Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer
File:                     AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer (raw, json)
Hash identifier:          DJS7t8MYpvlqG4a+KhTuIylBlrFKrXrBXCbYpwgwluE=
Subject key identifier:   00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7B369BE37B3751BF64A55CB65CF437AE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 20:18:55 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 197923
                          IP: 31.135.176.0/21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:9b:e3:7b:37:51:bf:64:a5:5c:b6:5c:f4:37:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0007534eb77caa836f8f118630164e0236e5fe86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:c4:98:23:3d:d2:48:59:1d:64:cf:f5:de:85:
                    19:bd:bc:4f:15:30:10:e3:cd:10:eb:48:97:fa:1e:
                    01:e0:91:35:72:79:fa:cc:27:b8:4c:35:07:97:36:
                    24:14:4c:f3:59:00:70:a8:da:97:7e:99:e7:df:85:
                    03:52:e6:81:99:04:2e:01:73:c6:dc:b4:97:6d:71:
                    bd:ec:7d:e3:3d:96:5e:3f:8c:24:cd:00:bc:82:95:
                    6c:7f:26:88:d4:dd:e1:05:23:99:02:4c:61:73:d3:
                    18:28:cb:cc:fb:4e:d4:8e:5d:e8:a4:78:c9:65:f4:
                    6c:1b:a4:ee:35:db:a5:2f:ad:eb:73:88:0e:6e:9b:
                    a4:9a:77:43:f3:81:ac:e9:fc:84:95:80:ea:0e:cd:
                    56:0b:f3:12:ea:3c:0c:7b:4f:5e:16:04:aa:0f:82:
                    c4:aa:b6:ef:7e:c6:20:04:07:fd:97:7d:c0:4d:35:
                    6d:18:b8:cd:3a:fa:1e:9a:38:6a:35:77:95:88:7e:
                    cb:81:ff:6e:44:b2:3e:45:5f:80:05:e5:65:0f:50:
                    89:ca:85:d0:80:a4:d4:bc:14:4f:9d:ff:db:20:c7:
                    18:3d:cf:95:35:90:e4:a0:46:70:bd:09:43:33:62:
                    b8:bc:aa:d9:4e:c1:2a:ae:b2:b3:53:70:b9:00:e4:
                    05:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.135.176.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197923

    Signature Algorithm: sha256WithRSAEncryption
         10:e3:a8:d3:9a:c3:e8:7b:2f:30:fe:e7:4f:39:1e:3e:95:5d:
         1b:b9:31:5f:ae:17:78:c4:10:16:1a:7c:00:e5:c7:2e:09:e7:
         c7:d1:af:88:34:35:02:e5:3f:bb:3b:2d:1b:b0:e7:08:31:17:
         1c:63:40:d3:8d:8b:44:1a:fa:e6:69:55:fe:48:a9:39:72:0f:
         8e:6c:0c:e6:03:19:d1:d7:86:cd:11:70:40:22:38:c9:35:18:
         e2:fa:69:da:8f:d9:60:62:22:f9:10:5f:c7:7a:22:61:86:1b:
         f9:f5:41:8a:39:ac:e7:41:14:d3:07:4b:52:3a:a6:c4:67:4c:
         6c:ca:79:82:d1:ef:8b:89:da:89:81:c4:d2:0a:1a:6f:d7:d4:
         9d:26:7f:e5:d9:4c:d6:4b:2c:b5:b1:bc:b3:50:7a:18:c1:28:
         e0:e5:c5:bd:f8:7c:f8:6a:07:39:65:da:e7:b2:71:d7:16:55:
         f5:e9:d2:91:a7:1e:6f:86:6d:f0:db:ac:e6:f0:d5:12:d7:96:
         e3:2f:08:9e:57:35:fd:ab:23:b9:13:bd:18:22:45:62:54:cd:
         31:e4:8e:f2:a8:5a:b4:42:03:7e:68:69:12:66:5c:09:c4:f3:
         69:20:77:b7:e6:e4:f1:02:b8:83:23:bc:28:c3:a3:56:2b:d9:
         cc:51:be:7e
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZt7NpvjezdRv2SlXLZc9DeuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjAxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA3NTM0ZWI3N2NhYTgzNmY4ZjExODYzMDE2NGUwMjM2ZTVmZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28SYIz3SSFkdZM/13oUZvbxPFTAQ
480Q60iX+h4B4JE1cnn6zCe4TDUHlzYkFEzzWQBwqNqXfpnn34UDUuaBmQQuAXPG
3LSXbXG97H3jPZZeP4wkzQC8gpVsfyaI1N3hBSOZAkxhc9MYKMvM+07Ujl3opHjJ
ZfRsG6TuNdulL63rc4gObpukmndD84Gs6fyElYDqDs1WC/MS6jwMe09eFgSqD4LE
qrbvfsYgBAf9l33ATTVtGLjNOvoemjhqNXeViH7Lgf9uRLI+RV+ABeVlD1CJyoXQ
gKTUvBRPnf/bIMcYPc+VNZDkoEZwvQlDM2K4vKrZTsEqrrKzU3C5AOQFSQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFAAHU063fKqDb48RhjAWTgI25f6GMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IyLzQxZTkw
Yy02MWNjLTQ3MGMtYTM4OC02ZDFjOWIxNTNjZjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIvNDFlOTBj
LTYxY2MtNDcwYy1hMzg4LTZkMWM5YjE1M2NmMC8xL0FBZFRUcmQ4cW9Odmp4R0dN
QlpPQWpibF9vWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDH4ewMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMFIzANBgkqhkiG9w0BAQsFAAOCAQEAEOOo05rD6HsvMP7nTzkePpVdG7kxX64X
eMQQFhp8AOXHLgnnx9GviDQ1AuU/uzstG7DnCDEXHGNA042LRBr65mlV/kipOXIP
jmwM5gMZ0deGzRFwQCI4yTUY4vpp2o/ZYGIi+RBfx3oiYYYb+fVBijms50EU0wdL
UjqmxGdMbMp5gtHvi4naiYHE0goab9fUnSZ/5dlM1ksstbG8s1B6GMEo4OXFvfh8
+GoHOWXa57Jx1xZV9enSkaceb4Zt8Nus5vDVEteW4y8Inlc1/asjuRO9GCJFYlTN
MeSO8qhatEIDfmhpEmZcCcTzaSB3t+bk8QK4gyO8KMOjVivZzFG+fg==
-----END CERTIFICATE-----