Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/LZrhAubK20caMKDIWTPgOQvy-co.cer
File:                     LZrhAubK20caMKDIWTPgOQvy-co.cer (raw, json)
Hash identifier:          oNhSjs6PnHoklSHBxc4VjeaurpZD6P4b7lM0Y/9MkrU=
Subject key identifier:   2D:9A:E1:02:E6:CA:DB:47:1A:30:A0:C8:59:33:E0:39:0B:F2:F9:CA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5B7DA4B1F5EAD736C397711FB94A35
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/LZrhAubK20caMKDIWTPgOQvy-co.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:18:26 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 185.21.72.0/22
                          IP: 2a00:40e0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:7d:a4:b1:f5:ea:d7:36:c3:97:71:1f:b9:4a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d9ae102e6cadb471a30a0c85933e0390bf2f9ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:40:5e:94:7b:ef:bf:02:bf:1a:17:a5:bd:d0:
                    78:d3:f2:23:ce:ff:cb:2a:80:16:b8:f7:6d:73:d0:
                    8d:66:4f:b7:b5:58:ca:c1:60:10:bb:1f:7d:a3:af:
                    bf:1a:dc:2d:98:a8:ef:2c:aa:73:9f:41:e9:d8:e6:
                    60:2c:17:b6:60:76:a7:68:bb:44:1a:7b:34:e7:41:
                    69:63:eb:1a:32:7b:c2:bb:8f:16:a6:5f:45:d0:bd:
                    84:55:87:94:eb:b1:8d:23:db:c2:9e:36:7d:ba:50:
                    6d:a8:08:51:dc:0e:95:66:fd:d8:a7:14:4d:83:d3:
                    bd:a1:43:ec:7f:eb:19:61:7f:c9:13:a0:ef:eb:32:
                    63:8d:d1:21:03:88:ff:60:38:b8:99:81:61:21:75:
                    5b:15:04:77:7f:c9:b7:1c:e0:8e:ed:72:58:dc:a6:
                    f9:45:c9:fd:8d:da:8f:c5:f2:d1:40:47:83:36:21:
                    10:da:cb:f3:8a:85:2b:0c:e2:c8:c0:b7:23:9f:91:
                    07:f3:78:65:3f:b7:ce:3b:59:bb:b6:f5:63:99:0a:
                    fa:ad:2b:3f:48:b1:9a:dd:c3:55:6f:06:d2:67:35:
                    a6:4d:3b:31:70:1e:ca:46:43:31:82:3b:7a:47:61:
                    62:51:e1:ba:9b:08:af:35:ac:4a:81:36:ae:42:5d:
                    9f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:9A:E1:02:E6:CA:DB:47:1A:30:A0:C8:59:33:E0:39:0B:F2:F9:CA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/LZrhAubK20caMKDIWTPgOQvy-co.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.72.0/22
                IPv6:
                  2a00:40e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:81:65:e9:f2:2b:96:78:92:c4:b7:ce:4d:7c:2b:a6:0f:28:
         2b:52:89:e1:fd:ab:eb:6d:32:31:6d:e9:c1:b8:eb:aa:7c:d1:
         03:39:aa:a6:36:5f:19:5e:fa:a9:78:9d:04:74:30:03:f1:1c:
         6c:37:f0:d7:aa:e4:eb:ae:d5:85:d1:1b:9f:77:f6:c4:c7:18:
         9e:9b:fe:39:46:c9:bb:4c:bb:4a:dc:e4:23:32:6d:d2:3f:99:
         75:63:1b:e5:1b:cc:bc:20:0b:8c:c6:cd:2f:f4:0f:08:f6:6b:
         e4:a1:8a:06:55:f4:39:be:85:99:b4:22:08:b0:5b:83:74:75:
         29:30:a4:b2:43:81:9d:aa:7e:53:97:f1:49:c6:88:ec:76:a4:
         cd:6e:95:44:01:1a:79:1b:08:df:ee:d9:3a:e9:88:a1:ea:9e:
         9b:94:69:bb:8a:67:7b:cf:52:ee:d6:c9:3c:b9:49:38:b6:b0:
         6c:5f:88:f4:90:1d:41:bf:c9:df:d7:fd:52:2c:ab:66:6e:d1:
         5a:0b:7e:60:4f:34:0f:5e:3f:72:73:23:2c:32:e4:18:05:54:
         ab:7b:9e:d7:f9:fc:fa:30:66:91:cc:fb:85:95:b3:c6:ce:1a:
         e3:bb:36:96:61:5f:36:1b:dc:03:c5:8d:4f:b2:9a:2c:4f:fb:
         c9:a7:05:ec
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZt9W32ksfXq1zbDl3EfuUo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDlhZTEwMmU2Y2FkYjQ3MWEzMGEwYzg1OTMzZTAzOTBiZjJmOWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEBelHvvvwK/GhelvdB40/Ijzv/L
KoAWuPdtc9CNZk+3tVjKwWAQux99o6+/GtwtmKjvLKpzn0Hp2OZgLBe2YHanaLtE
Gns050FpY+saMnvCu48Wpl9F0L2EVYeU67GNI9vCnjZ9ulBtqAhR3A6VZv3YpxRN
g9O9oUPsf+sZYX/JE6Dv6zJjjdEhA4j/YDi4mYFhIXVbFQR3f8m3HOCO7XJY3Kb5
Rcn9jdqPxfLRQEeDNiEQ2svzioUrDOLIwLcjn5EH83hlP7fOO1m7tvVjmQr6rSs/
SLGa3cNVbwbSZzWmTTsxcB7KRkMxgjt6R2FiUeG6mwivNaxKgTauQl2fCwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFC2a4QLmyttHGjCgyFkz4DkL8vnKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk5Lzc1MTRk
Ni01OWRlLTQ2MGUtOGUyZi1mZmNlZTE1MzM1NzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkvNzUxNGQ2
LTU5ZGUtNDYwZS04ZTJmLWZmY2VlMTUzMzU3Ny8xL0xacmhBdWJLMjBjYU1LRElX
VFBnT1F2eS1jby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuRVIMA0EAgACMAcDBQAqAEDgMA0GCSqGSIb3
DQEBCwUAA4IBAQCZgWXp8iuWeJLEt85NfCumDygrUonh/avrbTIxbenBuOuqfNED
OaqmNl8ZXvqpeJ0EdDAD8RxsN/DXquTrrtWF0Rufd/bExxiem/45Rsm7TLtK3OQj
Mm3SP5l1YxvlG8y8IAuMxs0v9A8I9mvkoYoGVfQ5voWZtCIIsFuDdHUpMKSyQ4Gd
qn5Tl/FJxojsdqTNbpVEARp5Gwjf7tk66Yih6p6blGm7imd7z1Lu1sk8uUk4trBs
X4j0kB1Bv8nf1/1SLKtmbtFaC35gTzQPXj9ycyMsMuQYBVSre57X+fz6MGaRzPuF
lbPGzhrjuzaWYV82G9wDxY1PsposT/vJpwXs
-----END CERTIFICATE-----