Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7HB5DNzgwZKsiG89nvcl85lRg5g.cer
File:                     7HB5DNzgwZKsiG89nvcl85lRg5g.cer (raw, json)
Hash identifier:          CNBy4ESTyfLxk3oqsnrwpKJfr6MRJNev7MxU7NryydU=
Subject key identifier:   EC:70:79:0C:DC:E0:C1:92:AC:88:6F:3D:9E:F7:25:F3:99:51:83:98
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B76EAEF6EAB7F3BA8C26249D60186F3C2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/7HB5DNzgwZKsiG89nvcl85lRg5g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 00:17:46 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 61319
                          IP: 171.25.183.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:ef:6e:ab:7f:3b:a8:c2:62:49:d6:01:86:f3:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec70790cdce0c192ac886f3d9ef725f399518398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a9:5c:1e:11:da:cb:34:eb:c7:c1:43:d5:1f:
                    12:d3:97:46:61:f2:d0:eb:2a:09:e7:83:f8:fc:0e:
                    81:3d:0c:8a:f8:87:e1:50:2f:ae:8f:87:ef:fa:6c:
                    d9:db:79:18:78:fd:9a:b2:b4:a6:94:23:d1:10:10:
                    40:7b:48:42:30:cd:72:ed:1a:1f:02:1e:24:92:a4:
                    1d:80:b5:31:9c:ba:a6:c4:e8:d1:57:37:39:ec:52:
                    c1:8a:c6:cb:01:6d:cf:1d:df:35:44:68:9a:3f:f0:
                    d2:15:50:ee:44:38:9b:37:24:a3:21:94:f1:d1:18:
                    f7:2c:63:b0:cd:39:57:6b:62:79:15:db:03:3f:22:
                    19:e8:82:7d:4f:e3:4b:e3:40:c9:39:d1:8e:89:c9:
                    99:96:47:78:03:ef:cd:ab:68:8e:ba:70:06:2f:ff:
                    a6:07:0e:bd:76:cc:93:16:8e:7c:be:35:4e:b4:c3:
                    60:39:0c:f0:f0:a7:75:16:de:22:da:5c:b6:b1:84:
                    2f:77:f2:50:fb:eb:35:f2:a1:cf:f3:be:a4:91:b9:
                    62:ed:14:a2:31:ce:dc:22:cb:5e:14:76:44:6b:73:
                    c0:6f:80:d3:98:d1:fe:f7:d8:c1:a4:ba:ad:c3:45:
                    1d:d5:63:f2:5e:80:87:35:56:32:b4:f7:52:eb:a6:
                    f0:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:70:79:0C:DC:E0:C1:92:AC:88:6F:3D:9E:F7:25:F3:99:51:83:98
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/7HB5DNzgwZKsiG89nvcl85lRg5g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.183.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  61319

    Signature Algorithm: sha256WithRSAEncryption
         19:45:f1:b5:59:1e:86:06:2e:fb:17:98:74:34:18:91:36:9f:
         ee:77:3e:51:c0:67:c2:64:f5:b6:e0:de:b4:48:d9:ff:98:db:
         7c:5e:19:6d:a1:83:3e:aa:56:82:fe:a3:8a:1e:9b:df:ba:d3:
         74:5a:d0:7b:6f:6a:98:2a:df:93:c3:a2:0c:20:e7:a7:6e:cc:
         11:39:ef:fb:ba:99:50:f8:05:dd:3e:1b:be:be:c5:e7:ff:21:
         f8:8d:e4:6e:8c:45:4c:33:af:26:cf:cc:c0:dc:7d:81:cd:d3:
         4c:93:a0:ef:62:de:b9:9c:db:c0:24:0f:1d:8a:6e:1b:83:c9:
         bd:b7:bb:bc:5c:53:29:f3:9f:b1:67:83:9c:47:59:a3:d2:bc:
         4a:c6:14:14:29:eb:25:f5:64:83:5e:3b:b8:15:dd:73:34:e9:
         ea:33:15:01:db:02:3e:6f:b0:1e:72:8d:7b:d4:67:80:13:9d:
         d3:57:2e:4c:0f:a6:70:7e:be:2c:f4:4d:1f:0f:2e:ab:1f:ca:
         d5:b8:25:c8:11:d6:b3:f8:ba:46:b7:1b:d5:9c:22:09:73:9f:
         6d:98:5d:ed:e8:4b:37:73:3b:79:ea:3b:29:dd:dc:3b:3b:e3:
         ec:8c:1f:48:ba:f0:fd:ca:35:ab:c8:86:c4:86:0d:bb:a6:a3:
         4d:83:4b:d6
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZt26u9uq387qMJiSdYBhvPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDAxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzcwNzkwY2RjZTBjMTkyYWM4ODZmM2Q5ZWY3MjVmMzk5NTE4Mzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqlcHhHayzTrx8FD1R8S05dGYfLQ
6yoJ54P4/A6BPQyK+IfhUC+uj4fv+mzZ23kYeP2asrSmlCPREBBAe0hCMM1y7Rof
Ah4kkqQdgLUxnLqmxOjRVzc57FLBisbLAW3PHd81RGiaP/DSFVDuRDibNySjIZTx
0Rj3LGOwzTlXa2J5FdsDPyIZ6IJ9T+NL40DJOdGOicmZlkd4A+/Nq2iOunAGL/+m
Bw69dsyTFo58vjVOtMNgOQzw8Kd1Ft4i2ly2sYQvd/JQ++s18qHP876kkbli7RSi
Mc7cIsteFHZEa3PAb4DTmNH+99jBpLqtw0Ud1WPyXoCHNVYytPdS66bwtQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFOxweQzc4MGSrIhvPZ73JfOZUYOYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgzLzUwNzY2
MC0xMmJhLTRiZTgtOWI3My1iNzQ5Mzg3ZGYwZjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODMvNTA3NjYw
LTEyYmEtNGJlOC05YjczLWI3NDkzODdkZjBmNS8xLzdIQjVETnpnd1pLc2lHODlu
dmNsODVsUmc1Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAqxm3MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDvhzANBgkqhkiG9w0BAQsFAAOCAQEAGUXxtVkehgYu+xeYdDQYkTaf7nc+UcBn
wmT1tuDetEjZ/5jbfF4ZbaGDPqpWgv6jih6b37rTdFrQe29qmCrfk8OiDCDnp27M
ETnv+7qZUPgF3T4bvr7F5/8h+I3kboxFTDOvJs/MwNx9gc3TTJOg72LeuZzbwCQP
HYpuG4PJvbe7vFxTKfOfsWeDnEdZo9K8SsYUFCnrJfVkg147uBXdczTp6jMVAdsC
Pm+wHnKNe9RngBOd01cuTA+mcH6+LPRNHw8uqx/K1bglyBHWs/i6Rrcb1ZwiCXOf
bZhd7ehLN3M7eeo7Kd3cOzvj7IwfSLrw/co1q8iGxIYNu6ajTYNL1g==
-----END CERTIFICATE-----