Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Hekyc87VkolMnTVRSLsfrMEPcqI.cer
File:                     Hekyc87VkolMnTVRSLsfrMEPcqI.cer (raw, json)
Hash identifier:          S/3Z+2FVb//38gTqbHsCoz5B6IGvU7P1yxykyIhs3mE=
Subject key identifier:   1D:E9:32:73:CE:D5:92:89:4C:9D:35:51:48:BB:1F:AC:C1:0F:72:A2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7CECD3AA866BF0E6D222E51B759B2D3C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9d/3fd53b-e153-4c3a-8058-18ad589cecd0/1/Hekyc87VkolMnTVRSLsfrMEPcqI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9d/3fd53b-e153-4c3a-8058-18ad589cecd0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 04:17:34 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 185.42.148.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:d3:aa:86:6b:f0:e6:d2:22:e5:1b:75:9b:2d:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1de93273ced592894c9d355148bb1facc10f72a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0c:9d:87:40:4f:82:70:af:cf:1c:5d:bb:2e:
                    77:a4:bd:7d:08:b5:b3:42:7d:09:9d:6c:72:03:5c:
                    08:c4:5b:92:03:48:9d:e1:d6:17:a8:76:de:8a:ad:
                    d1:46:65:11:50:be:77:c7:4f:ae:13:fd:e3:a1:4c:
                    a6:7e:cc:ce:84:66:46:5e:81:8b:25:d7:a8:f6:ea:
                    50:a0:ad:00:84:3b:98:fc:7d:d1:35:40:60:d9:2c:
                    6a:18:dc:83:73:3b:69:a7:28:d1:42:19:da:26:88:
                    c9:00:bf:42:fc:e7:47:0a:43:d6:e2:b4:0e:3b:1f:
                    eb:c9:4c:b4:07:7e:cf:75:dc:bd:be:b5:12:d5:9c:
                    88:e9:95:30:91:83:84:ad:dc:2c:8c:a0:ec:af:91:
                    f3:4d:91:9d:b5:16:f7:e7:f9:17:40:b2:68:7a:7e:
                    7d:0b:90:00:a3:4c:d6:5a:d1:aa:ea:f3:3e:85:c9:
                    09:a6:45:10:d0:c1:63:11:0d:2b:7c:71:a5:44:0b:
                    35:e3:be:e7:6a:bc:c7:a0:15:be:b6:d5:83:80:71:
                    b9:be:2f:46:6d:c5:21:f9:cb:0c:e2:05:46:48:c7:
                    97:40:1a:05:d8:90:ed:ba:b1:50:54:9e:8d:0e:02:
                    33:62:c9:7d:d9:af:ff:70:3c:16:88:b5:5a:dc:b2:
                    cf:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:E9:32:73:CE:D5:92:89:4C:9D:35:51:48:BB:1F:AC:C1:0F:72:A2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3fd53b-e153-4c3a-8058-18ad589cecd0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3fd53b-e153-4c3a-8058-18ad589cecd0/1/Hekyc87VkolMnTVRSLsfrMEPcqI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:0f:bd:fc:b2:ef:7e:34:d2:19:1a:27:36:08:80:90:60:8f:
         2f:0c:da:63:af:85:b6:06:60:d8:38:20:4e:68:46:44:4e:1d:
         86:4d:06:b1:3d:a1:b2:b3:82:8f:62:13:f3:83:b2:67:8b:5f:
         28:df:fa:71:ef:ef:3e:01:63:1c:a7:1b:88:6a:1a:a0:f3:56:
         73:33:2f:f7:e8:6f:ae:f4:af:ea:ca:ee:d2:53:7c:3d:f2:78:
         61:73:5e:95:79:eb:af:f1:ae:ee:f0:d0:6e:c3:31:71:0a:27:
         4a:56:46:f1:7d:86:13:51:55:ec:65:5b:1c:f8:b9:04:3d:e0:
         b8:9e:68:b9:5d:30:e4:7f:be:fb:c8:fd:14:1b:9f:57:6d:c1:
         8b:a9:30:fc:3b:83:29:a1:84:38:0f:a1:3a:c4:6d:02:36:4f:
         0e:b6:97:52:27:32:0a:70:fa:00:c9:56:51:8a:9d:8b:eb:fa:
         37:38:74:b0:9d:0c:90:90:87:f5:30:c7:36:9e:ca:6b:7f:64:
         53:af:53:03:5b:86:1c:5d:68:20:e6:81:f8:14:ba:e5:92:9f:
         4b:06:6b:b0:d3:fe:4d:23:08:5b:a9:91:2f:8a:19:40:47:12:
         b4:c7:99:3f:ce:ca:6f:61:53:8a:3f:23:20:9a:ef:6d:b3:bb:
         d4:04:9a:ba
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt87NOqhmvw5tIi5Rt1my08MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDQxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGU5MzI3M2NlZDU5Mjg5NGM5ZDM1NTE0OGJiMWZhY2MxMGY3MmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gydh0BPgnCvzxxduy53pL19CLWz
Qn0JnWxyA1wIxFuSA0id4dYXqHbeiq3RRmURUL53x0+uE/3joUymfszOhGZGXoGL
Jdeo9upQoK0AhDuY/H3RNUBg2SxqGNyDcztppyjRQhnaJojJAL9C/OdHCkPW4rQO
Ox/ryUy0B37Pddy9vrUS1ZyI6ZUwkYOErdwsjKDsr5HzTZGdtRb35/kXQLJoen59
C5AAo0zWWtGq6vM+hckJpkUQ0MFjEQ0rfHGlRAs1477narzHoBW+ttWDgHG5vi9G
bcUh+csM4gVGSMeXQBoF2JDturFQVJ6NDgIzYsl92a//cDwWiLVa3LLP8wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFB3pMnPO1ZKJTJ01UUi7H6zBD3KiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlkLzNmZDUz
Yi1lMTUzLTRjM2EtODA1OC0xOGFkNTg5Y2VjZDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvM2ZkNTNi
LWUxNTMtNGMzYS04MDU4LTE4YWQ1ODljZWNkMC8xL0hla3ljODdWa29sTW5UVlJT
THNmck1FUGNxSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuSqUMA0GCSqGSIb3DQEBCwUAA4IBAQBiD738
su9+NNIZGic2CICQYI8vDNpjr4W2BmDYOCBOaEZETh2GTQaxPaGys4KPYhPzg7Jn
i18o3/px7+8+AWMcpxuIahqg81ZzMy/36G+u9K/qyu7SU3w98nhhc16Veeuv8a7u
8NBuwzFxCidKVkbxfYYTUVXsZVsc+LkEPeC4nmi5XTDkf777yP0UG59XbcGLqTD8
O4MpoYQ4D6E6xG0CNk8OtpdSJzIKcPoAyVZRip2L6/o3OHSwnQyQkIf1MMc2nspr
f2RTr1MDW4YcXWgg5oH4FLrlkp9LBmuw0/5NIwhbqZEvihlARxK0x5k/zspvYVOK
PyMgmu9ts7vUBJq6
-----END CERTIFICATE-----