Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QXF5yEiCEh630SJJWnrH6joAcMg.cer
File:                     QXF5yEiCEh630SJJWnrH6joAcMg.cer (raw, json)
Hash identifier:          gi6ywzDUQr3G44xdd/BGMRjpaiX25uudaMF3XqMPD8E=
Subject key identifier:   41:71:79:C8:48:82:12:1E:B7:D1:22:49:5A:7A:C7:EA:3A:00:70:C8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019C8EE586C3A7DD75B4B6EF1F869CFF1978
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/49/0d3f44-db1b-4192-8c42-40f2a93727a4/1/QXF5yEiCEh630SJJWnrH6joAcMg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/49/0d3f44-db1b-4192-8c42-40f2a93727a4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 24 Feb 2026 09:05:32 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 215647
                          IP: 213.173.15.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:e5:86:c3:a7:dd:75:b4:b6:ef:1f:86:9c:ff:19:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 24 09:05:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=417179c84882121eb7d122495a7ac7ea3a0070c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b8:17:19:af:4b:67:fc:99:c6:87:a7:ac:c8:
                    9d:29:64:71:2f:8a:bf:ca:bb:fc:32:c4:aa:20:e6:
                    be:eb:41:aa:0c:98:89:7c:4a:89:e0:d1:53:5e:12:
                    d9:a8:b2:83:1d:98:92:82:1b:6b:e1:fc:3a:07:5f:
                    87:de:e9:d3:7e:6b:2d:5a:ae:78:96:13:4c:53:05:
                    9a:b5:38:b3:39:e1:56:11:d8:00:88:7d:fa:76:2e:
                    ee:b1:9f:ca:3b:63:7f:da:f7:5d:e0:25:3f:ef:6f:
                    78:9a:19:dd:17:3c:a4:d1:ea:fe:c4:e6:9d:43:bd:
                    3b:ec:82:66:1e:1c:da:5b:02:9f:93:b1:b1:bd:be:
                    eb:7b:9e:14:a1:22:24:7b:40:6c:6d:ae:2c:6e:5b:
                    71:e0:95:8f:77:62:d9:4f:e9:24:12:18:e1:fd:29:
                    88:49:ea:7f:95:4f:e2:fb:41:cc:12:53:10:90:1c:
                    a0:1e:e4:35:61:6d:6a:de:4d:db:9e:4d:f7:dd:c7:
                    77:18:57:6f:b2:36:2b:f2:08:22:cc:8f:81:c5:2d:
                    25:d6:59:e5:d5:ee:2f:ae:3f:0f:c4:39:49:da:04:
                    33:48:df:be:31:4b:2d:36:c8:a0:db:9a:c3:69:76:
                    9b:6d:a4:21:cd:e6:32:ab:7b:0e:3a:3b:32:fc:31:
                    5c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:71:79:C8:48:82:12:1E:B7:D1:22:49:5A:7A:C7:EA:3A:00:70:C8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/0d3f44-db1b-4192-8c42-40f2a93727a4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/0d3f44-db1b-4192-8c42-40f2a93727a4/1/QXF5yEiCEh630SJJWnrH6joAcMg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.173.15.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215647

    Signature Algorithm: sha256WithRSAEncryption
         77:7b:93:da:d6:35:6c:b6:e8:67:39:af:f8:c6:9e:28:42:40:
         73:08:00:0b:0a:86:1b:4d:61:0e:33:d0:f2:cf:bf:00:a8:d2:
         d2:51:0e:e7:56:a8:9b:14:9b:37:7f:6d:a7:cb:b5:9b:a4:8d:
         39:f9:c4:53:23:e0:23:f1:66:8e:09:44:73:2d:a5:e5:fe:d3:
         79:de:61:bb:4b:d9:32:47:ec:fb:a5:cd:d2:25:fb:33:53:0f:
         bb:0a:87:4d:7b:c0:67:c8:7a:90:47:29:73:3e:5d:4e:f8:29:
         31:09:df:3b:b4:3f:84:e3:a7:cc:c7:3c:bc:6a:01:f9:33:2a:
         04:8b:a8:8e:5d:41:13:e6:70:06:bd:50:e6:34:33:4b:f3:3d:
         11:be:a3:8e:b8:84:98:0b:48:33:3f:14:81:b9:08:45:63:c4:
         3d:15:42:64:40:97:6b:53:46:af:57:d5:e5:54:e9:23:fa:3e:
         97:37:0f:1a:35:ab:18:07:1b:25:da:5e:a1:e0:be:34:5d:c8:
         e6:88:4b:fc:37:50:67:62:ee:dd:ff:c3:31:03:c7:70:a3:1c:
         6e:d5:1f:b4:e7:02:aa:9e:77:5a:6c:22:4d:04:e8:eb:ab:be:
         f3:06:02:47:e8:2d:6e:6d:3c:85:e4:e6:08:d8:60:55:be:f9:
         33:5e:54:2a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZyO5YbDp911tLbvH4ac/xl4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMjI0MDkwNTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTcxNzljODQ4ODIxMjFlYjdkMTIyNDk1YTdhYzdlYTNhMDA3MGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7gXGa9LZ/yZxoenrMidKWRxL4q/
yrv8MsSqIOa+60GqDJiJfEqJ4NFTXhLZqLKDHZiSghtr4fw6B1+H3unTfmstWq54
lhNMUwWatTizOeFWEdgAiH36di7usZ/KO2N/2vdd4CU/7294mhndFzyk0er+xOad
Q7077IJmHhzaWwKfk7Gxvb7re54UoSIke0Bsba4sbltx4JWPd2LZT+kkEhjh/SmI
Sep/lU/i+0HMElMQkBygHuQ1YW1q3k3bnk333cd3GFdvsjYr8ggizI+BxS0l1lnl
1e4vrj8PxDlJ2gQzSN++MUstNsig25rDaXabbaQhzeYyq3sOOjsy/DFc3QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEFxechIghIet9EiSVp6x+o6AHDIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ5LzBkM2Y0
NC1kYjFiLTQxOTItOGM0Mi00MGYyYTkzNzI3YTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDkvMGQzZjQ0
LWRiMWItNDE5Mi04YzQyLTQwZjJhOTM3MjdhNC8xL1FYRjV5RWlDRWg2MzBTSkpX
bnJINmpvQWNNZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQA1a0PMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNKXzANBgkqhkiG9w0BAQsFAAOCAQEAd3uT2tY1bLboZzmv+MaeKEJAcwgACwqG
G01hDjPQ8s+/AKjS0lEO51aomxSbN39tp8u1m6SNOfnEUyPgI/FmjglEcy2l5f7T
ed5hu0vZMkfs+6XN0iX7M1MPuwqHTXvAZ8h6kEcpcz5dTvgpMQnfO7Q/hOOnzMc8
vGoB+TMqBIuojl1BE+ZwBr1Q5jQzS/M9Eb6jjriEmAtIMz8UgbkIRWPEPRVCZECX
a1NGr1fV5VTpI/o+lzcPGjWrGAcbJdpeoeC+NF3I5ohL/DdQZ2Lu3f/DMQPHcKMc
btUftOcCqp53WmwiTQTo66u+8wYCR+gtbm08heTmCNhgVb75M15UKg==
-----END CERTIFICATE-----