Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PcecfAfUNfoA8sfKCx5QZk2gTUg.cer
File:                     PcecfAfUNfoA8sfKCx5QZk2gTUg.cer (raw, json)
Hash identifier:          8puD6oYQuwxLkxt4KfMJd714yQes6EYrtJ+RU2VfspI=
Subject key identifier:   3D:C7:9C:7C:07:D4:35:FA:00:F2:C7:CA:0B:1E:50:66:4D:A0:4D:48
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019CF5C994D79176CA5BAEC31AF7F60D86A9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/PcecfAfUNfoA8sfKCx5QZk2gTUg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 16 Mar 2026 08:35:54 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 44867
                          IP: 195.66.113.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:c9:94:d7:91:76:ca:5b:ae:c3:1a:f7:f6:0d:86:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 16 08:35:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3dc79c7c07d435fa00f2c7ca0b1e50664da04d48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6b:e4:91:93:cd:ef:b4:e0:c2:9a:66:22:35:
                    57:67:cd:4e:ef:63:22:5b:85:88:d2:02:d0:37:39:
                    58:27:b3:cc:7a:89:bb:33:43:a0:7c:d0:97:20:87:
                    ae:81:6e:fc:d9:d2:15:66:5c:ba:ed:17:be:f8:4d:
                    d2:e0:f8:50:8e:30:9a:71:0a:fd:1c:8a:41:b7:84:
                    67:f3:a8:00:2e:ed:f3:8e:1a:f6:06:0d:01:08:eb:
                    1e:cb:f0:1b:32:f7:65:53:3f:2b:12:91:d0:c9:4d:
                    48:36:b9:66:11:80:f6:e6:de:2d:40:d3:ea:0a:1d:
                    f5:69:2e:c7:98:43:42:61:82:78:70:54:76:fa:13:
                    8c:2d:66:48:5b:69:36:7a:64:89:b3:e8:f1:e9:1a:
                    96:57:81:1b:bb:b0:80:a6:28:c5:1a:06:ea:96:b7:
                    08:b2:39:25:e9:a4:ba:c1:bd:53:20:19:d4:c1:19:
                    af:00:ee:81:fc:72:fe:ad:ec:19:9e:ae:e5:4b:77:
                    6c:67:fa:40:fa:c7:f4:b1:88:37:4a:f9:35:28:5b:
                    1a:b4:74:ea:0b:c0:fa:6d:49:5f:71:71:01:be:bf:
                    93:aa:76:67:6f:e2:8c:fb:b9:b7:0a:d9:d0:f2:e3:
                    ba:7c:cb:55:c3:de:4e:46:7e:94:cd:54:85:40:4e:
                    7f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C7:9C:7C:07:D4:35:FA:00:F2:C7:CA:0B:1E:50:66:4D:A0:4D:48
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/207da3-8a9e-4c1c-93c9-8eb854c9fc8d/1/PcecfAfUNfoA8sfKCx5QZk2gTUg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.113.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  44867

    Signature Algorithm: sha256WithRSAEncryption
         8e:f1:cd:d4:2e:be:52:e9:66:45:fb:74:1b:ca:f4:47:8b:c4:
         33:24:15:c4:21:20:98:a5:42:4b:0d:14:d3:6e:1a:71:18:63:
         57:e9:da:49:c8:a6:57:5c:48:46:9a:90:6e:f5:e6:83:e4:3c:
         67:8c:35:a9:e6:8a:7e:c4:3c:1e:f0:a2:3b:62:db:81:e3:f4:
         79:49:56:50:b8:b4:1b:d5:74:53:d8:48:40:1b:ab:46:7b:89:
         6f:68:b6:57:3d:bb:e1:f0:53:57:24:20:8a:a2:99:a5:e1:9e:
         35:22:3a:be:bc:ac:1f:a5:60:8c:74:12:c0:7f:c0:a7:a0:9d:
         58:47:86:f8:9c:e5:ac:a3:ab:9a:08:74:12:8f:00:05:e3:54:
         23:8f:2d:27:2f:d3:3c:f3:3e:7b:22:e2:84:ae:bc:98:53:9e:
         b8:7a:4a:9d:88:52:78:ce:cb:30:97:87:6e:2c:3f:d8:ba:35:
         f3:b6:91:c7:b8:9f:bd:52:24:e0:70:c9:39:0b:e0:18:f1:7c:
         11:b3:e4:c2:eb:68:3e:bc:49:c1:7a:25:18:49:1b:6a:35:7e:
         aa:bf:3c:40:90:5c:0a:f3:eb:5d:e4:5b:b0:ca:b5:9d:b1:f2:
         20:1c:66:02:b5:8e:d9:11:68:8b:31:8e:ab:90:d8:f3:fa:8e:
         a3:e6:aa:5a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZz1yZTXkXbKW67DGvf2DYapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMzE2MDgzNTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGM3OWM3YzA3ZDQzNWZhMDBmMmM3Y2EwYjFlNTA2NjRkYTA0ZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmvkkZPN77TgwppmIjVXZ81O72Mi
W4WI0gLQNzlYJ7PMeom7M0OgfNCXIIeugW782dIVZly67Re++E3S4PhQjjCacQr9
HIpBt4Rn86gALu3zjhr2Bg0BCOsey/AbMvdlUz8rEpHQyU1INrlmEYD25t4tQNPq
Ch31aS7HmENCYYJ4cFR2+hOMLWZIW2k2emSJs+jx6RqWV4Ebu7CApijFGgbqlrcI
sjkl6aS6wb1TIBnUwRmvAO6B/HL+rewZnq7lS3dsZ/pA+sf0sYg3Svk1KFsatHTq
C8D6bUlfcXEBvr+TqnZnb+KM+7m3CtnQ8uO6fMtVw95ORn6UzVSFQE5/3QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFD3HnHwH1DX6APLHygseUGZNoE1IMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliLzIwN2Rh
My04YTllLTRjMWMtOTNjOS04ZWI4NTRjOWZjOGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvMjA3ZGEz
LThhOWUtNGMxYy05M2M5LThlYjg1NGM5ZmM4ZC8xL1BjZWNmQWZVTmZvQThzZktD
eDVRWmsyZ1RVZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw0JxMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCvQzANBgkqhkiG9w0BAQsFAAOCAQEAjvHN1C6+UulmRft0G8r0R4vEMyQVxCEg
mKVCSw0U024acRhjV+naScimV1xIRpqQbvXmg+Q8Z4w1qeaKfsQ8HvCiO2LbgeP0
eUlWULi0G9V0U9hIQBurRnuJb2i2Vz274fBTVyQgiqKZpeGeNSI6vrysH6VgjHQS
wH/Ap6CdWEeG+JzlrKOrmgh0Eo8ABeNUI48tJy/TPPM+eyLihK68mFOeuHpKnYhS
eM7LMJeHbiw/2Lo187aRx7ifvVIk4HDJOQvgGPF8EbPkwutoPrxJwXolGEkbajV+
qr88QJBcCvPrXeRbsMq1nbHyIBxmArWO2RFoizGOq5DY8/qOo+aqWg==
-----END CERTIFICATE-----