Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Kbh1W8U-8XdGvSlu8oupAM2Y--A.cer
File:                     Kbh1W8U-8XdGvSlu8oupAM2Y--A.cer (raw, json)
Hash identifier:          u3IPYvkzQiRIOLWblZyx1LPT/DPXX/WmI4eu48ocRU0=
Subject key identifier:   29:B8:75:5B:C5:3E:F1:77:46:BD:29:6E:F2:8B:A9:00:CD:98:FB:E0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01999BE945DD26DB2F8FBB25BBC6C8C8E5DF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0c/068231-7cfc-4068-86b5-9ab4ad8b4ff4/1/Kbh1W8U-8XdGvSlu8oupAM2Y--A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0c/068231-7cfc-4068-86b5-9ab4ad8b4ff4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 30 Sep 2025 18:36:20 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 205018
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:e9:45:dd:26:db:2f:8f:bb:25:bb:c6:c8:c8:e5:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 30 18:36:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29b8755bc53ef17746bd296ef28ba900cd98fbe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fe:bd:74:eb:4a:d5:20:1f:54:d5:3e:af:8e:
                    a2:be:5c:05:e5:c9:23:e6:a1:f9:e2:57:24:2b:c2:
                    f3:bd:11:6e:97:e4:2d:3c:48:98:6d:5c:af:93:cc:
                    54:1f:b5:20:d3:0b:3c:74:95:e2:37:59:49:c5:87:
                    8d:3d:71:91:0e:f5:6f:25:a4:ba:5a:06:3d:5c:8b:
                    ed:d8:fa:3d:d6:7b:31:13:0f:b2:05:77:80:49:fe:
                    94:e9:d1:ab:41:93:be:8f:4a:da:f4:4f:ab:d8:83:
                    70:6d:9a:40:5c:61:1d:08:97:53:6d:20:a3:e8:53:
                    2f:4a:08:2b:b4:a8:d1:fa:cd:7f:b5:d3:55:79:89:
                    df:3f:bd:35:77:a2:6f:9f:07:da:10:c0:5c:a8:33:
                    26:35:ca:f2:6c:dc:d8:b7:ae:d1:85:43:c1:06:a1:
                    49:31:fb:87:07:0e:38:d4:a9:34:e3:7e:42:0f:70:
                    45:2a:6c:f2:c9:f6:37:1a:8c:42:6b:79:bc:9a:90:
                    f3:13:a1:53:3f:5e:97:60:23:18:7a:e8:46:b1:8a:
                    c9:6f:ae:64:1e:df:aa:ee:7b:8a:b0:7f:72:25:07:
                    7a:bd:bb:55:1c:58:1b:11:b8:fa:96:a8:94:60:34:
                    36:5e:81:03:70:e2:ef:4b:57:bb:7d:dd:2b:4f:66:
                    a9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B8:75:5B:C5:3E:F1:77:46:BD:29:6E:F2:8B:A9:00:CD:98:FB:E0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/068231-7cfc-4068-86b5-9ab4ad8b4ff4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/068231-7cfc-4068-86b5-9ab4ad8b4ff4/1/Kbh1W8U-8XdGvSlu8oupAM2Y--A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205018

    Signature Algorithm: sha256WithRSAEncryption
         8d:f5:ee:32:77:7b:c9:02:12:ee:69:c2:b8:0f:c9:d4:ca:7e:
         d7:88:95:d7:44:fe:86:57:af:54:c7:73:77:47:a3:c0:e9:25:
         bc:96:dc:1e:89:b1:9a:12:55:7f:eb:d7:74:05:8d:c6:60:0f:
         48:bb:66:4e:95:50:24:17:c6:b6:4b:b6:f4:58:5c:12:12:cf:
         6e:1f:6c:03:5c:5d:5d:3e:92:46:c9:9a:49:75:ab:de:b1:f7:
         ea:60:e6:bf:5f:e3:96:47:a3:3d:1e:f7:d5:79:b0:a1:ed:a6:
         95:92:66:22:fe:fb:38:1e:2f:d9:a2:6e:75:60:da:a3:06:19:
         29:75:82:4c:14:a3:e5:43:d6:ce:f3:70:4f:43:18:df:e0:60:
         b7:ce:86:47:77:07:62:21:88:2d:39:18:3a:24:98:09:73:6c:
         fc:ab:72:08:30:e4:d1:65:17:b4:35:7e:c4:79:14:e8:c6:a4:
         95:e3:aa:27:4a:78:8a:dd:b5:73:c0:f2:b7:3f:e3:62:b2:fb:
         e4:2c:74:55:39:87:c5:1a:f8:ca:b6:c7:2e:53:02:f6:84:41:
         99:01:1d:3d:e8:65:86:de:e1:45:42:2c:e3:81:5b:a9:1a:3b:
         1b:4b:2d:fb:e0:d8:dc:e4:13:3a:59:ff:46:f1:bb:04:fe:57:
         75:2f:0c:86
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZmb6UXdJtsvj7slu8bIyOXfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwOTMwMTgzNjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWI4NzU1YmM1M2VmMTc3NDZiZDI5NmVmMjhiYTkwMGNkOThmYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/69dOtK1SAfVNU+r46ivlwF5ckj
5qH54lckK8LzvRFul+QtPEiYbVyvk8xUH7Ug0ws8dJXiN1lJxYeNPXGRDvVvJaS6
WgY9XIvt2Po91nsxEw+yBXeASf6U6dGrQZO+j0ra9E+r2INwbZpAXGEdCJdTbSCj
6FMvSggrtKjR+s1/tdNVeYnfP701d6JvnwfaEMBcqDMmNcrybNzYt67RhUPBBqFJ
MfuHBw441Kk0435CD3BFKmzyyfY3GoxCa3m8mpDzE6FTP16XYCMYeuhGsYrJb65k
Ht+q7nuKsH9yJQd6vbtVHFgbEbj6lqiUYDQ2XoEDcOLvS1e7fd0rT2apgQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCm4dVvFPvF3Rr0pbvKLqQDNmPvgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBjLzA2ODIz
MS03Y2ZjLTQwNjgtODZiNS05YWI0YWQ4YjRmZjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMvMDY4MjMx
LTdjZmMtNDA2OC04NmI1LTlhYjRhZDhiNGZmNC8xL0tiaDFXOFUtOFhkR3ZTbHU4
b3VwQU0yWS0tQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMg2jANBgkqhkiG9w0BAQsFAAOCAQEAjfXuMnd7yQIS
7mnCuA/J1Mp+14iV10T+hlevVMdzd0ejwOklvJbcHomxmhJVf+vXdAWNxmAPSLtm
TpVQJBfGtku29FhcEhLPbh9sA1xdXT6SRsmaSXWr3rH36mDmv1/jlkejPR731Xmw
oe2mlZJmIv77OB4v2aJudWDaowYZKXWCTBSj5UPWzvNwT0MY3+Bgt86GR3cHYiGI
LTkYOiSYCXNs/KtyCDDk0WUXtDV+xHkU6MakleOqJ0p4it21c8Dytz/jYrL75Cx0
VTmHxRr4yrbHLlMC9oRBmQEdPehlht7hRUIs44FbqRo7G0st++DY3OQTOln/RvG7
BP5XdS8Mhg==
-----END CERTIFICATE-----