Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JKtnE2v5kKqL6IV6aNLDmezWKZo.cer
File:                     JKtnE2v5kKqL6IV6aNLDmezWKZo.cer (raw, json)
Hash identifier:          ffZ/wdY82a8oD3K0q1Glo8FCouuBGqER0XwTGlQdAVA=
Subject key identifier:   24:AB:67:13:6B:F9:90:AA:8B:E8:85:7A:68:D2:C3:99:EC:D6:29:9A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B78351985A16D9CA30AFBC710CAFDE620
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/20/088521-2398-457b-b1e3-dd3360393391/1/JKtnE2v5kKqL6IV6aNLDmezWKZo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/20/088521-2398-457b-b1e3-dd3360393391/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 06:18:24 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 194.127.176.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:19:85:a1:6d:9c:a3:0a:fb:c7:10:ca:fd:e6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24ab67136bf990aa8be8857a68d2c399ecd6299a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c6:45:88:86:c4:87:42:1d:02:81:e6:d7:fc:
                    3b:5c:b6:ed:bb:bc:48:87:f9:08:0d:c1:99:2a:60:
                    37:d8:9e:0c:d8:eb:05:f6:7f:19:9d:b5:79:b5:e6:
                    dd:ed:c5:e8:e1:89:9a:b6:35:b6:f6:e5:ad:88:0a:
                    d4:5a:0a:99:e7:f4:05:19:99:a1:f9:7c:5a:cc:c9:
                    dd:20:c8:20:dc:36:44:e3:68:1b:68:45:5f:56:85:
                    17:c0:c5:6d:2e:fd:6c:1f:a8:da:d6:80:cc:4b:7f:
                    2d:74:23:ad:14:c1:78:34:64:8c:e6:e0:a2:4b:d5:
                    e2:3a:da:00:73:d5:00:91:5c:53:9d:f4:12:54:f0:
                    ff:92:3d:0c:64:76:1f:f5:bd:83:3a:ee:61:51:a5:
                    d3:44:f3:97:7f:fe:24:e5:f9:ea:be:25:4f:44:aa:
                    00:3d:9a:c9:02:0a:bc:a9:bb:bd:57:db:98:a2:94:
                    34:f2:aa:58:3b:d3:44:70:01:21:e7:7e:37:a6:03:
                    6e:d5:ef:39:bb:e3:e8:b5:05:30:a4:db:dd:cb:dc:
                    e7:01:af:1d:0b:e4:29:79:d1:c2:24:9d:22:a8:bd:
                    79:c5:c1:9d:1d:9d:12:c0:76:02:3f:5a:08:6f:ff:
                    d3:a9:3f:d9:06:92:04:c6:fd:3d:c1:fe:f2:41:76:
                    53:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:AB:67:13:6B:F9:90:AA:8B:E8:85:7A:68:D2:C3:99:EC:D6:29:9A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/088521-2398-457b-b1e3-dd3360393391/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/088521-2398-457b-b1e3-dd3360393391/1/JKtnE2v5kKqL6IV6aNLDmezWKZo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:9e:19:89:ea:ed:ca:1f:5a:14:81:aa:90:a8:b7:2e:c7:00:
         b5:a9:e1:88:1a:85:7f:64:29:87:47:c1:d9:b4:a5:c8:55:dd:
         9f:d0:5f:dd:30:ff:d3:22:e9:c6:48:47:39:25:4f:90:ed:76:
         04:8e:91:8c:8b:0e:18:8f:8e:58:17:fb:d0:d4:70:5c:9e:56:
         c9:68:b2:48:cb:b7:b2:3a:86:45:99:6c:cb:02:d7:13:c6:58:
         10:74:be:c6:f4:c6:96:a7:a7:eb:6e:e3:58:98:45:c9:96:cb:
         3e:38:92:a5:4c:48:91:f1:cb:b3:35:1c:37:b3:e4:dc:14:63:
         39:15:03:2d:d0:50:42:dc:c6:58:c5:06:fc:7f:49:fb:1b:9d:
         ae:f8:7c:99:82:7f:eb:41:0f:61:2c:cb:fd:4b:b4:92:e8:a6:
         be:05:8e:d2:97:1c:07:8e:d3:b7:a8:a0:73:05:28:99:87:f6:
         c7:f7:48:ef:11:54:f8:91:0c:5b:1c:c1:1d:d5:aa:9f:c7:22:
         74:b5:87:f0:e3:57:ec:4a:34:8e:49:b1:08:55:13:bc:19:4b:
         8a:cc:82:80:dd:19:8f:38:16:c1:8a:6c:47:69:e5:10:4f:58:
         c7:28:35:11:fb:fd:b2:9d:01:b6:9d:1b:aa:93:4d:71:a9:16:
         7e:bf:cb:55
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt4NRmFoW2cowr7xxDK/eYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDYxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGFiNjcxMzZiZjk5MGFhOGJlODg1N2E2OGQyYzM5OWVjZDYyOTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMZFiIbEh0IdAoHm1/w7XLbtu7xI
h/kIDcGZKmA32J4M2OsF9n8ZnbV5tebd7cXo4YmatjW29uWtiArUWgqZ5/QFGZmh
+XxazMndIMgg3DZE42gbaEVfVoUXwMVtLv1sH6ja1oDMS38tdCOtFMF4NGSM5uCi
S9XiOtoAc9UAkVxTnfQSVPD/kj0MZHYf9b2DOu5hUaXTRPOXf/4k5fnqviVPRKoA
PZrJAgq8qbu9V9uYopQ08qpYO9NEcAEh5343pgNu1e85u+PotQUwpNvdy9znAa8d
C+QpedHCJJ0iqL15xcGdHZ0SwHYCP1oIb//TqT/ZBpIExv09wf7yQXZTJQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCSrZxNr+ZCqi+iFemjSw5ns1imaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIwLzA4ODUy
MS0yMzk4LTQ1N2ItYjFlMy1kZDMzNjAzOTMzOTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvMDg4NTIx
LTIzOTgtNDU3Yi1iMWUzLWRkMzM2MDM5MzM5MS8xL0pLdG5FMnY1a0txTDZJVjZh
TkxEbWV6V0taby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwn+wMA0GCSqGSIb3DQEBCwUAA4IBAQBanhmJ
6u3KH1oUgaqQqLcuxwC1qeGIGoV/ZCmHR8HZtKXIVd2f0F/dMP/TIunGSEc5JU+Q
7XYEjpGMiw4Yj45YF/vQ1HBcnlbJaLJIy7eyOoZFmWzLAtcTxlgQdL7G9MaWp6fr
buNYmEXJlss+OJKlTEiR8cuzNRw3s+TcFGM5FQMt0FBC3MZYxQb8f0n7G52u+HyZ
gn/rQQ9hLMv9S7SS6Ka+BY7SlxwHjtO3qKBzBSiZh/bH90jvEVT4kQxbHMEd1aqf
xyJ0tYfw41fsSjSOSbEIVRO8GUuKzIKA3RmPOBbBimxHaeUQT1jHKDUR+/2ynQG2
nRuqk01xqRZ+v8tV
-----END CERTIFICATE-----