2:53:5E:E0:D1:F2:B4:3C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019CFFDD5A09988780698395E9A962A0A991
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3c/bad715-88b4-4dff-ad1a-2f5e233d7fca/1/7Aa1YGFFf_XAg4rx0lNe4NHytDw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3c/bad715-88b4-4dff-ad1a-2f5e233d7fca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 18 Mar 2026 07:33:42 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.41.42.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ff:dd:5a:09:98:87:80:69:83:95:e9:a9:62:a0:a9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 18 07:33:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec06b56061457ff5c0838af1d2535ee0d1f2b43c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f9:46:d4:85:f9:41:3d:ec:b2:c5:36:66:79:
                    26:35:c8:48:aa:6c:cb:e9:35:5a:1d:e8:08:2a:9d:
                    09:e6:3d:ce:90:25:0f:4c:3c:64:b0:14:9b:6e:42:
                    20:71:8c:f5:d5:ab:b8:94:51:37:f0:a6:76:6d:e2:
                    02:f9:4a:a7:18:45:d1:f0:25:e8:46:fe:01:d4:67:
                    cf:78:b2:33:55:79:3e:3d:6a:70:de:15:70:64:ae:
                    ac:32:af:45:6f:2e:3f:7e:ac:2f:dd:1f:c7:af:a8:
                    57:77:59:4a:95:b2:99:15:b2:32:ad:7d:bf:b9:c1:
                    fe:c5:c8:c8:7a:47:d5:e6:b6:28:c5:9f:16:3c:bc:
                    51:8b:32:2a:07:f6:ff:37:a0:97:95:87:6c:85:ed:
                    60:54:45:25:07:aa:af:83:9e:54:df:e0:80:6e:10:
                    9d:44:e3:6b:76:59:30:ff:88:e7:66:55:3f:53:ec:
                    28:d3:ba:c8:07:fd:3d:be:67:12:6d:a1:07:d7:b3:
                    5c:0d:22:b3:c1:f3:37:02:34:4a:d9:d6:fd:6d:43:
                    fc:f4:c0:eb:91:ed:c1:60:61:e0:37:9d:48:27:95:
                    85:9a:47:ba:6d:6c:ad:3a:84:f2:f8:6c:c6:65:f2:
                    32:a1:13:ca:f6:0d:0a:7f:23:a1:7b:75:05:ed:6b:
                    86:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:06:B5:60:61:45:7F:F5:C0:83:8A:F1:D2:53:5E:E0:D1:F2:B4:3C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/bad715-88b4-4dff-ad1a-2f5e233d7fca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/bad715-88b4-4dff-ad1a-2f5e233d7fca/1/7Aa1YGFFf_XAg4rx0lNe4NHytDw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:f8:e5:9c:77:50:f5:9a:a5:2e:5f:f8:38:4b:23:57:89:8c:
         21:0d:5d:4c:3d:19:af:3e:6f:e2:59:74:52:c5:36:17:b6:2e:
         5a:1d:f3:8a:96:d8:67:31:4d:d0:cb:ea:76:aa:92:9b:6a:28:
         10:79:9d:19:48:3a:a8:25:6c:9c:5b:9a:74:a6:b0:37:0c:dc:
         ac:da:a2:64:a1:ae:93:b4:f0:76:d1:56:51:d1:24:35:5a:ea:
         6d:2b:78:5d:73:2c:b1:22:79:97:d3:49:c4:d0:02:50:7a:27:
         e3:45:d1:f0:3c:d2:7e:69:f4:fc:f1:23:9a:ee:e6:e6:0f:2f:
         81:79:54:8e:b1:57:d0:80:34:54:46:0b:31:63:3d:1b:60:52:
         75:df:40:27:a0:d6:82:7b:2f:d2:af:0d:2f:ad:8a:c9:32:cd:
         37:12:6c:b1:f7:f4:1b:34:de:9d:ee:c5:28:40:4e:bd:2c:e3:
         ae:0d:66:8b:3a:3c:2f:2f:3d:21:e5:8d:a4:d9:e3:4b:61:5c:
         5c:d9:b1:ff:01:da:f5:90:e2:5e:70:e3:ba:b3:8f:9d:cb:e5:
         c1:a3:27:20:25:db:fd:5d:0e:d6:c2:81:61:0b:57:38:dc:f6:
         63:1c:f6:ef:6d:04:24:4a:b9:51:56:6a:79:a9:1c:76:bd:8e:
         a1:9b:f2:0b
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZz/3VoJmIeAaYOV6alioKmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMzE4MDczMzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA2YjU2MDYxNDU3ZmY1YzA4MzhhZjFkMjUzNWVlMGQxZjJiNDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPlG1IX5QT3sssU2ZnkmNchIqmzL
6TVaHegIKp0J5j3OkCUPTDxksBSbbkIgcYz11au4lFE38KZ2beIC+UqnGEXR8CXo
Rv4B1GfPeLIzVXk+PWpw3hVwZK6sMq9Fby4/fqwv3R/Hr6hXd1lKlbKZFbIyrX2/
ucH+xcjIekfV5rYoxZ8WPLxRizIqB/b/N6CXlYdshe1gVEUlB6qvg55U3+CAbhCd
RONrdlkw/4jnZlU/U+wo07rIB/09vmcSbaEH17NcDSKzwfM3AjRK2db9bUP89MDr
ke3BYGHgN51IJ5WFmke6bWytOoTy+GzGZfIyoRPK9g0KfyOhe3UF7WuGYwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOwGtWBhRX/1wIOK8dJTXuDR8rQ8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNjL2JhZDcx
NS04OGI0LTRkZmYtYWQxYS0yZjVlMjMzZDdmY2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2MvYmFkNzE1
LTg4YjQtNGRmZi1hZDFhLTJmNWUyMzNkN2ZjYS8xLzdBYTFZR0ZGZl9YQWc0cngw
bE5lNE5IeXREdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwSkqMA0GCSqGSIb3DQEBCwUAA4IBAQBz+OWc
d1D1mqUuX/g4SyNXiYwhDV1MPRmvPm/iWXRSxTYXti5aHfOKlthnMU3Qy+p2qpKb
aigQeZ0ZSDqoJWycW5p0prA3DNys2qJkoa6TtPB20VZR0SQ1WuptK3hdcyyxInmX
00nE0AJQeifjRdHwPNJ+afT88SOa7ubmDy+BeVSOsVfQgDRURgsxYz0bYFJ130An
oNaCey/Srw0vrYrJMs03Emyx9/QbNN6d7sUoQE69LOOuDWaLOjwvLz0h5Y2k2eNL
YVxc2bH/Adr1kOJecOO6s4+dy+XBoycgJdv9XQ7WwoFhC1c43PZjHPbvbQQkSrlR
Vmp5qRx2vY6hm/IL
-----END CERTIFICATE-----