Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KQHXZDHG6HPTxEcwVx4eUNYCBXw.cer
File:                     KQHXZDHG6HPTxEcwVx4eUNYCBXw.cer (raw, json)
Hash identifier:          Gy5LKnUlR3iJ00dTl0112Ph1ITngcTmg89CZODGhXCY=
Subject key identifier:   29:01:D7:64:31:C6:E8:73:D3:C4:47:30:57:1E:1E:50:D6:02:05:7C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7B36A72651A3C1A4652C07D1FE0E28A5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/69/05c3a1-c8fe-40ff-9c52-3e6f0324410a/1/KQHXZDHG6HPTxEcwVx4eUNYCBXw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/69/05c3a1-c8fe-40ff-9c52-3e6f0324410a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 20:18:57 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 212037
                          IP: 2001:67c:1680::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:a7:26:51:a3:c1:a4:65:2c:07:d1:fe:0e:28:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2901d76431c6e873d3c44730571e1e50d602057c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:9c:48:73:ed:d8:5d:11:02:12:e7:0e:b7:bc:
                    79:d2:56:40:f4:b2:48:b6:06:0c:0e:7d:a3:f4:57:
                    79:88:01:b2:83:6d:9c:cb:1a:ad:9e:e2:93:b0:75:
                    7d:a4:b3:a6:82:ca:60:0c:a0:fa:6b:25:46:99:58:
                    ef:0c:d9:01:ff:de:82:88:fc:e8:b8:c0:fd:fd:f5:
                    0c:09:64:1f:cd:cb:03:13:a9:60:f7:b4:08:d6:0b:
                    67:e6:ad:4b:9d:78:46:d4:e7:f0:6b:1d:3f:b2:d8:
                    da:c1:a4:36:a0:af:4a:a1:47:4d:95:8a:7d:54:91:
                    8b:76:44:b3:6d:6c:79:75:13:e4:9d:7c:2e:90:1a:
                    7b:c6:9f:0f:1a:6e:46:2d:a6:ad:33:b1:12:f2:11:
                    13:67:6b:61:4c:61:b7:66:8c:a8:ea:fd:d6:83:76:
                    4a:48:48:37:03:92:f0:d6:9f:71:9b:ad:3c:ab:0f:
                    4f:86:87:81:ad:93:de:7e:1b:4d:88:c9:5a:4b:6b:
                    48:4d:4f:ef:e9:d2:e2:19:87:69:a8:40:73:9c:91:
                    f4:ef:d9:37:cb:76:59:e4:30:bf:bb:83:9a:92:9e:
                    e4:c2:88:5b:c6:74:bf:48:71:e4:c0:46:24:1a:71:
                    f3:21:d6:da:dd:17:22:e9:75:5e:38:dd:c7:58:b4:
                    12:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:01:D7:64:31:C6:E8:73:D3:C4:47:30:57:1E:1E:50:D6:02:05:7C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/05c3a1-c8fe-40ff-9c52-3e6f0324410a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/05c3a1-c8fe-40ff-9c52-3e6f0324410a/1/KQHXZDHG6HPTxEcwVx4eUNYCBXw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1680::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212037

    Signature Algorithm: sha256WithRSAEncryption
         1d:67:6d:9a:c0:da:b8:dc:1b:b1:3d:97:d1:fb:24:3f:f1:ae:
         f6:6b:a0:b8:a8:f8:99:09:5a:70:c9:7e:19:40:17:90:5d:ff:
         40:5c:25:ee:8b:47:f1:70:2f:1b:5c:04:1a:98:d4:95:74:ae:
         a0:8d:ee:fa:ee:80:fa:9b:fb:38:0b:52:f2:9c:08:d5:f7:97:
         6d:fc:4a:e4:b0:f7:ae:9b:3e:ca:68:da:63:2a:90:63:dc:6c:
         c0:fb:87:15:2c:d7:af:a4:f6:f0:6f:80:40:26:15:a6:0e:f0:
         09:61:e5:ae:4b:64:82:49:37:78:0b:ca:da:40:3b:ea:30:ff:
         3a:17:ac:df:aa:2a:ad:9b:f0:52:84:d9:53:e1:20:53:71:ca:
         a6:90:04:4a:d6:c9:8e:9e:7b:33:c3:0c:4f:e8:b4:21:29:87:
         fc:e9:36:75:c7:61:f9:94:8c:2f:62:23:cb:2c:14:32:3f:ce:
         5c:9b:49:8d:1c:2c:f9:c9:9a:17:01:1c:25:f5:25:64:f2:3e:
         59:22:d5:9b:44:71:e2:44:fa:93:91:de:dc:b3:cb:af:b8:72:
         7f:31:86:58:c1:c5:ae:a2:96:cb:a9:c5:6b:0c:f4:fd:34:72:
         fd:73:e3:9b:45:76:b2:13:9c:72:34:d4:dd:5a:aa:87:3f:27:
         4b:76:f7:70
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZt7NqcmUaPBpGUsB9H+DiilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjAxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTAxZDc2NDMxYzZlODczZDNjNDQ3MzA1NzFlMWU1MGQ2MDIwNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JxIc+3YXRECEucOt7x50lZA9LJI
tgYMDn2j9Fd5iAGyg22cyxqtnuKTsHV9pLOmgspgDKD6ayVGmVjvDNkB/96CiPzo
uMD9/fUMCWQfzcsDE6lg97QI1gtn5q1LnXhG1Ofwax0/stjawaQ2oK9KoUdNlYp9
VJGLdkSzbWx5dRPknXwukBp7xp8PGm5GLaatM7ES8hETZ2thTGG3Zoyo6v3Wg3ZK
SEg3A5Lw1p9xm608qw9PhoeBrZPefhtNiMlaS2tITU/v6dLiGYdpqEBznJH079k3
y3ZZ5DC/u4Oakp7kwohbxnS/SHHkwEYkGnHzIdba3Rci6XVeON3HWLQSiwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFCkB12Qxxuhz08RHMFceHlDWAgV8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY5LzA1YzNh
MS1jOGZlLTQwZmYtOWM1Mi0zZTZmMDMyNDQxMGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvMDVjM2Ex
LWM4ZmUtNDBmZi05YzUyLTNlNmYwMzI0NDEwYS8xL0tRSFhaREhHNkhQVHhFY3dW
eDRlVU5ZQ0JYdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBaAMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM8RTANBgkqhkiG9w0BAQsFAAOCAQEAHWdtmsDauNwbsT2X0fskP/Gu9mug
uKj4mQlacMl+GUAXkF3/QFwl7otH8XAvG1wEGpjUlXSuoI3u+u6A+pv7OAtS8pwI
1feXbfxK5LD3rps+ymjaYyqQY9xswPuHFSzXr6T28G+AQCYVpg7wCWHlrktkgkk3
eAvK2kA76jD/Ohes36oqrZvwUoTZU+EgU3HKppAEStbJjp57M8MMT+i0ISmH/Ok2
dcdh+ZSML2IjyywUMj/OXJtJjRws+cmaFwEcJfUlZPI+WSLVm0Rx4kT6k5He3LPL
r7hyfzGGWMHFrqKWy6nFawz0/TRy/XPjm0V2shOccjTU3Vqqhz8nS3b3cA==
-----END CERTIFICATE-----