Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q5ztCAzIsHblV7AsyD2HaNJ9VqQ.cer
File:                     Q5ztCAzIsHblV7AsyD2HaNJ9VqQ.cer (raw, json)
Hash identifier:          i/nSW5CWbvaS69KVZFV71Gldtae5V80OSXtSDrlYbTY=
Subject key identifier:   43:9C:ED:08:0C:C8:B0:76:E5:57:B0:2C:C8:3D:87:68:D2:7D:56:A4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019D10F49425381B05F5EDF913C3E983DFC6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/5821c47e-e815-42de-bd6b-19a2e1ae564a/4/439CED080CC8B076E557B02CC83D8768D27D56A4.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/5821c47e-e815-42de-bd6b-19a2e1ae564a/4/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sat 21 Mar 2026 15:12:37 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 216455
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:10:f4:94:25:38:1b:05:f5:ed:f9:13:c3:e9:83:df:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 21 15:12:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=439ced080cc8b076e557b02cc83d8768d27d56a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:09:a1:2d:52:14:b7:64:93:da:2b:1b:7d:e1:
                    76:e8:6c:1d:b8:18:ea:40:d5:99:00:3b:dc:d1:76:
                    92:92:77:5e:df:5b:a8:29:b5:d8:28:01:12:0a:89:
                    19:08:e0:b3:e9:b1:81:55:15:4d:79:a1:5e:05:6f:
                    05:09:58:36:8c:74:67:61:dc:a0:62:ba:73:14:11:
                    f9:fb:57:69:af:c2:f1:84:0f:99:31:c8:20:68:87:
                    cd:29:e3:3e:ac:3b:25:ea:e9:01:89:18:6b:f4:45:
                    f8:51:b8:47:24:55:2f:39:e0:24:b6:dc:cf:b0:0f:
                    40:4a:7c:1e:62:84:d8:e8:2b:ba:3a:93:ca:04:27:
                    de:06:eb:62:30:2a:46:1a:be:ee:95:87:54:9a:39:
                    d4:be:be:a4:95:ac:e3:8d:8b:f9:5d:cc:5e:a6:71:
                    6c:b3:47:65:38:0e:60:36:2a:83:28:a2:ab:93:3a:
                    3c:5b:33:db:1f:7d:b2:29:2e:80:ea:4f:34:18:dc:
                    ff:7d:75:c9:be:b1:35:7a:17:00:0c:14:22:ac:30:
                    8d:35:3e:f3:2b:f4:e3:bb:dd:c3:b3:df:dc:09:bc:
                    d2:e7:62:34:50:7b:17:f3:89:a7:27:b6:b6:87:75:
                    40:47:27:16:80:4c:79:05:4d:39:1a:37:99:86:6f:
                    d8:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:9C:ED:08:0C:C8:B0:76:E5:57:B0:2C:C8:3D:87:68:D2:7D:56:A4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/5821c47e-e815-42de-bd6b-19a2e1ae564a/4/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/5821c47e-e815-42de-bd6b-19a2e1ae564a/4/439CED080CC8B076E557B02CC83D8768D27D56A4.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216455

    Signature Algorithm: sha256WithRSAEncryption
         14:4a:f9:16:75:f0:2b:73:e1:39:64:9c:b8:31:7f:78:97:fe:
         d1:4c:1e:3a:74:35:22:87:ea:47:7a:5e:49:4d:0e:02:33:e1:
         98:6c:3d:20:5e:c4:7d:40:e6:9a:c3:f8:c4:4d:1c:7c:dd:1f:
         12:e0:05:28:d3:7c:94:2c:96:ac:18:30:d3:c6:f9:52:e6:be:
         02:8d:e2:02:a0:61:ab:90:33:c0:3f:58:8c:f6:2c:51:63:37:
         62:ba:10:1c:75:7e:d0:5f:b3:7b:b4:db:6a:c4:32:85:a1:d6:
         39:4a:28:59:2a:c1:fb:34:36:70:c5:de:56:f8:3c:55:48:cb:
         77:55:26:7c:7e:b2:fe:34:ed:b0:ed:bb:c8:05:1f:db:eb:8a:
         4c:6f:59:0d:8b:60:7b:47:5f:4d:e0:f4:95:3c:f5:77:59:e6:
         ed:e4:76:bf:dc:a4:b8:de:8d:a7:66:45:39:c8:be:da:30:1d:
         f4:21:a4:25:76:df:68:00:e6:ee:87:08:d7:c5:66:3a:7e:88:
         dc:55:c6:a7:d7:7c:fd:cf:d9:b5:98:db:bd:63:43:c8:f2:d5:
         b3:90:98:dd:4a:2d:64:ec:5c:8e:fd:fa:b2:d1:93:d3:9c:c6:
         33:eb:ab:bf:b4:91:c3:0d:f0:50:ae:54:e5:cf:ba:d3:ee:a7:
         9b:e4:2b:cb
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZ0Q9JQlOBsF9e35E8Ppg9/GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMzIxMTUxMjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzljZWQwODBjYzhiMDc2ZTU1N2IwMmNjODNkODc2OGQyN2Q1NmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQmhLVIUt2ST2isbfeF26GwduBjq
QNWZADvc0XaSknde31uoKbXYKAESCokZCOCz6bGBVRVNeaFeBW8FCVg2jHRnYdyg
YrpzFBH5+1dpr8LxhA+ZMcggaIfNKeM+rDsl6ukBiRhr9EX4UbhHJFUvOeAkttzP
sA9ASnweYoTY6Cu6OpPKBCfeButiMCpGGr7ulYdUmjnUvr6klazjjYv5XcxepnFs
s0dlOA5gNiqDKKKrkzo8WzPbH32yKS6A6k80GNz/fXXJvrE1ehcADBQirDCNNT7z
K/Tju93Ds9/cCbzS52I0UHsX84mnJ7a2h3VARycWgEx5BU05GjeZhm/YVwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFEOc7QgMyLB25VewLMg9h2jSfVakMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU4MjFj
NDdlLWU4MTUtNDJkZS1iZDZiLTE5YTJlMWFlNTY0YS80LzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNTgy
MWM0N2UtZTgxNS00MmRlLWJkNmItMTlhMmUxYWU1NjRhLzQvNDM5Q0VEMDgwQ0M4
QjA3NkU1NTdCMDJDQzgzRDg3NjhEMjdENTZBNC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDTYcw
DQYJKoZIhvcNAQELBQADggEBABRK+RZ18Ctz4TlknLgxf3iX/tFMHjp0NSKH6kd6
XklNDgIz4ZhsPSBexH1A5prD+MRNHHzdHxLgBSjTfJQslqwYMNPG+VLmvgKN4gKg
YauQM8A/WIz2LFFjN2K6EBx1ftBfs3u022rEMoWh1jlKKFkqwfs0NnDF3lb4PFVI
y3dVJnx+sv407bDtu8gFH9vrikxvWQ2LYHtHX03g9JU89XdZ5u3kdr/cpLjejadm
RTnIvtowHfQhpCV232gA5u6HCNfFZjp+iNxVxqfXfP3P2bWY271jQ8jy1bOQmN1K
LWTsXI79+rLRk9OcxjPrq7+0kcMN8FCuVOXPutPup5vkK8s=
-----END CERTIFICATE-----