Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/LfWKpSbIHjLBuVm_yt8IwZrcQSw.cer
File:                     LfWKpSbIHjLBuVm_yt8IwZrcQSw.cer (raw, json)
Hash identifier:          o6rUEYdvgE1YptDsSxMnQVOKyUo8LMimvLlwWU1ZAzk=
Subject key identifier:   2D:F5:8A:A5:26:C8:1E:32:C1:B9:59:BF:CA:DF:08:C1:9A:DC:41:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7B36AD57818D6AD3D200CE1199177BE7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/12/2c8cc8-0fe2-491e-ad89-7e8b97528b1c/1/LfWKpSbIHjLBuVm_yt8IwZrcQSw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/12/2c8cc8-0fe2-491e-ad89-7e8b97528b1c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 20:18:59 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.254.208.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:ad:57:81:8d:6a:d3:d2:00:ce:11:99:17:7b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2df58aa526c81e32c1b959bfcadf08c19adc412c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c8:6e:a1:07:37:29:25:81:ec:b8:7d:54:0f:
                    de:74:81:d2:5b:c2:48:07:31:fd:a9:b3:00:c8:1d:
                    99:3b:0e:29:5e:1c:45:69:1f:19:65:8b:bd:93:ae:
                    22:53:e8:29:70:64:f2:5f:6d:38:d3:79:2c:5f:1f:
                    a6:fb:7c:50:4e:34:4b:52:bd:c9:88:5a:90:67:5a:
                    fb:b8:8d:1e:98:d5:c5:c2:78:10:4d:d9:4f:5b:0a:
                    9c:cc:b8:2d:c8:80:47:cb:91:06:c7:31:97:0f:b7:
                    c4:f3:fd:95:34:e6:b4:49:55:19:3c:16:63:b0:f5:
                    3b:86:5e:39:14:92:fd:0c:1e:0e:4d:f0:51:ed:bb:
                    ac:bc:05:9d:b3:88:5a:44:fa:aa:43:1b:b7:f6:bb:
                    cf:ac:7b:6e:85:f3:9a:74:86:42:15:3a:4d:7b:6d:
                    9f:88:c7:6c:d9:ac:cd:22:21:2d:10:42:bc:1d:2e:
                    79:f5:11:72:07:c4:0e:bc:6e:51:74:cc:51:07:de:
                    53:2d:1c:cd:12:ad:0b:23:90:b6:5a:85:f9:ea:eb:
                    90:29:cd:86:e0:1a:b1:19:3f:49:bb:24:4e:92:8d:
                    1a:0a:d2:9e:e6:11:e9:5f:a2:d7:99:87:f2:a1:f6:
                    1b:80:4f:6f:92:39:a7:09:66:ce:33:a7:38:76:87:
                    d0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F5:8A:A5:26:C8:1E:32:C1:B9:59:BF:CA:DF:08:C1:9A:DC:41:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2c8cc8-0fe2-491e-ad89-7e8b97528b1c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2c8cc8-0fe2-491e-ad89-7e8b97528b1c/1/LfWKpSbIHjLBuVm_yt8IwZrcQSw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.254.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:fe:b8:b4:3c:aa:80:45:68:9e:f7:0d:d8:fa:9f:da:64:db:
         19:1d:18:08:39:5c:cd:6b:81:97:54:53:80:0b:6a:c4:22:44:
         2e:d4:75:3b:e8:81:67:19:98:4b:da:90:69:03:e6:46:82:ed:
         96:36:15:6a:00:53:5d:71:95:b1:c6:31:85:d7:5c:d0:80:3d:
         34:09:b9:40:68:48:6d:58:1d:6b:b9:8e:99:13:99:37:1e:74:
         d2:1b:69:85:24:cc:4e:3b:3f:fd:c2:38:8d:ca:6d:8c:b2:bb:
         c7:7a:79:77:ca:1a:0c:78:f4:ba:cf:43:de:db:b4:84:c4:ae:
         93:fe:90:9e:c3:02:e3:5b:16:77:7b:3e:59:af:1a:59:56:e9:
         4a:14:1f:85:9b:07:77:4e:a3:27:3c:8a:ee:8b:f0:1e:93:f2:
         51:41:49:c9:ea:1c:e7:f4:4c:1c:4e:f5:df:5a:58:13:f1:5f:
         17:fa:83:5d:cc:ac:01:28:70:82:87:c6:8b:dc:6c:09:ec:20:
         dc:3f:67:01:8d:15:0a:f9:87:b6:bd:a8:11:1b:90:a8:43:57:
         ca:28:85:51:d1:51:d4:06:0f:01:a1:59:1c:09:cd:53:38:fa:
         b0:27:7b:e7:d6:ed:1a:3e:bc:33:4b:02:0e:fd:4c:80:26:3a:
         a9:45:0b:59
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt7Nq1XgY1q09IAzhGZF3vnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjAxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGY1OGFhNTI2YzgxZTMyYzFiOTU5YmZjYWRmMDhjMTlhZGM0MTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAychuoQc3KSWB7Lh9VA/edIHSW8JI
BzH9qbMAyB2ZOw4pXhxFaR8ZZYu9k64iU+gpcGTyX20403ksXx+m+3xQTjRLUr3J
iFqQZ1r7uI0emNXFwngQTdlPWwqczLgtyIBHy5EGxzGXD7fE8/2VNOa0SVUZPBZj
sPU7hl45FJL9DB4OTfBR7busvAWds4haRPqqQxu39rvPrHtuhfOadIZCFTpNe22f
iMds2azNIiEtEEK8HS559RFyB8QOvG5RdMxRB95TLRzNEq0LI5C2WoX56uuQKc2G
4BqxGT9JuyROko0aCtKe5hHpX6LXmYfyofYbgE9vkjmnCWbOM6c4dofQgwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFC31iqUmyB4ywblZv8rfCMGa3EEsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEyLzJjOGNj
OC0wZmUyLTQ5MWUtYWQ4OS03ZThiOTc1MjhiMWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIvMmM4Y2M4
LTBmZTItNDkxZS1hZDg5LTdlOGI5NzUyOGIxYy8xL0xmV0twU2JJSGpMQnVWbV95
dDhJd1pyY1FTdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwf7QMA0GCSqGSIb3DQEBCwUAA4IBAQA2/ri0
PKqARWie9w3Y+p/aZNsZHRgIOVzNa4GXVFOAC2rEIkQu1HU76IFnGZhL2pBpA+ZG
gu2WNhVqAFNdcZWxxjGF11zQgD00CblAaEhtWB1ruY6ZE5k3HnTSG2mFJMxOOz/9
wjiNym2MsrvHenl3yhoMePS6z0Pe27SExK6T/pCewwLjWxZ3ez5ZrxpZVulKFB+F
mwd3TqMnPIrui/Aek/JRQUnJ6hzn9EwcTvXfWlgT8V8X+oNdzKwBKHCCh8aL3GwJ
7CDcP2cBjRUK+Ye2vagRG5CoQ1fKKIVR0VHUBg8BoVkcCc1TOPqwJ3vn1u0aPrwz
SwIO/UyAJjqpRQtZ
-----END CERTIFICATE-----