Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q5OKPegDvWyR8UrZZ71BQbigKK8.cer
File:                     Q5OKPegDvWyR8UrZZ71BQbigKK8.cer (raw, json)
Hash identifier:          b7N2+/mzLte+uddVLe+PHN3KRPV6Oa3Rj5q+v1aMj30=
Subject key identifier:   43:93:8A:3D:E8:03:BD:6C:91:F1:4A:D9:67:BD:41:41:B8:A0:28:AF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7AC915C9DF1FC6B9B741566530DAF3BD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/Q5OKPegDvWyR8UrZZ71BQbigKK8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 18:19:17 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 203254
                          IP: 185.129.12.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:15:c9:df:1f:c6:b9:b7:41:56:65:30:da:f3:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43938a3de803bd6c91f14ad967bd4141b8a028af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:93:20:38:35:a9:26:c2:a3:56:b7:14:8c:a4:
                    d3:b3:46:62:01:22:e5:1c:42:6a:07:61:ec:70:66:
                    24:61:97:ff:32:f6:19:17:fb:c2:a1:d2:3f:dc:f5:
                    d8:e7:e5:1e:1c:00:ee:97:4b:ab:9e:9b:19:a6:b5:
                    3b:b9:53:83:99:03:ac:86:0f:0c:34:31:00:d7:4e:
                    b0:03:71:eb:37:51:ff:4b:6c:1f:e8:d4:15:10:d0:
                    51:a4:14:eb:b6:5a:31:f7:79:0a:b4:32:88:00:69:
                    99:dc:f2:53:ec:74:00:73:de:d7:53:63:a5:09:97:
                    68:e1:8a:c8:3d:86:fe:6f:2c:7f:51:96:c0:f9:5b:
                    49:64:b5:f4:5e:c5:56:c9:1e:c9:0e:b3:04:6b:42:
                    48:71:fe:14:0c:01:42:e0:0b:6e:c0:6f:80:70:a0:
                    c6:44:fd:88:99:7a:7c:16:2a:75:6d:7d:2f:79:f3:
                    41:51:76:3f:25:c8:c0:03:56:b9:69:cb:de:2e:2f:
                    40:14:f5:b0:04:de:63:bc:e5:af:3c:9c:c2:9b:14:
                    ea:ac:2d:8c:34:5c:35:a4:88:52:e9:6c:b6:30:43:
                    78:a9:f7:0c:fc:1b:94:85:af:e6:af:8b:5f:a1:ee:
                    99:8b:56:a2:e3:b2:60:bd:27:d2:66:d1:62:37:a1:
                    78:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:93:8A:3D:E8:03:BD:6C:91:F1:4A:D9:67:BD:41:41:B8:A0:28:AF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/Q5OKPegDvWyR8UrZZ71BQbigKK8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.12.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203254

    Signature Algorithm: sha256WithRSAEncryption
         0b:a3:de:ae:26:0f:9c:b9:93:15:ec:d4:a7:f3:95:ef:54:d4:
         af:8a:aa:f9:ed:cd:cf:86:2c:36:67:24:c9:68:a4:64:3d:fb:
         65:22:b6:7d:d0:80:77:93:8b:42:38:a7:49:47:43:e2:9c:1e:
         a1:6e:05:bc:41:04:41:1d:50:ab:62:e5:00:de:81:b3:fe:69:
         4f:64:c0:cc:27:3f:b5:be:71:6e:2d:35:2a:48:0d:07:cb:63:
         ec:1f:de:05:39:2f:00:27:0e:4f:a4:05:6a:ee:75:2a:fb:5d:
         44:0f:d6:a8:5e:2c:2a:5c:5b:9a:8b:da:ab:e3:ac:84:f5:2b:
         d3:f1:87:d8:ea:78:78:83:f5:4a:8c:64:35:72:c4:5a:20:cb:
         4e:a5:80:43:c2:b7:8f:89:92:ad:30:ca:81:69:cf:14:b3:ec:
         c6:15:ca:7c:f8:46:1b:84:7e:b5:fe:91:4e:58:60:f3:7d:0d:
         f5:23:51:bb:ba:dd:e9:c4:60:4b:39:a0:bb:7f:d4:7c:db:97:
         98:e7:4a:3b:b7:d9:f6:db:54:99:7f:64:1b:08:a7:5e:38:68:
         f6:3f:32:c8:25:15:29:a8:34:fa:d2:74:90:c9:1e:c4:50:5b:
         d8:65:0d:74:f0:45:ee:d5:23:96:ac:fe:76:44:13:82:7f:5a:
         00:ab:8e:f8
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZt6yRXJ3x/GubdBVmUw2vO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTgxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzkzOGEzZGU4MDNiZDZjOTFmMTRhZDk2N2JkNDE0MWI4YTAyOGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypMgODWpJsKjVrcUjKTTs0ZiASLl
HEJqB2HscGYkYZf/MvYZF/vCodI/3PXY5+UeHADul0urnpsZprU7uVODmQOshg8M
NDEA106wA3HrN1H/S2wf6NQVENBRpBTrtlox93kKtDKIAGmZ3PJT7HQAc97XU2Ol
CZdo4YrIPYb+byx/UZbA+VtJZLX0XsVWyR7JDrMEa0JIcf4UDAFC4AtuwG+AcKDG
RP2ImXp8Fip1bX0vefNBUXY/JcjAA1a5acveLi9AFPWwBN5jvOWvPJzCmxTqrC2M
NFw1pIhS6Wy2MEN4qfcM/BuUha/mr4tfoe6Zi1ai47JgvSfSZtFiN6F4CwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEOTij3oA71skfFK2We9QUG4oCivMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJjL2VjZGEy
NC1kN2MzLTQ0NmEtYWYzNi1mZTU2MzRjMTdjYzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvZWNkYTI0
LWQ3YzMtNDQ2YS1hZjM2LWZlNTYzNGMxN2NjOS8xL1E1T0tQZWdEdld5UjhVclpa
NzFCUWJpZ0tLOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuYEMMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMZ9jANBgkqhkiG9w0BAQsFAAOCAQEAC6PeriYPnLmTFezUp/OV71TUr4qq+e3N
z4YsNmckyWikZD37ZSK2fdCAd5OLQjinSUdD4pweoW4FvEEEQR1Qq2LlAN6Bs/5p
T2TAzCc/tb5xbi01KkgNB8tj7B/eBTkvACcOT6QFau51KvtdRA/WqF4sKlxbmova
q+OshPUr0/GH2Op4eIP1SoxkNXLEWiDLTqWAQ8K3j4mSrTDKgWnPFLPsxhXKfPhG
G4R+tf6RTlhg830N9SNRu7rd6cRgSzmgu3/UfNuXmOdKO7fZ9ttUmX9kGwinXjho
9j8yyCUVKag0+tJ0kMkexFBb2GUNdPBF7tUjlqz+dkQTgn9aAKuO+A==
-----END CERTIFICATE-----