Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BkwamGxZM6O5EIToo_8IBm05jhk.cer
File:                     BkwamGxZM6O5EIToo_8IBm05jhk.cer (raw, json)
Hash identifier:          Rucd07S5Dmt1jQD9KuuFtVqePKWpPzBqH9Hz6iHfDH8=
Subject key identifier:   06:4C:1A:98:6C:59:33:A3:B9:10:84:E8:A3:FF:08:06:6D:39:8E:19
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7834E591ECE381DD23ED8903D58B82E4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d6/f62552-14f1-499c-af78-7f6a655fd788/1/BkwamGxZM6O5EIToo_8IBm05jhk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d6/f62552-14f1-499c-af78-7f6a655fd788/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 06:18:11 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 211966
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:e5:91:ec:e3:81:dd:23:ed:89:03:d5:8b:82:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=064c1a986c5933a3b91084e8a3ff08066d398e19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4a:ca:63:c7:08:99:2a:fa:41:76:79:b6:55:
                    e5:62:06:ba:8f:30:7b:0c:b5:19:26:59:20:89:39:
                    13:b4:8e:43:4b:f8:a6:f2:b5:d8:02:9e:ad:fe:cf:
                    4e:c7:20:fd:9f:d4:3f:8a:94:46:a3:3b:3a:5f:d2:
                    90:d6:b0:4b:f9:bb:95:07:81:f8:fb:f6:82:49:99:
                    4f:6a:ac:25:00:be:95:cf:66:a4:53:4a:d6:50:dd:
                    71:b8:e6:f1:38:e4:71:c9:72:72:20:2b:8f:ea:04:
                    85:7f:7d:46:5e:47:d0:07:c3:a7:4b:a9:d9:ad:52:
                    74:54:8d:b9:7a:f0:b6:cf:a5:bf:f5:b9:d6:b2:9d:
                    57:3e:33:8b:d5:c3:94:2c:c5:a3:fc:aa:c1:6a:21:
                    b8:d7:cf:12:ad:8c:e4:ac:2a:f2:37:00:22:be:4c:
                    d6:5d:e1:95:78:43:a7:bb:bd:f4:69:c5:0d:8f:3f:
                    89:57:67:3a:a4:c4:9a:74:16:64:e9:f3:4f:bf:cf:
                    6b:9d:b0:6e:e8:d3:ea:c4:41:f3:e2:ef:33:49:6b:
                    6e:7b:eb:17:03:52:7b:4a:b7:21:d6:61:96:ad:7c:
                    c7:51:fc:d3:4f:30:98:6e:2d:48:92:9f:b6:61:af:
                    1f:73:4a:31:d7:3c:f8:b2:0f:d4:06:1a:bf:79:57:
                    07:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:4C:1A:98:6C:59:33:A3:B9:10:84:E8:A3:FF:08:06:6D:39:8E:19
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/f62552-14f1-499c-af78-7f6a655fd788/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/f62552-14f1-499c-af78-7f6a655fd788/1/BkwamGxZM6O5EIToo_8IBm05jhk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211966

    Signature Algorithm: sha256WithRSAEncryption
         55:d0:87:85:16:a6:07:c3:15:4f:82:54:7c:fa:0f:31:b5:39:
         64:0a:a2:49:6d:47:16:2b:2f:97:1e:0e:b0:1b:04:fa:42:9e:
         6e:3c:9f:e9:13:2e:68:2a:2f:a0:de:67:b1:48:49:78:37:78:
         63:6f:fe:04:96:9e:f2:cc:8e:51:b9:0c:52:22:e2:4a:6a:8c:
         bb:e7:92:d7:e1:52:ee:82:d7:32:72:09:1b:fa:a9:0a:a1:13:
         dc:b6:e2:5d:29:ae:01:45:38:7f:39:13:0c:1a:ec:43:58:b0:
         ef:06:e6:d3:71:2b:5e:05:7c:19:e6:90:1a:b0:25:49:c5:2e:
         6f:4d:d9:5d:aa:af:8d:3a:bf:23:57:bb:e4:bd:83:cf:37:b7:
         80:ab:ce:3a:c0:b9:c2:5b:c9:27:73:20:32:af:8e:19:af:9b:
         78:1f:78:4a:85:a2:ec:e7:08:d0:80:19:af:98:75:64:3b:07:
         cc:8c:bb:61:e1:a3:56:be:b1:6f:0c:40:3d:16:c9:b3:ef:c0:
         5e:33:53:55:88:c2:a2:f6:a0:41:7a:1e:3d:48:97:df:67:ef:
         f9:9b:c0:c3:14:9e:d2:5e:67:1d:b5:7d:40:2f:c6:c0:cc:87:
         89:23:e4:d2:1d:b1:e5:b5:9d:fc:6a:ab:9d:a7:43:27:fc:14:
         22:06:1d:96
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt4NOWR7OOB3SPtiQPVi4LkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDYxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjRjMWE5ODZjNTkzM2EzYjkxMDg0ZThhM2ZmMDgwNjZkMzk4ZTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukrKY8cImSr6QXZ5tlXlYga6jzB7
DLUZJlkgiTkTtI5DS/im8rXYAp6t/s9OxyD9n9Q/ipRGozs6X9KQ1rBL+buVB4H4
+/aCSZlPaqwlAL6Vz2akU0rWUN1xuObxOORxyXJyICuP6gSFf31GXkfQB8OnS6nZ
rVJ0VI25evC2z6W/9bnWsp1XPjOL1cOULMWj/KrBaiG4188SrYzkrCryNwAivkzW
XeGVeEOnu730acUNjz+JV2c6pMSadBZk6fNPv89rnbBu6NPqxEHz4u8zSWtue+sX
A1J7Srch1mGWrXzHUfzTTzCYbi1Ikp+2Ya8fc0ox1zz4sg/UBhq/eVcHkwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAZMGphsWTOjuRCE6KP/CAZtOY4ZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q2L2Y2MjU1
Mi0xNGYxLTQ5OWMtYWY3OC03ZjZhNjU1ZmQ3ODgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDYvZjYyNTUy
LTE0ZjEtNDk5Yy1hZjc4LTdmNmE2NTVmZDc4OC8xL0Jrd2FtR3haTTZPNUVJVG9v
XzhJQm0wNWpoay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM7/jANBgkqhkiG9w0BAQsFAAOCAQEAVdCHhRamB8MV
T4JUfPoPMbU5ZAqiSW1HFisvlx4OsBsE+kKebjyf6RMuaCovoN5nsUhJeDd4Y2/+
BJae8syOUbkMUiLiSmqMu+eS1+FS7oLXMnIJG/qpCqET3LbiXSmuAUU4fzkTDBrs
Q1iw7wbm03ErXgV8GeaQGrAlScUub03ZXaqvjTq/I1e75L2Dzze3gKvOOsC5wlvJ
J3MgMq+OGa+beB94SoWi7OcI0IAZr5h1ZDsHzIy7YeGjVr6xbwxAPRbJs+/AXjNT
VYjCovagQXoePUiX32fv+ZvAwxSe0l5nHbV9QC/GwMyHiSPk0h2x5bWd/GqrnadD
J/wUIgYdlg==
-----END CERTIFICATE-----