Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7zAIudH6IIoVT1hcruy7UsGyXOQ.cer
File:                     7zAIudH6IIoVT1hcruy7UsGyXOQ.cer (raw, json)
Hash identifier:          8/OZ4oaLLqSJiZ5A5VABO2+BpojY7H9uXUmctAkdaGQ=
Subject key identifier:   EF:30:08:B9:D1:FA:20:8A:15:4F:58:5C:AE:EC:BB:52:C1:B2:5C:E4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019CBE7ED3BA274CDF855AFDBEB1BF057C34
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/88/4089cd-5ba0-483c-883d-c8c0ff55f52d/1/7zAIudH6IIoVT1hcruy7UsGyXOQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/88/4089cd-5ba0-483c-883d-c8c0ff55f52d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 05 Mar 2026 14:55:08 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 45.155.12.0/22
                          IP: 2a0a:f5c0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:7e:d3:ba:27:4c:df:85:5a:fd:be:b1:bf:05:7c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar  5 14:55:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef3008b9d1fa208a154f585caeecbb52c1b25ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:1b:ec:f9:e1:8d:5f:40:2e:44:a2:e5:bb:dd:
                    27:d7:6a:e8:dd:fa:26:bf:49:8b:e6:ee:ea:0c:94:
                    31:d6:f9:5d:d8:e6:90:c0:80:9e:13:13:6f:01:7d:
                    07:0d:b4:62:5a:99:7c:5d:3b:f2:b3:de:eb:5c:c3:
                    cb:a7:44:63:27:d7:82:4e:74:a4:bf:92:9d:b7:48:
                    10:06:d1:ab:13:2a:14:3c:2d:ad:e1:15:eb:cb:36:
                    54:3b:84:6b:d9:89:5e:7e:31:90:be:52:4e:6d:f1:
                    e0:bc:3a:d2:79:6a:d1:c7:e6:c6:ce:81:be:7f:ff:
                    99:e4:3b:89:2a:7c:74:97:f7:bd:f7:92:88:db:a3:
                    f8:2c:8d:6b:8f:14:93:21:27:3f:5f:c8:15:03:47:
                    24:03:6e:32:cf:d5:64:52:cc:99:d6:da:4d:95:c7:
                    08:85:c4:ea:28:df:49:9f:66:21:61:20:b2:e7:07:
                    b8:9b:09:1d:30:22:6f:93:ea:ef:85:1e:dc:31:c3:
                    71:a6:a1:89:f9:a5:7b:66:b1:03:e6:7f:35:5d:6c:
                    f1:2a:e8:6e:51:c6:a5:b2:a6:4c:96:d9:cd:b6:4e:
                    41:e3:45:06:04:6e:35:2a:7a:57:70:1f:14:04:3f:
                    08:a9:d7:a5:74:8c:18:8d:88:bf:64:ad:c3:e0:c2:
                    6e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:30:08:B9:D1:FA:20:8A:15:4F:58:5C:AE:EC:BB:52:C1:B2:5C:E4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/4089cd-5ba0-483c-883d-c8c0ff55f52d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/4089cd-5ba0-483c-883d-c8c0ff55f52d/1/7zAIudH6IIoVT1hcruy7UsGyXOQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.12.0/22
                IPv6:
                  2a0a:f5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:b8:6a:bb:9a:3e:91:98:49:d7:bb:06:d1:b8:a7:c3:6e:d0:
         2d:7d:46:6c:2d:dd:c2:98:2d:76:1d:ba:4b:ff:9e:d3:ed:22:
         52:f2:30:e9:40:4c:d9:dd:1f:64:f1:bb:b8:7e:31:91:a5:ee:
         fc:e6:92:3e:d9:1b:76:bc:0b:d7:d3:66:17:9a:fe:1a:71:b2:
         6c:04:16:38:aa:54:15:c3:c0:e0:dd:92:7c:73:a1:3c:c2:fa:
         cb:a3:51:8b:ad:4a:72:63:84:7b:3c:ac:ca:91:99:0a:ad:33:
         6d:70:10:a4:3f:c7:45:58:fe:51:6f:e6:63:cc:be:74:bd:e1:
         40:ba:1f:b6:52:71:5f:0d:47:f3:32:eb:95:51:21:c1:45:5b:
         85:5f:39:e4:5f:0c:c2:b5:f7:40:8b:a6:47:fe:d7:0a:93:15:
         ff:d9:13:e3:e4:2f:bf:21:9b:39:59:b7:70:34:47:7a:81:28:
         48:e5:c5:f8:8f:02:e3:d7:1b:92:67:23:30:c6:22:67:39:00:
         6c:07:b8:8a:de:ac:d4:8e:fb:09:d0:17:92:80:67:b5:09:32:
         88:5f:e1:86:26:99:b2:cb:b4:d2:36:e8:66:01:01:a3:21:ae:
         86:d0:bd:4f:3e:a8:09:36:ea:4b:98:27:3f:61:c8:02:09:74:
         80:fc:db:a1
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZy+ftO6J0zfhVr9vrG/BXw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMzA1MTQ1NTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjMwMDhiOWQxZmEyMDhhMTU0ZjU4NWNhZWVjYmI1MmMxYjI1Y2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Bvs+eGNX0AuRKLlu90n12ro3fom
v0mL5u7qDJQx1vld2OaQwICeExNvAX0HDbRiWpl8XTvys97rXMPLp0RjJ9eCTnSk
v5Kdt0gQBtGrEyoUPC2t4RXryzZUO4Rr2YlefjGQvlJObfHgvDrSeWrRx+bGzoG+
f/+Z5DuJKnx0l/e995KI26P4LI1rjxSTISc/X8gVA0ckA24yz9VkUsyZ1tpNlccI
hcTqKN9Jn2YhYSCy5we4mwkdMCJvk+rvhR7cMcNxpqGJ+aV7ZrED5n81XWzxKuhu
UcalsqZMltnNtk5B40UGBG41KnpXcB8UBD8IqdeldIwYjYi/ZK3D4MJuMQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFO8wCLnR+iCKFU9YXK7su1LBslzkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg4LzQwODlj
ZC01YmEwLTQ4M2MtODgzZC1jOGMwZmY1NWY1MmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgvNDA4OWNk
LTViYTAtNDgzYy04ODNkLWM4YzBmZjU1ZjUyZC8xLzd6QUl1ZEg2SUlvVlQxaGNy
dXk3VXNHeVhPUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLZsMMA0EAgACMAcDBQAqCvXAMA0GCSqGSIb3
DQEBCwUAA4IBAQCtuGq7mj6RmEnXuwbRuKfDbtAtfUZsLd3CmC12HbpL/57T7SJS
8jDpQEzZ3R9k8bu4fjGRpe785pI+2Rt2vAvX02YXmv4acbJsBBY4qlQVw8Dg3ZJ8
c6E8wvrLo1GLrUpyY4R7PKzKkZkKrTNtcBCkP8dFWP5Rb+ZjzL50veFAuh+2UnFf
DUfzMuuVUSHBRVuFXznkXwzCtfdAi6ZH/tcKkxX/2RPj5C+/IZs5WbdwNEd6gShI
5cX4jwLj1xuSZyMwxiJnOQBsB7iK3qzUjvsJ0BeSgGe1CTKIX+GGJpmyy7TSNuhm
AQGjIa6G0L1PPqgJNupLmCc/YcgCCXSA/Nuh
-----END CERTIFICATE-----