Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JxvhwGrxHz7sHcsZa8qN578I-5g.cer
File:                     JxvhwGrxHz7sHcsZa8qN578I-5g.cer (raw, json)
Hash identifier:          p44ITf9qJYvx77ucKi8DgGGySSo5ZqBmeWcDYuaYyD8=
Subject key identifier:   27:1B:E1:C0:6A:F1:1F:3E:EC:1D:CB:19:6B:CA:8D:E7:BF:08:FB:98
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B77C6D15987DD34509792618BBD90928A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/149d64-83c4-4a7e-b4b5-474207daef43/1/JxvhwGrxHz7sHcsZa8qN578I-5g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/149d64-83c4-4a7e-b4b5-474207daef43/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 04:17:57 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 33998
                          IP: 91.213.136.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:d1:59:87:dd:34:50:97:92:61:8b:bd:90:92:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=271be1c06af11f3eec1dcb196bca8de7bf08fb98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f9:f9:1e:08:48:a4:6b:fe:a8:51:1c:b7:54:
                    a2:21:7b:4a:4a:76:ca:04:3d:e4:6c:b3:d8:51:80:
                    38:95:ea:c5:64:20:a7:f9:e9:21:95:fb:50:88:a9:
                    db:89:27:3e:9d:f0:36:c4:d3:6f:eb:69:df:68:a8:
                    8f:f7:94:e6:32:7b:38:fc:b9:68:6c:1b:58:93:77:
                    27:f6:89:c5:6e:d6:67:9f:ba:20:c8:05:0b:68:3f:
                    31:b8:ff:31:8b:54:10:55:22:30:c0:19:8b:37:0d:
                    ef:ad:c6:11:be:11:60:95:88:41:a9:85:8d:c3:c7:
                    7e:ba:44:b0:5a:ff:f7:36:6f:e9:f5:0f:de:13:fc:
                    5d:b9:c8:a1:c5:b4:89:3b:8c:d0:78:b2:7c:eb:e4:
                    e8:e1:1f:f8:87:4e:a7:35:02:80:c6:95:ad:dd:11:
                    72:06:93:b8:76:9a:24:40:28:72:58:55:74:c9:e3:
                    78:a4:a1:22:88:a0:ce:8f:29:3c:a2:59:f9:47:19:
                    c8:fb:01:53:5a:f4:b4:6c:72:40:94:f0:d1:82:f8:
                    ee:4d:39:34:63:4f:48:ff:90:5c:9b:e8:e1:a4:57:
                    cd:9f:2e:e8:40:ab:1b:46:ef:06:42:2b:21:89:3d:
                    82:6e:c8:f7:0e:b0:57:84:d1:92:76:09:4d:91:36:
                    18:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:1B:E1:C0:6A:F1:1F:3E:EC:1D:CB:19:6B:CA:8D:E7:BF:08:FB:98
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/149d64-83c4-4a7e-b4b5-474207daef43/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/149d64-83c4-4a7e-b4b5-474207daef43/1/JxvhwGrxHz7sHcsZa8qN578I-5g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.136.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  33998

    Signature Algorithm: sha256WithRSAEncryption
         87:e6:82:75:0a:d3:ee:a8:58:41:a1:2d:58:13:e7:15:98:de:
         ce:28:f8:1a:0a:1f:1d:70:b1:b1:a5:5c:ef:8e:7c:36:a0:89:
         ce:10:e7:81:81:07:37:df:7e:9f:83:84:51:42:1e:f0:d5:da:
         ce:24:0d:2f:14:d0:4f:a3:58:9b:5f:2b:35:af:d8:ad:be:21:
         90:19:d6:71:44:4f:34:72:9e:2e:ae:39:42:bc:f6:92:6c:a0:
         69:6f:5a:f2:69:9e:0d:89:48:00:14:43:aa:87:23:47:e9:d3:
         78:27:ff:2c:60:92:68:0e:6a:a7:d3:25:d1:be:f9:fe:79:93:
         d5:f0:b1:9c:c1:51:fb:56:8d:d6:06:64:f0:3c:10:7c:8c:48:
         42:17:b0:19:a5:1d:61:8e:32:7f:f0:7f:a0:64:d7:be:e9:08:
         97:15:be:7f:65:35:b0:1e:54:21:e1:74:0b:23:37:de:df:42:
         b6:fd:4a:0b:49:2b:fe:ff:be:02:da:ad:b2:ef:97:1e:13:a6:
         ac:23:7b:68:47:70:63:6e:3d:8c:00:cd:fe:f8:21:2c:c6:0c:
         b5:51:ae:3f:ec:7a:aa:75:95:71:26:e9:9b:95:28:f4:e6:e9:
         a4:a4:3b:1c:07:af:f6:d9:b5:10:e1:71:15:62:c4:f1:d4:e4:
         c2:73:ad:c4
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZt3xtFZh900UJeSYYu9kJKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDQxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzFiZTFjMDZhZjExZjNlZWMxZGNiMTk2YmNhOGRlN2JmMDhmYjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/n5HghIpGv+qFEct1SiIXtKSnbK
BD3kbLPYUYA4lerFZCCn+ekhlftQiKnbiSc+nfA2xNNv62nfaKiP95TmMns4/Llo
bBtYk3cn9onFbtZnn7ogyAULaD8xuP8xi1QQVSIwwBmLNw3vrcYRvhFglYhBqYWN
w8d+ukSwWv/3Nm/p9Q/eE/xducihxbSJO4zQeLJ86+To4R/4h06nNQKAxpWt3RFy
BpO4dpokQChyWFV0yeN4pKEiiKDOjyk8oln5RxnI+wFTWvS0bHJAlPDRgvjuTTk0
Y09I/5Bcm+jhpFfNny7oQKsbRu8GQishiT2Cbsj3DrBXhNGSdglNkTYYUwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCcb4cBq8R8+7B3LGWvKjee/CPuYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1LzE0OWQ2
NC04M2M0LTRhN2UtYjRiNS00NzQyMDdkYWVmNDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvMTQ5ZDY0
LTgzYzQtNGE3ZS1iNGI1LTQ3NDIwN2RhZWY0My8xL0p4dmh3R3J4SHo3c0hjc1ph
OHFONTc4SS01Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9WIMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCEzjANBgkqhkiG9w0BAQsFAAOCAQEAh+aCdQrT7qhYQaEtWBPnFZjezij4Ggof
HXCxsaVc7458NqCJzhDngYEHN99+n4OEUUIe8NXaziQNLxTQT6NYm18rNa/Yrb4h
kBnWcURPNHKeLq45Qrz2kmygaW9a8mmeDYlIABRDqocjR+nTeCf/LGCSaA5qp9Ml
0b75/nmT1fCxnMFR+1aN1gZk8DwQfIxIQhewGaUdYY4yf/B/oGTXvukIlxW+f2U1
sB5UIeF0CyM33t9Ctv1KC0kr/v++Atqtsu+XHhOmrCN7aEdwY249jADN/vghLMYM
tVGuP+x6qnWVcSbpm5Uo9ObppKQ7HAev9tm1EOFxFWLE8dTkwnOtxA==
-----END CERTIFICATE-----