Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Dms4XHuHeL94ryQhyZ9dOL1VaRQ.cer
File:                     Dms4XHuHeL94ryQhyZ9dOL1VaRQ.cer (raw, json)
Hash identifier:          BjKY2QamFrrAYq16AiTKg8h7wIfQY6UHCyI2CD4fBQw=
Subject key identifier:   0E:6B:38:5C:7B:87:78:BF:78:AF:24:21:C9:9F:5D:38:BD:55:69:14
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5C7C77C6FCFF3D1A19589148A165B5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ef/0a8fc1-986e-4209-930c-1c77431b05f7/1/Dms4XHuHeL94ryQhyZ9dOL1VaRQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ef/0a8fc1-986e-4209-930c-1c77431b05f7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:19:31 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 48136
                          IP: 2001:67c:c::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:7c:77:c6:fc:ff:3d:1a:19:58:91:48:a1:65:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e6b385c7b8778bf78af2421c99f5d38bd556914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d4:d5:c3:3f:59:67:7a:65:06:7b:e5:3f:8c:
                    4e:db:c3:3f:79:0b:31:67:84:47:8c:5f:9d:58:b9:
                    b5:68:9a:2c:10:90:a4:57:73:1b:b4:20:53:59:c5:
                    a7:51:16:f9:94:32:33:eb:8e:88:49:d3:a6:25:35:
                    c8:72:dc:08:d2:e1:b0:2c:95:64:45:d3:1a:93:23:
                    a5:fd:9a:09:1e:81:f5:d3:9c:10:04:07:c2:ce:bb:
                    6a:39:f1:e7:45:94:31:61:33:2d:02:0f:68:33:99:
                    a4:ad:42:f9:0e:e4:f8:ee:2f:b4:40:e7:e9:be:05:
                    10:7a:f2:f7:05:6a:d3:37:d6:c1:a0:68:ff:2f:11:
                    cf:13:98:10:36:67:74:42:01:0a:3c:39:3a:09:03:
                    92:5b:50:3b:50:59:65:9c:58:72:66:81:f0:3a:c3:
                    17:6d:00:29:92:2b:cf:c8:14:d1:43:36:85:a9:2a:
                    d4:85:b9:18:76:48:db:d9:a1:4e:ca:a2:0f:3b:ae:
                    87:d3:2a:a6:a0:8f:84:f9:d4:44:5a:63:90:85:0b:
                    be:8d:24:a8:a0:9c:dd:3b:5c:9e:50:1a:d7:5a:7e:
                    d8:23:77:71:44:f7:a2:02:7e:c0:39:4b:d4:31:f9:
                    6d:80:21:64:56:e5:18:8f:06:05:9d:3e:ae:ca:c4:
                    d4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:6B:38:5C:7B:87:78:BF:78:AF:24:21:C9:9F:5D:38:BD:55:69:14
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0a8fc1-986e-4209-930c-1c77431b05f7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0a8fc1-986e-4209-930c-1c77431b05f7/1/Dms4XHuHeL94ryQhyZ9dOL1VaRQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48136

    Signature Algorithm: sha256WithRSAEncryption
         40:ea:ef:7d:91:f1:fe:d2:1d:b2:34:c0:57:9b:4d:39:62:64:
         ec:aa:43:f2:03:47:4c:3a:b4:e7:e1:50:a5:44:db:87:15:8c:
         40:3f:10:1e:24:b8:8e:ae:b7:f3:88:39:d8:fe:9a:82:fa:24:
         11:e3:d1:ee:54:7a:b0:52:72:57:56:59:2a:51:84:38:0c:47:
         0a:98:44:ae:ab:67:5c:96:81:e8:e9:6a:3f:1a:9e:56:2d:7f:
         44:76:a1:2d:5b:d1:b8:3c:59:91:de:8a:0c:ee:4e:7e:9a:b8:
         d2:2e:d3:cf:2c:ee:e9:0e:80:c8:64:05:01:0f:4a:63:43:85:
         da:07:8b:a5:c2:c8:5c:13:73:73:7f:13:93:df:f8:0f:3b:7c:
         c0:60:46:4c:42:ca:fb:76:1f:29:46:53:82:3e:d3:62:46:82:
         88:ac:e9:c0:15:94:4b:cb:bb:bb:34:2d:5b:68:a6:72:c5:62:
         1f:f2:40:c0:c6:bf:5e:44:d8:80:ea:00:e9:51:16:19:e6:2a:
         f4:f2:3e:c0:e0:af:05:9a:15:ec:11:c3:22:1f:01:9b:07:ec:
         44:2e:13:1b:48:a3:d4:3d:cf:99:7b:bd:a0:82:2d:eb:e2:2e:
         3b:47:b6:2b:ca:ae:c3:d8:89:ac:bd:97:6c:1a:49:91:86:5c:
         96:a1:6d:0b
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZt9XHx3xvz/PRoZWJFIoWW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTZiMzg1YzdiODc3OGJmNzhhZjI0MjFjOTlmNWQzOGJkNTU2OTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNTVwz9ZZ3plBnvlP4xO28M/eQsx
Z4RHjF+dWLm1aJosEJCkV3MbtCBTWcWnURb5lDIz646ISdOmJTXIctwI0uGwLJVk
RdMakyOl/ZoJHoH105wQBAfCzrtqOfHnRZQxYTMtAg9oM5mkrUL5DuT47i+0QOfp
vgUQevL3BWrTN9bBoGj/LxHPE5gQNmd0QgEKPDk6CQOSW1A7UFllnFhyZoHwOsMX
bQApkivPyBTRQzaFqSrUhbkYdkjb2aFOyqIPO66H0yqmoI+E+dREWmOQhQu+jSSo
oJzdO1yeUBrXWn7YI3dxRPeiAn7AOUvUMfltgCFkVuUYjwYFnT6uysTU1QIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFA5rOFx7h3i/eK8kIcmfXTi9VWkUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VmLzBhOGZj
MS05ODZlLTQyMDktOTMwYy0xYzc3NDMxYjA1ZjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWYvMGE4ZmMx
LTk4NmUtNDIwOS05MzBjLTFjNzc0MzFiMDVmNy8xL0RtczRYSHVIZUw5NHJ5UWh5
WjlkT0wxVmFSUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAAMMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwC8CDANBgkqhkiG9w0BAQsFAAOCAQEAQOrvfZHx/tIdsjTAV5tNOWJk7KpD
8gNHTDq05+FQpUTbhxWMQD8QHiS4jq6384g52P6agvokEePR7lR6sFJyV1ZZKlGE
OAxHCphErqtnXJaB6OlqPxqeVi1/RHahLVvRuDxZkd6KDO5Ofpq40i7Tzyzu6Q6A
yGQFAQ9KY0OF2geLpcLIXBNzc38Tk9/4Dzt8wGBGTELK+3YfKUZTgj7TYkaCiKzp
wBWUS8u7uzQtW2imcsViH/JAwMa/XkTYgOoA6VEWGeYq9PI+wOCvBZoV7BHDIh8B
mwfsRC4TG0ij1D3PmXu9oIIt6+IuO0e2K8quw9iJrL2XbBpJkYZclqFtCw==
-----END CERTIFICATE-----