Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/AIP2l5VOx8xJLlqkbMjvE_yO2pE.cer
File:                     AIP2l5VOx8xJLlqkbMjvE_yO2pE.cer (raw, json)
Hash identifier:          KQe3gZazSh9yCYJD5XW+ugaCj+DSNDr6tJk+qiFwhl4=
Subject key identifier:   00:83:F6:97:95:4E:C7:CC:49:2E:5A:A4:6C:C8:EF:13:FC:8E:DA:91
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7FF21E434DA64644BC4DD295356DC849
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/20/a92fce-7a1b-4cb7-9e5c-819db16b66ee/1/AIP2l5VOx8xJLlqkbMjvE_yO2pE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/20/a92fce-7a1b-4cb7-9e5c-819db16b66ee/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 18:22:12 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 206543
                          IP: 185.44.230.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:1e:43:4d:a6:46:44:bc:4d:d2:95:35:6d:c8:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 18:22:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0083f697954ec7cc492e5aa46cc8ef13fc8eda91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:6c:85:02:c2:bb:9a:d0:a1:7a:56:98:ef:0d:
                    5c:33:db:cb:93:d4:31:30:70:cf:cf:14:a0:44:78:
                    d1:f6:d8:8f:c5:53:df:29:ee:a8:e8:35:62:eb:35:
                    6e:4d:44:15:b6:be:cb:1e:87:6a:14:d8:7b:26:b5:
                    71:be:0a:5b:c0:8e:ec:3e:71:ad:a1:9a:c0:4f:e6:
                    9f:0d:ea:f4:3f:42:69:d4:4e:4b:52:90:00:6d:34:
                    a7:d7:04:16:d5:b8:19:4e:a7:2e:c3:df:3a:83:84:
                    87:9d:4c:1c:5f:be:62:b8:c4:69:19:a8:04:af:8b:
                    92:02:3c:7e:18:95:1d:7a:41:e8:58:3a:2d:e1:f3:
                    00:95:2c:4e:3e:61:a6:f4:65:66:d7:8b:3e:52:36:
                    76:17:1b:35:09:24:6f:a2:cb:19:35:09:6c:39:7f:
                    ca:88:e0:28:a2:da:cc:ee:74:7a:dc:c5:0e:37:90:
                    29:38:d7:5c:e1:b7:fb:58:2d:99:9a:06:da:4c:92:
                    5f:21:c0:a8:75:33:86:ed:54:36:2d:11:12:d5:3f:
                    0d:df:c6:5a:e3:d1:96:5e:22:91:a4:92:4e:c3:68:
                    29:61:b4:73:20:cc:04:38:bc:f2:9d:8b:a7:0c:a6:
                    b9:38:15:8b:bf:31:30:cf:eb:74:58:52:ca:87:79:
                    2b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:83:F6:97:95:4E:C7:CC:49:2E:5A:A4:6C:C8:EF:13:FC:8E:DA:91
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a92fce-7a1b-4cb7-9e5c-819db16b66ee/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a92fce-7a1b-4cb7-9e5c-819db16b66ee/1/AIP2l5VOx8xJLlqkbMjvE_yO2pE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.230.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206543

    Signature Algorithm: sha256WithRSAEncryption
         45:bd:21:85:0a:17:9a:83:9d:c5:a5:08:6b:ac:48:49:b1:46:
         4e:94:9b:0d:a0:38:b4:e4:c2:a8:a8:1a:d4:af:bb:9c:44:b0:
         fe:de:84:5f:1c:e3:54:10:4a:e3:44:21:51:a4:da:9e:f9:d6:
         ab:8a:e1:16:f0:8c:b4:e9:1a:e9:02:ba:d6:29:fe:36:0d:24:
         f0:40:82:11:bb:a4:92:a8:91:7b:24:81:a7:61:ec:e7:c8:15:
         33:88:1a:ea:15:bb:d9:23:15:c7:8c:4a:8a:d0:9d:76:f4:c0:
         85:55:90:42:6a:93:51:31:52:09:0e:31:9d:e8:62:15:48:d9:
         16:66:a3:0d:2c:09:1b:d0:b8:6f:e5:51:e3:ea:bd:00:f1:cc:
         c1:cc:5b:ab:bc:42:62:50:31:53:24:46:ab:eb:01:40:54:48:
         84:b6:61:5a:d9:0e:3c:d5:32:7d:4e:f0:ba:d7:76:77:d8:c3:
         65:64:b5:d7:be:6e:39:1e:6c:2c:02:b2:61:36:bc:6c:c2:d1:
         a3:dc:31:f4:55:da:5c:b3:50:36:9e:5a:b8:79:87:05:2c:77:
         97:11:c9:5a:94:ad:d0:58:3f:c2:e3:e0:d3:85:78:e7:5c:c6:
         e7:fb:ca:7d:be:ef:e5:31:16:ad:d7:db:74:ba:51:ea:be:0b:
         87:07:67:e1
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZt/8h5DTaZGRLxN0pU1bchJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTgyMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDgzZjY5Nzk1NGVjN2NjNDkyZTVhYTQ2Y2M4ZWYxM2ZjOGVkYTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGyFAsK7mtChelaY7w1cM9vLk9Qx
MHDPzxSgRHjR9tiPxVPfKe6o6DVi6zVuTUQVtr7LHodqFNh7JrVxvgpbwI7sPnGt
oZrAT+afDer0P0Jp1E5LUpAAbTSn1wQW1bgZTqcuw986g4SHnUwcX75iuMRpGagE
r4uSAjx+GJUdekHoWDot4fMAlSxOPmGm9GVm14s+UjZ2Fxs1CSRvossZNQlsOX/K
iOAootrM7nR63MUON5ApONdc4bf7WC2ZmgbaTJJfIcCodTOG7VQ2LRES1T8N38Za
49GWXiKRpJJOw2gpYbRzIMwEOLzynYunDKa5OBWLvzEwz+t0WFLKh3krowIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFACD9peVTsfMSS5apGzI7xP8jtqRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIwL2E5MmZj
ZS03YTFiLTRjYjctOWU1Yy04MTlkYjE2YjY2ZWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvYTkyZmNl
LTdhMWItNGNiNy05ZTVjLTgxOWRiMTZiNjZlZS8xL0FJUDJsNVZPeDh4SkxscWti
TWp2RV95TzJwRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBuSzmMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMmzzANBgkqhkiG9w0BAQsFAAOCAQEARb0hhQoXmoOdxaUIa6xISbFGTpSbDaA4
tOTCqKga1K+7nESw/t6EXxzjVBBK40QhUaTanvnWq4rhFvCMtOka6QK61in+Ng0k
8ECCEbukkqiReySBp2Hs58gVM4ga6hW72SMVx4xKitCddvTAhVWQQmqTUTFSCQ4x
nehiFUjZFmajDSwJG9C4b+VR4+q9APHMwcxbq7xCYlAxUyRGq+sBQFRIhLZhWtkO
PNUyfU7wutd2d9jDZWS1175uOR5sLAKyYTa8bMLRo9wx9FXaXLNQNp5auHmHBSx3
lxHJWpSt0Fg/wuPg04V451zG5/vKfb7v5TEWrdfbdLpR6r4Lhwdn4Q==
-----END CERTIFICATE-----