Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PFL4wX30b4YzYOAy-p0xaJ5K9vE.cer
File:                     PFL4wX30b4YzYOAy-p0xaJ5K9vE.cer (raw, json)
Hash identifier:          XqDRZJun4aLC80uGmDAHvpaUxlWwnqTS44EyHYbDGMs=
Subject key identifier:   3C:52:F8:C1:7D:F4:6F:86:33:60:E0:32:FA:9D:31:68:9E:4A:F6:F1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7CEDD0385DD79E89981271485D28E7A6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c1/901012-0e2c-41ba-8734-bf06d7873f02/1/PFL4wX30b4YzYOAy-p0xaJ5K9vE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c1/901012-0e2c-41ba-8734-bf06d7873f02/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 04:18:38 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.243.162.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:d0:38:5d:d7:9e:89:98:12:71:48:5d:28:e7:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c52f8c17df46f863360e032fa9d31689e4af6f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:48:fd:f8:cc:4f:0b:ca:52:86:e8:a5:64:15:
                    69:9d:e5:34:2f:b3:c7:e4:e0:cd:10:35:ea:fe:02:
                    79:30:4b:bf:ac:98:e1:16:c5:08:fa:8e:02:fc:3b:
                    3b:64:80:2a:15:7b:23:fa:72:9b:66:2d:16:c3:01:
                    4b:a2:78:be:6f:57:e4:5a:d6:d5:47:a3:c0:70:33:
                    6b:af:57:40:0f:27:38:d5:22:43:af:37:7e:ea:ee:
                    b6:9e:a9:66:00:50:0e:81:8d:6d:7f:dc:b5:07:b3:
                    2a:1e:09:0b:3b:46:7d:90:92:6c:4e:d4:f8:fd:eb:
                    20:4c:14:04:bd:7f:26:3b:4e:c0:28:ba:90:93:af:
                    4e:74:e9:cf:ca:a4:f8:cf:bb:a5:57:dd:ab:68:3b:
                    0a:ca:b3:66:7e:3c:86:23:c5:e0:f2:f0:71:02:ed:
                    b1:4c:98:3e:d0:d6:9c:1c:08:84:1f:c3:ae:28:d4:
                    13:bc:43:70:fc:56:6c:7a:d2:ff:55:38:79:90:4f:
                    96:c9:33:f5:de:bc:a1:ed:aa:04:48:40:97:59:37:
                    13:e5:49:05:21:b7:1a:d5:af:88:cc:37:47:14:49:
                    ec:b1:15:e5:f3:68:d5:18:68:5b:a0:b8:ef:04:90:
                    14:e4:70:91:38:31:ec:ef:f8:5f:25:99:b3:41:cb:
                    12:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:52:F8:C1:7D:F4:6F:86:33:60:E0:32:FA:9D:31:68:9E:4A:F6:F1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/901012-0e2c-41ba-8734-bf06d7873f02/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/901012-0e2c-41ba-8734-bf06d7873f02/1/PFL4wX30b4YzYOAy-p0xaJ5K9vE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.243.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:0b:f8:4d:e5:d3:71:68:9f:6f:55:1a:30:2d:68:de:ad:8b:
         55:cb:ca:06:20:2f:d1:56:f1:5a:9e:3d:fe:2b:ea:ad:2b:4a:
         d9:35:64:05:ae:24:54:17:1a:cb:e9:c3:a5:88:41:0a:9d:ac:
         f6:69:e3:e9:52:6c:49:5d:37:52:f4:15:1d:4c:aa:9e:da:ef:
         8a:78:75:2e:3a:5e:85:46:16:44:39:5a:51:86:c3:68:a0:63:
         1c:64:d8:e7:08:35:7b:0f:cc:af:c9:57:ec:fb:5d:f1:eb:2d:
         80:80:c7:af:5b:48:07:18:f7:e3:04:28:b8:2f:d0:af:d2:22:
         5b:ef:d9:96:e1:03:7c:d2:b8:c7:a6:69:11:bb:7b:cc:c3:34:
         0a:4e:25:f8:e8:18:e5:6b:99:d3:e9:2a:b8:d5:95:54:5c:f9:
         d9:90:35:d2:7b:21:bd:e3:d9:1f:28:38:0f:12:3e:49:31:13:
         7d:71:68:ea:7f:68:cd:6b:f7:80:62:dc:ea:29:b0:df:b9:12:
         e6:54:ad:94:26:ff:fb:5f:56:af:18:c1:26:26:34:8e:d6:84:
         a1:03:4f:83:f7:b8:01:af:80:18:a2:ba:23:8f:6d:5d:04:c7:
         93:d1:40:36:36:55:9d:7c:f8:eb:0d:99:47:84:c0:82:c6:b4:
         33:bb:41:d4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt87dA4XdeeiZgScUhdKOemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDQxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzUyZjhjMTdkZjQ2Zjg2MzM2MGUwMzJmYTlkMzE2ODllNGFmNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA70j9+MxPC8pShuilZBVpneU0L7PH
5ODNEDXq/gJ5MEu/rJjhFsUI+o4C/Ds7ZIAqFXsj+nKbZi0WwwFLoni+b1fkWtbV
R6PAcDNrr1dADyc41SJDrzd+6u62nqlmAFAOgY1tf9y1B7MqHgkLO0Z9kJJsTtT4
/esgTBQEvX8mO07AKLqQk69OdOnPyqT4z7ulV92raDsKyrNmfjyGI8Xg8vBxAu2x
TJg+0NacHAiEH8OuKNQTvENw/FZsetL/VTh5kE+WyTP13ryh7aoESECXWTcT5UkF
Ibca1a+IzDdHFEnssRXl82jVGGhboLjvBJAU5HCRODHs7/hfJZmzQcsSgwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFDxS+MF99G+GM2DgMvqdMWieSvbxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxLzkwMTAx
Mi0wZTJjLTQxYmEtODczNC1iZjA2ZDc4NzNmMDIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzEvOTAxMDEy
LTBlMmMtNDFiYS04NzM0LWJmMDZkNzg3M2YwMi8xL1BGTDR3WDMwYjRZellPQXkt
cDB4YUo1Szl2RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwfOiMA0GCSqGSIb3DQEBCwUAA4IBAQAwC/hN
5dNxaJ9vVRowLWjerYtVy8oGIC/RVvFanj3+K+qtK0rZNWQFriRUFxrL6cOliEEK
naz2aePpUmxJXTdS9BUdTKqe2u+KeHUuOl6FRhZEOVpRhsNooGMcZNjnCDV7D8yv
yVfs+13x6y2AgMevW0gHGPfjBCi4L9Cv0iJb79mW4QN80rjHpmkRu3vMwzQKTiX4
6Bjla5nT6Sq41ZVUXPnZkDXSeyG949kfKDgPEj5JMRN9cWjqf2jNa/eAYtzqKbDf
uRLmVK2UJv/7X1avGMEmJjSO1oShA0+D97gBr4AYorojj21dBMeT0UA2NlWdfPjr
DZlHhMCCxrQzu0HU
-----END CERTIFICATE-----