Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ABFADVSPohr4GaDG4j53pgEutek.cer
File:                     ABFADVSPohr4GaDG4j53pgEutek.cer (raw, json)
Hash identifier:          p///RBVovj7WaeCHg6rpTbdYJh63B5SzwXlU9a6GyMc=
Subject key identifier:   00:11:40:0D:54:8F:A2:1A:F8:19:A0:C6:E2:3E:77:A6:01:2E:B5:E9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7F137D86CDD29A01627E53D1C2840E6A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/ABFADVSPohr4GaDG4j53pgEutek.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 14:19:02 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.199.70.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:7d:86:cd:d2:9a:01:62:7e:53:d1:c2:84:0e:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:19:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0011400d548fa21af819a0c6e23e77a6012eb5e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d5:66:2c:0d:d2:0e:3e:8c:87:e4:fb:dc:05:
                    2f:13:26:f8:b9:bd:bc:c0:60:c4:d1:89:ad:f7:d6:
                    98:d6:a8:93:d0:74:ec:fe:94:70:41:10:ea:19:d0:
                    d5:95:3f:2f:79:42:fc:56:67:7e:4a:a1:cb:1b:aa:
                    f3:97:98:8c:8e:85:91:2c:6d:47:3c:fd:d5:07:7d:
                    88:07:02:7b:56:97:13:10:9c:f0:4a:9a:26:90:da:
                    53:11:49:1b:7d:fc:bd:f7:cc:ac:af:62:42:e4:9f:
                    cd:8d:dc:40:92:0a:92:af:4d:21:e0:9b:ee:8c:cd:
                    fa:50:f9:40:09:41:46:45:95:7b:9c:49:1b:a6:9d:
                    a3:8e:ed:82:ec:f3:57:a3:95:c2:f6:75:43:fc:fc:
                    23:ed:22:d0:44:7e:a6:52:52:8d:b8:24:a2:70:a2:
                    d0:66:d8:7d:bd:8a:66:b1:f4:07:50:fe:09:81:a6:
                    3c:ea:a0:7e:da:aa:71:95:24:94:98:5b:d0:1e:12:
                    df:20:76:11:31:bf:6a:77:86:ee:75:51:e8:31:41:
                    b3:88:b7:ad:70:cf:9a:6e:5f:1e:2c:33:51:d9:75:
                    07:9b:da:39:65:a8:ce:5d:0a:7a:e4:f7:96:e9:86:
                    7e:2c:02:d3:09:4a:18:e5:38:15:ee:de:18:4f:f8:
                    3e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:11:40:0D:54:8F:A2:1A:F8:19:A0:C6:E2:3E:77:A6:01:2E:B5:E9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/ABFADVSPohr4GaDG4j53pgEutek.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:72:4d:20:9d:8c:80:2d:1e:7e:58:8a:4e:e4:20:8d:12:94:
         48:a4:ef:93:ed:3b:8f:6f:c0:ea:ec:64:ca:f4:78:0e:8b:1e:
         22:44:e3:2c:1a:5a:7b:2d:fd:53:12:34:3b:d4:0c:7d:02:88:
         99:93:39:12:86:78:5a:f6:8b:22:91:83:4e:0f:ab:52:f7:38:
         3b:e9:80:77:9d:a9:c2:9e:ee:15:ee:74:90:2e:c1:b4:e2:85:
         5b:01:79:61:fc:54:e3:4e:87:aa:33:0a:6f:0b:1c:31:4c:63:
         06:39:d1:c2:d2:72:f1:86:66:87:33:6f:9d:ff:6e:d1:c4:09:
         4a:46:47:b3:fd:1c:64:55:6d:3b:28:c8:28:39:67:b8:38:c7:
         af:26:5e:1c:7d:11:00:19:8d:ec:da:ee:90:d4:c3:59:aa:03:
         ce:0e:e0:f7:7c:dc:4d:2b:b1:71:c0:7b:84:ca:9d:a8:1e:ea:
         e9:23:db:15:a8:14:f7:62:9f:61:4a:af:15:19:70:6b:3e:49:
         1c:87:8e:32:f9:61:08:f6:22:a2:2e:18:29:41:6f:54:dd:5f:
         f7:df:28:af:dc:17:7d:67:23:e8:dd:0b:f3:34:01:3e:87:30:
         66:68:f2:78:05:e4:4f:16:07:7b:65:65:26:c5:ca:c0:3d:bd:
         f6:cf:a6:00
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt/E32GzdKaAWJ+U9HChA5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTQxOTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDExNDAwZDU0OGZhMjFhZjgxOWEwYzZlMjNlNzdhNjAxMmViNWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9VmLA3SDj6Mh+T73AUvEyb4ub28
wGDE0Ymt99aY1qiT0HTs/pRwQRDqGdDVlT8veUL8Vmd+SqHLG6rzl5iMjoWRLG1H
PP3VB32IBwJ7VpcTEJzwSpomkNpTEUkbffy998ysr2JC5J/NjdxAkgqSr00h4Jvu
jM36UPlACUFGRZV7nEkbpp2jju2C7PNXo5XC9nVD/Pwj7SLQRH6mUlKNuCSicKLQ
Zth9vYpmsfQHUP4JgaY86qB+2qpxlSSUmFvQHhLfIHYRMb9qd4budVHoMUGziLet
cM+abl8eLDNR2XUHm9o5ZajOXQp65PeW6YZ+LALTCUoY5TgV7t4YT/g+RwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFAARQA1Uj6Ia+BmgxuI+d6YBLrXpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FjLzUyZGFh
Yi02ODI5LTQ1ZmEtOTY3ZS0wMWY0NjA2YzY1ZWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMvNTJkYWFi
LTY4MjktNDVmYS05NjdlLTAxZjQ2MDZjNjVlYy8xL0FCRkFEVlNQb2hyNEdhREc0
ajUzcGdFdXRlay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8dGMA0GCSqGSIb3DQEBCwUAA4IBAQASck0g
nYyALR5+WIpO5CCNEpRIpO+T7TuPb8Dq7GTK9HgOix4iROMsGlp7Lf1TEjQ71Ax9
AoiZkzkShnha9osikYNOD6tS9zg76YB3nanCnu4V7nSQLsG04oVbAXlh/FTjToeq
MwpvCxwxTGMGOdHC0nLxhmaHM2+d/27RxAlKRkez/RxkVW07KMgoOWe4OMevJl4c
fREAGY3s2u6Q1MNZqgPODuD3fNxNK7FxwHuEyp2oHurpI9sVqBT3Yp9hSq8VGXBr
Pkkch44y+WEI9iKiLhgpQW9U3V/33yiv3Bd9ZyPo3QvzNAE+hzBmaPJ4BeRPFgd7
ZWUmxcrAPb32z6YA
-----END CERTIFICATE-----