Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BDjuFv-LwYTI-qF62vWZ4_rwynE.cer
File:                     BDjuFv-LwYTI-qF62vWZ4_rwynE.cer (raw, json)
Hash identifier:          bDHUgI5KGCzJD5JFYYSVAiWkF0Yi6viwIZcCYw24jvw=
Subject key identifier:   04:38:EE:16:FF:8B:C1:84:C8:FA:A1:7A:DA:F5:99:E3:FA:F0:CA:71
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C7FBDCA5072A698DD081698D6E64529
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d7/490a26-e1f5-4fd5-bbfc-fe44bb88bc20/1/BDjuFv-LwYTI-qF62vWZ4_rwynE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d7/490a26-e1f5-4fd5-bbfc-fe44bb88bc20/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 02:18:25 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 203738
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:bd:ca:50:72:a6:98:dd:08:16:98:d6:e6:45:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0438ee16ff8bc184c8faa17adaf599e3faf0ca71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:48:c6:52:6b:50:02:f4:b0:42:31:25:8b:7a:
                    e9:f1:84:e4:ca:11:6c:0b:fe:a3:22:e1:f1:43:5d:
                    13:b9:db:df:b6:e7:5f:32:52:de:d5:cc:40:6f:ed:
                    13:d7:e6:b1:ee:4f:14:57:83:6f:5b:0a:a8:46:82:
                    e2:56:ec:4b:6a:22:a1:c7:c5:ed:ac:4b:bf:45:fc:
                    25:d9:db:e6:94:79:cd:08:d1:7c:cc:b1:d4:95:6b:
                    45:aa:b1:ac:89:6f:ca:94:93:be:9f:11:dc:93:e6:
                    1a:a1:84:65:bb:e9:9b:70:24:8f:96:e1:99:b9:1a:
                    3f:e4:d0:53:b7:aa:f6:f0:df:6c:60:aa:68:c0:76:
                    59:14:db:88:69:00:fc:ab:38:d1:6d:b2:a3:60:04:
                    e2:a0:8c:14:c0:8a:de:77:c6:7a:92:0c:3f:d9:60:
                    ce:c0:da:1d:1b:57:58:8a:63:94:c4:e9:57:22:cc:
                    55:ea:8f:c6:70:e9:bb:95:60:c8:73:03:5c:71:12:
                    08:99:68:14:16:9e:8e:0f:3a:b7:66:74:87:0d:7d:
                    5e:d6:97:de:4c:3f:cf:ee:bb:60:d0:d2:a8:1a:ce:
                    3e:ce:bd:45:6d:8c:14:16:4c:72:71:83:2d:b9:3a:
                    fa:8c:55:e2:92:b7:44:58:b8:9e:02:fe:4d:d7:7a:
                    e8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:38:EE:16:FF:8B:C1:84:C8:FA:A1:7A:DA:F5:99:E3:FA:F0:CA:71
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/490a26-e1f5-4fd5-bbfc-fe44bb88bc20/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/490a26-e1f5-4fd5-bbfc-fe44bb88bc20/1/BDjuFv-LwYTI-qF62vWZ4_rwynE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203738

    Signature Algorithm: sha256WithRSAEncryption
         ae:b5:32:e5:c1:da:10:27:0e:be:10:a4:39:bc:3f:0d:aa:68:
         eb:88:0c:7d:79:18:fc:28:b8:2d:cf:6a:2e:9f:0d:a6:20:0d:
         f3:56:3d:fa:b4:c9:2b:59:ed:34:5f:04:f5:ba:95:24:e7:97:
         f7:81:c0:8b:1b:e1:0a:e1:6b:bb:01:2a:1b:e1:c8:3d:ba:4f:
         75:d0:54:e5:db:6c:f8:c3:d5:d7:c9:3d:6e:34:1a:63:5b:49:
         50:7b:1b:5e:17:6e:f1:75:aa:04:83:db:bc:4d:08:5f:79:29:
         13:5c:a5:2e:67:8e:7d:90:85:b1:0c:82:70:d8:9e:0f:74:5c:
         af:2e:81:22:cf:a4:5c:b2:82:57:a7:f4:4e:14:7d:6f:a3:13:
         6c:78:a8:e9:63:e5:68:7d:78:6a:f8:2f:83:05:5a:07:f5:e2:
         61:02:b3:91:3e:34:40:0f:d2:8e:5d:8b:ff:04:a3:ec:d8:ad:
         2f:d8:a8:16:13:ab:8c:b0:45:bb:58:64:b4:52:c0:75:d9:a6:
         91:a3:cb:2c:fc:73:8f:43:7a:52:05:3c:fe:92:2c:d4:18:40:
         69:55:74:ca:52:6a:bd:60:9c:91:ee:73:c3:a2:44:b2:2a:e9:
         76:00:35:02:17:4b:f2:f6:11:0d:1b:4b:e5:a3:52:fb:8d:8e:
         f5:42:44:b3
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt8f73KUHKmmN0IFpjW5kUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDIxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM4ZWUxNmZmOGJjMTg0YzhmYWExN2FkYWY1OTllM2ZhZjBjYTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUjGUmtQAvSwQjEli3rp8YTkyhFs
C/6jIuHxQ10TudvftudfMlLe1cxAb+0T1+ax7k8UV4NvWwqoRoLiVuxLaiKhx8Xt
rEu/Rfwl2dvmlHnNCNF8zLHUlWtFqrGsiW/KlJO+nxHck+YaoYRlu+mbcCSPluGZ
uRo/5NBTt6r28N9sYKpowHZZFNuIaQD8qzjRbbKjYATioIwUwIred8Z6kgw/2WDO
wNodG1dYimOUxOlXIsxV6o/GcOm7lWDIcwNccRIImWgUFp6ODzq3ZnSHDX1e1pfe
TD/P7rtg0NKoGs4+zr1FbYwUFkxycYMtuTr6jFXikrdEWLieAv5N13ro3wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAQ47hb/i8GEyPqhetr1meP68MpxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q3LzQ5MGEy
Ni1lMWY1LTRmZDUtYmJmYy1mZTQ0YmI4OGJjMjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcvNDkwYTI2
LWUxZjUtNGZkNS1iYmZjLWZlNDRiYjg4YmMyMC8xL0JEanVGdi1Md1lUSS1xRjYy
dldaNF9yd3luRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMb2jANBgkqhkiG9w0BAQsFAAOCAQEArrUy5cHaECcO
vhCkObw/Dapo64gMfXkY/Ci4Lc9qLp8NpiAN81Y9+rTJK1ntNF8E9bqVJOeX94HA
ixvhCuFruwEqG+HIPbpPddBU5dts+MPV18k9bjQaY1tJUHsbXhdu8XWqBIPbvE0I
X3kpE1ylLmeOfZCFsQyCcNieD3Rcry6BIs+kXLKCV6f0ThR9b6MTbHio6WPlaH14
avgvgwVaB/XiYQKzkT40QA/Sjl2L/wSj7NitL9ioFhOrjLBFu1hktFLAddmmkaPL
LPxzj0N6UgU8/pIs1BhAaVV0ylJqvWCcke5zw6JEsirpdgA1AhdL8vYRDRtL5aNS
+42O9UJEsw==
-----END CERTIFICATE-----