Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer
File:                     HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer (raw, json)
Hash identifier:          1JA8nkuoVHckHm31yk8s8G2rya+Se37vg887F5DM5rQ=
Subject key identifier:   1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B77C6C4B1B390BDD6AFE15737AC7B6E6D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 04:17:53 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 164.81.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:c4:b1:b3:90:bd:d6:af:e1:57:37:ac:7b:6e:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1cbbfa49877bc5d9e4cf446950fd14279929f49a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:af:30:74:31:86:fc:1b:80:ae:83:0b:aa:c4:
                    2e:aa:c6:1e:ca:fc:41:07:8c:7b:90:3b:ed:e7:99:
                    69:d1:34:52:49:cb:3a:c5:71:e7:de:e4:16:09:5e:
                    e9:58:6e:3f:0b:96:80:bd:33:ca:b3:5b:b9:d3:37:
                    34:bc:37:0c:3c:ce:51:ba:0b:51:af:83:23:15:4c:
                    38:d2:c3:b3:b4:97:61:33:39:53:e5:8c:9b:52:58:
                    2c:95:61:5b:db:87:fa:0e:64:1d:15:b7:0e:b8:e5:
                    30:4b:9f:46:f3:76:d1:72:0b:32:83:40:60:03:72:
                    3d:d3:08:eb:c6:30:6a:49:3a:ec:ef:34:0d:57:db:
                    57:60:c5:3c:b3:43:f9:82:8f:ee:be:52:53:15:78:
                    5f:3a:f4:8c:bf:d8:28:8d:f0:da:55:c9:be:b3:e0:
                    3c:45:59:cb:28:8e:fb:a5:8f:53:ae:7b:fc:ae:70:
                    48:48:a8:d8:c0:03:f9:4a:3f:dd:28:93:f7:ae:84:
                    54:0b:05:73:c7:e8:a7:60:84:5b:eb:ab:84:5b:ea:
                    a6:31:f2:bb:79:62:76:cd:a7:ec:02:0f:d8:d6:97:
                    f0:59:9d:96:9e:54:db:b6:bf:a7:1f:40:9a:6c:00:
                    99:73:af:c1:7b:7a:29:d3:f1:66:10:05:39:3c:7f:
                    44:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.81.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         42:b9:29:99:40:f7:6e:0a:29:98:76:cf:2a:27:9d:bb:c2:21:
         d3:b7:04:67:d2:60:59:be:0a:38:3b:08:60:bb:04:c9:0e:7c:
         b4:a9:5d:b1:7c:6b:46:8f:b6:09:c1:d0:57:ad:1e:55:9d:51:
         28:c3:5a:e7:7d:86:9a:17:f9:c8:30:43:93:af:15:80:1d:2a:
         82:be:f7:60:f7:25:4b:31:87:a6:9e:97:9d:5f:6b:f0:58:48:
         eb:68:c9:c7:57:88:7c:c7:1f:0c:91:10:64:4c:a3:d3:05:42:
         c7:57:0b:56:32:19:3a:0b:98:6a:cc:51:88:90:2a:b4:98:aa:
         62:b2:28:5c:80:6f:ba:22:ae:8d:76:ca:b2:f9:7c:a2:10:b6:
         5d:e3:8c:af:91:86:9d:82:fe:3a:d7:fe:96:ab:d8:a0:a3:fb:
         f1:fd:a0:bc:27:67:49:1a:41:cb:b1:f7:51:57:8d:ce:5d:f1:
         33:62:cb:5a:10:d2:ed:66:3e:4b:44:7b:57:8a:97:86:20:21:
         48:22:c5:50:82:df:c2:e0:61:d2:23:2b:83:71:0c:b4:91:77:
         6d:a2:9d:2e:60:ff:14:0b:0d:68:92:cf:4e:4c:2f:b4:c7:a0:
         ce:4e:01:fe:30:dd:cc:9b:98:2e:32:ed:d6:3c:b6:bc:fe:9b:
         31:3f:29:91
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZt3xsSxs5C91q/hVzese25tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDQxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2JiZmE0OTg3N2JjNWQ5ZTRjZjQ0Njk1MGZkMTQyNzk5MjlmNDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwq8wdDGG/BuAroMLqsQuqsYeyvxB
B4x7kDvt55lp0TRSScs6xXHn3uQWCV7pWG4/C5aAvTPKs1u50zc0vDcMPM5RugtR
r4MjFUw40sOztJdhMzlT5YybUlgslWFb24f6DmQdFbcOuOUwS59G83bRcgsyg0Bg
A3I90wjrxjBqSTrs7zQNV9tXYMU8s0P5go/uvlJTFXhfOvSMv9gojfDaVcm+s+A8
RVnLKI77pY9Trnv8rnBISKjYwAP5Sj/dKJP3roRUCwVzx+inYIRb66uEW+qmMfK7
eWJ2zafsAg/Y1pfwWZ2WnlTbtr+nH0CabACZc6/Be3op0/FmEAU5PH9ERwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFBy7+kmHe8XZ5M9EaVD9FCeZKfSaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VjLzg1MWNh
Yy1lMWQ4LTQ1NzEtODJhNi00NmJmNzYyNjE4ZTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWMvODUxY2Fj
LWUxZDgtNDU3MS04MmE2LTQ2YmY3NjI2MThlNy8xL0hMdjZTWWQ3eGRua3owUnBV
UDBVSjVrcDlKby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMApFEwDQYJKoZIhvcNAQELBQADggEBAEK5KZlA
924KKZh2zyonnbvCIdO3BGfSYFm+Cjg7CGC7BMkOfLSpXbF8a0aPtgnB0FetHlWd
USjDWud9hpoX+cgwQ5OvFYAdKoK+92D3JUsxh6ael51fa/BYSOtoycdXiHzHHwyR
EGRMo9MFQsdXC1YyGToLmGrMUYiQKrSYqmKyKFyAb7oiro12yrL5fKIQtl3jjK+R
hp2C/jrX/par2KCj+/H9oLwnZ0kaQcux91FXjc5d8TNiy1oQ0u1mPktEe1eKl4Yg
IUgixVCC38LgYdIjK4NxDLSRd22inS5g/xQLDWiSz05ML7THoM5OAf4w3cybmC4y
7dY8trz+mzE/KZE=
-----END CERTIFICATE-----