Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OcUbkTH248JZr53Qrb9U9xokmO8.cer
File:                     OcUbkTH248JZr53Qrb9U9xokmO8.cer (raw, json)
Hash identifier:          jXvhR7pKjagSvhhQIqsViFjiQTHM17cwrxQPdMy27aY=
Subject key identifier:   39:C5:1B:91:31:F6:E3:C2:59:AF:9D:D0:AD:BF:54:F7:1A:24:98:EF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C12FECACC6CD0625980F18540475D6B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/OcUbkTH248JZr53Qrb9U9xokmO8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 00:19:38 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 2.56.156.0/22
                          IP: 2a09:c6c0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:fe:ca:cc:6c:d0:62:59:80:f1:85:40:47:5d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:19:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=39c51b9131f6e3c259af9dd0adbf54f71a2498ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8b:66:8e:c5:19:9f:4e:69:18:92:7a:3a:dc:
                    f6:e6:4e:69:31:55:f5:9f:48:05:9a:9d:37:bd:10:
                    e8:09:95:73:3f:9e:61:65:f8:ca:f3:70:02:ed:3f:
                    a3:9a:25:73:4e:98:07:15:33:0e:01:7c:8a:be:93:
                    ec:93:92:4c:30:9e:d8:94:0f:a6:53:48:72:22:56:
                    96:41:90:01:f5:ac:51:17:35:4e:66:7e:6b:0c:5f:
                    41:26:f9:a6:de:67:7f:16:85:dc:09:e1:76:3a:6a:
                    7c:ce:ba:66:c3:af:19:a6:9d:73:49:3a:92:40:bc:
                    b8:3c:c2:8f:03:04:b4:c6:b2:62:68:d1:8b:de:17:
                    7f:7b:1b:80:5f:c7:19:19:0c:19:bd:f3:d7:92:a2:
                    d0:7d:d2:9a:fa:aa:89:7f:2d:a7:71:b6:bd:83:2d:
                    1c:ae:a0:39:7b:65:b9:4c:b4:34:31:f1:8d:b0:b4:
                    1d:db:29:8f:0e:4e:70:3e:fc:6d:95:52:bc:27:33:
                    18:f5:96:65:6b:75:f1:f6:37:e6:3a:e5:de:a5:63:
                    ef:11:0b:a4:15:e3:82:3c:75:2b:10:01:1c:f3:e8:
                    80:46:52:41:d5:5b:02:74:2b:20:83:c7:cc:61:3c:
                    b1:f8:c0:b9:d5:d0:10:ff:10:7b:90:ba:84:a2:52:
                    7c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C5:1B:91:31:F6:E3:C2:59:AF:9D:D0:AD:BF:54:F7:1A:24:98:EF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/OcUbkTH248JZr53Qrb9U9xokmO8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.156.0/22
                IPv6:
                  2a09:c6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:2d:6e:23:e3:af:af:f3:86:76:0d:5d:92:da:ae:94:5e:01:
         e2:4c:53:e8:82:e2:5f:30:04:00:61:e7:86:5c:62:28:11:81:
         c9:e3:57:ec:d7:7b:6c:ab:ec:98:d3:37:3c:4f:dd:e6:46:2e:
         e7:76:79:61:3a:a8:87:6f:22:44:5e:2a:5c:2a:d2:b1:57:b1:
         57:8c:3f:6b:9c:08:b8:78:ba:e6:54:ca:81:4b:75:5a:a0:3f:
         4d:ee:47:ed:67:9e:5b:48:e5:bb:2d:53:8a:59:7d:ad:bb:c5:
         df:e0:1c:13:35:d0:35:bf:ab:f2:da:d5:94:b5:34:19:da:9f:
         1a:2a:87:2d:a4:c0:2c:9e:13:28:f4:ea:c7:3b:ce:66:75:86:
         42:05:5f:02:b7:4f:ad:6b:57:a9:f6:2f:40:2a:f1:59:ff:bd:
         06:b2:18:01:ea:96:56:3d:41:de:05:94:aa:2c:92:6a:15:5b:
         68:4f:c2:c3:f0:0f:98:e7:72:49:b6:18:42:d8:18:80:71:20:
         33:86:40:21:70:89:9c:8b:30:e5:a9:27:55:0d:38:07:13:df:
         55:3a:00:4a:fb:1a:fc:8b:21:65:08:05:bd:dd:62:37:5d:dc:
         11:b7:aa:a8:26:cc:8b:fb:41:01:af:07:b9:80:21:5a:7d:d7:
         61:e9:5e:19
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZt8Ev7KzGzQYlmA8YVAR11rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDAxOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM1MWI5MTMxZjZlM2MyNTlhZjlkZDBhZGJmNTRmNzFhMjQ5OGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYtmjsUZn05pGJJ6Otz25k5pMVX1
n0gFmp03vRDoCZVzP55hZfjK83AC7T+jmiVzTpgHFTMOAXyKvpPsk5JMMJ7YlA+m
U0hyIlaWQZAB9axRFzVOZn5rDF9BJvmm3md/FoXcCeF2Omp8zrpmw68Zpp1zSTqS
QLy4PMKPAwS0xrJiaNGL3hd/exuAX8cZGQwZvfPXkqLQfdKa+qqJfy2ncba9gy0c
rqA5e2W5TLQ0MfGNsLQd2ymPDk5wPvxtlVK8JzMY9ZZla3Xx9jfmOuXepWPvEQuk
FeOCPHUrEAEc8+iARlJB1VsCdCsgg8fMYTyx+MC51dAQ/xB7kLqEolJ8AQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDnFG5Ex9uPCWa+d0K2/VPcaJJjvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZkLzNhMDhj
My1lZGIwLTQ3NWQtYjg3MC03MzBjNGQ0NzJhOGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQvM2EwOGMz
LWVkYjAtNDc1ZC1iODcwLTczMGM0ZDQ3MmE4YS8xL09jVWJrVEgyNDhKWnI1M1Fy
YjlVOXhva21POC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCAjicMA0EAgACMAcDBQMqCcbAMA0GCSqGSIb3
DQEBCwUAA4IBAQBSLW4j46+v84Z2DV2S2q6UXgHiTFPoguJfMAQAYeeGXGIoEYHJ
41fs13tsq+yY0zc8T93mRi7ndnlhOqiHbyJEXipcKtKxV7FXjD9rnAi4eLrmVMqB
S3VaoD9N7kftZ55bSOW7LVOKWX2tu8Xf4BwTNdA1v6vy2tWUtTQZ2p8aKoctpMAs
nhMo9OrHO85mdYZCBV8Ct0+ta1ep9i9AKvFZ/70GshgB6pZWPUHeBZSqLJJqFVto
T8LD8A+Y53JJthhC2BiAcSAzhkAhcImcizDlqSdVDTgHE99VOgBK+xr8iyFlCAW9
3WI3XdwRt6qoJsyL+0EBrwe5gCFafddh6V4Z
-----END CERTIFICATE-----