Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BiO7h0MRbYaxO5vZ5TQCOYt6HuA.cer
File:                     BiO7h0MRbYaxO5vZ5TQCOYt6HuA.cer (raw, json)
Hash identifier:          V23LKJZto9S5mh87z5rOwSA6Z+JaE2V/cbdDxqKPjuo=
Subject key identifier:   06:23:BB:87:43:11:6D:86:B1:3B:9B:D9:E5:34:02:39:8B:7A:1E:E0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7878A276FCD179B4323AE7067B4C13FA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki-repo.as207960.net/repo/rpki_ca_4d5c309ae11a449ea8407ace1f7901f0/1/0623BB8743116D86B13B9BD9E53402398B7A1EE0.mft
caRepository:             rsync://rpki-repo.as207960.net/repo/rpki_ca_4d5c309ae11a449ea8407ace1f7901f0/1/
Notify URL:               https://rpki.as207960.net/rrdp/notification.xml
Certificate not before:   Thu 01 Jan 2026 07:32:10 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 216055
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:78:a2:76:fc:d1:79:b4:32:3a:e7:06:7b:4c:13:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:32:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0623bb8743116d86b13b9bd9e53402398b7a1ee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ef:e8:b7:87:25:dc:49:5b:ee:05:9d:3c:59:
                    5b:26:ec:7e:69:bb:25:cf:14:2c:13:99:d1:ff:83:
                    08:4e:2b:4c:4d:7a:e5:a9:9f:20:d4:c5:62:7c:d3:
                    80:ee:f0:d8:45:35:59:a0:9c:b8:19:30:a5:c4:85:
                    43:8a:c7:55:85:46:19:48:e4:69:29:30:05:bf:49:
                    1a:2d:2d:6c:30:32:35:f6:f5:82:3f:63:e5:d1:e5:
                    56:bd:b0:27:ea:b9:eb:2c:71:56:32:4f:ee:bb:ae:
                    ad:1d:96:02:cc:65:24:61:f3:2e:3a:8c:b9:0d:f4:
                    95:40:24:cf:25:1f:c4:ec:35:b7:0a:0c:4a:3f:35:
                    df:3a:47:47:ac:35:90:9a:43:6a:45:29:74:b1:a6:
                    a5:74:23:eb:43:d7:39:61:81:35:da:64:5a:1a:31:
                    9c:3e:b1:a4:e4:8b:6a:da:92:ca:4b:5f:b7:dd:e9:
                    df:36:4b:5b:d0:4e:ad:f0:64:e8:4a:c0:70:a8:d4:
                    37:39:d1:2f:c7:7c:3e:ac:16:16:79:90:4e:8d:74:
                    d7:3a:b9:90:77:70:a5:14:b5:ee:4a:a8:c6:fc:88:
                    7d:98:99:b0:35:60:47:d6:81:90:7e:06:21:3c:ce:
                    38:06:f0:6e:13:0e:86:e4:f5:75:24:b3:71:a7:e4:
                    5a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:23:BB:87:43:11:6D:86:B1:3B:9B:D9:E5:34:02:39:8B:7A:1E:E0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki-repo.as207960.net/repo/rpki_ca_4d5c309ae11a449ea8407ace1f7901f0/1/
                RPKI Manifest - URI:rsync://rpki-repo.as207960.net/repo/rpki_ca_4d5c309ae11a449ea8407ace1f7901f0/1/0623BB8743116D86B13B9BD9E53402398B7A1EE0.mft
                RPKI Notify - URI:https://rpki.as207960.net/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216055

    Signature Algorithm: sha256WithRSAEncryption
         55:ca:90:a3:da:1e:2b:72:a8:00:87:c0:1d:8b:41:5a:fd:99:
         23:90:67:56:36:4b:00:3e:64:f1:45:df:0c:5b:cf:00:bb:89:
         42:bf:c8:27:cf:97:c0:bc:a1:8d:9b:63:aa:91:3f:7e:c3:39:
         af:7f:f6:c6:64:ff:dd:15:4a:80:15:0a:67:52:66:33:af:1e:
         cc:66:dd:75:78:12:b5:f8:fd:b9:d9:31:80:ec:b0:07:1f:ef:
         e1:c9:54:32:8f:d7:21:66:44:85:4e:0a:01:ad:c5:d3:c6:e7:
         ca:6a:39:45:d0:9a:e4:89:55:12:eb:a9:4a:57:d6:f0:cb:f7:
         14:dc:92:15:96:3f:d1:f5:82:38:32:ce:de:3e:c7:be:20:cf:
         f7:68:77:b3:ad:57:2c:34:8c:ba:75:8b:1d:7c:4e:3a:68:1f:
         ad:cc:6d:3e:94:9c:20:19:ca:d9:e8:30:48:de:d5:19:39:8b:
         f8:6f:8c:36:50:ec:77:66:19:59:f8:28:d3:7d:b1:a3:f3:53:
         74:fa:4f:dd:9b:06:84:d6:dd:59:e3:6a:85:fc:ca:d4:a2:61:
         42:87:af:25:38:bd:2a:84:c9:e8:38:b3:a7:08:7b:6d:65:2f:
         92:37:4e:fd:a6:70:4d:da:4d:d8:d5:a9:9c:48:11:8c:f0:60:
         da:a6:b6:72
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAZt4eKJ2/NF5tDI65wZ7TBP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDczMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjIzYmI4NzQzMTE2ZDg2YjEzYjliZDllNTM0MDIzOThiN2ExZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6O/ot4cl3Elb7gWdPFlbJux+absl
zxQsE5nR/4MITitMTXrlqZ8g1MVifNOA7vDYRTVZoJy4GTClxIVDisdVhUYZSORp
KTAFv0kaLS1sMDI19vWCP2Pl0eVWvbAn6rnrLHFWMk/uu66tHZYCzGUkYfMuOoy5
DfSVQCTPJR/E7DW3CgxKPzXfOkdHrDWQmkNqRSl0saaldCPrQ9c5YYE12mRaGjGc
PrGk5Itq2pLKS1+33enfNktb0E6t8GToSsBwqNQ3OdEvx3w+rBYWeZBOjXTXOrmQ
d3ClFLXuSqjG/Ih9mJmwNWBH1oGQfgYhPM44BvBuEw6G5PV1JLNxp+RaBwIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFAYju4dDEW2GsTub2eU0AjmLeh7gMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE2BggrBgEFBQcBCwSCASgwggEkMFsGCCsGAQUFBzAFhk9y
c3luYzovL3Jwa2ktcmVwby5hczIwNzk2MC5uZXQvcmVwby9ycGtpX2NhXzRkNWMz
MDlhZTExYTQ0OWVhODQwN2FjZTFmNzkwMWYwLzEvMIGHBggrBgEFBQcwCoZ7cnN5
bmM6Ly9ycGtpLXJlcG8uYXMyMDc5NjAubmV0L3JlcG8vcnBraV9jYV80ZDVjMzA5
YWUxMWE0NDllYTg0MDdhY2UxZjc5MDFmMC8xLzA2MjNCQjg3NDMxMTZEODZCMTNC
OUJEOUU1MzQwMjM5OEI3QTFFRTAubWZ0MDsGCCsGAQUFBzANhi9odHRwczovL3Jw
a2kuYXMyMDc5NjAubmV0L3JyZHAvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQ
ME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDS/cwDQYJKoZIhvcN
AQELBQADggEBAFXKkKPaHityqACHwB2LQVr9mSOQZ1Y2SwA+ZPFF3wxbzwC7iUK/
yCfPl8C8oY2bY6qRP37DOa9/9sZk/90VSoAVCmdSZjOvHsxm3XV4ErX4/bnZMYDs
sAcf7+HJVDKP1yFmRIVOCgGtxdPG58pqOUXQmuSJVRLrqUpX1vDL9xTckhWWP9H1
gjgyzt4+x74gz/dod7OtVyw0jLp1ix18TjpoH63MbT6UnCAZytnoMEje1Rk5i/hv
jDZQ7HdmGVn4KNN9saPzU3T6T92bBoTW3VnjaoX8ytSiYUKHryU4vSqEyeg4s6cI
e21lL5I3Tv2mcE3aTdjVqZxIEYzwYNqmtnI=
-----END CERTIFICATE-----