Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QcjQJBEIsB9etwj-i7uEfVOjDxY.cer
File:                     QcjQJBEIsB9etwj-i7uEfVOjDxY.cer (raw, json)
Hash identifier:          knHKXYDhngsyji6j+FtO+ZUsf7XZPrHtPYG0yNwyYis=
Subject key identifier:   41:C8:D0:24:11:08:B0:1F:5E:B7:08:FE:8B:BB:84:7D:53:A3:0F:16
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C804D78058378300913CC82D86FB463
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/fd7af2-5036-42ac-a3f7-d596ec14ee2e/1/QcjQJBEIsB9etwj-i7uEfVOjDxY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/fd7af2-5036-42ac-a3f7-d596ec14ee2e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 02:19:01 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 185.163.32.0/22
                          IP: 2a0a:8800::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:4d:78:05:83:78:30:09:13:cc:82:d8:6f:b4:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41c8d0241108b01f5eb708fe8bbb847d53a30f16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:17:c0:15:4d:2c:79:23:43:12:4d:48:13:36:
                    7e:4c:9c:6e:e9:80:8f:76:64:10:c6:c7:e0:c0:da:
                    3c:55:13:b5:79:c2:c4:8a:e6:7a:2b:d7:14:a8:42:
                    a2:6c:04:06:68:ff:a1:bd:9c:39:b9:6a:c3:06:34:
                    10:ce:1a:00:c4:7e:80:c9:a4:ae:a5:7a:3d:90:16:
                    2b:16:dd:1b:6c:ef:8b:8c:fe:0a:a4:2a:ef:94:33:
                    88:6e:46:fb:b2:9f:bf:23:eb:a0:c2:98:d2:aa:27:
                    de:7e:71:4d:dc:07:3a:ec:8e:26:cc:22:47:66:b8:
                    7a:df:b3:52:c1:ac:af:5f:6e:e6:2f:97:4f:a9:dd:
                    af:6b:07:ae:c7:58:42:92:b1:f4:35:3c:3e:fb:ba:
                    1f:f2:be:2b:93:1a:66:d8:b6:f1:6e:4b:8f:ca:34:
                    ee:db:02:ca:36:b1:d5:6b:96:4c:73:af:dc:b3:a5:
                    b4:97:b8:fe:22:55:3c:06:1f:02:7f:1b:d8:6f:6b:
                    7b:40:85:a1:87:73:8e:bd:c4:1e:0e:05:91:a4:bc:
                    0c:61:5b:64:b2:eb:61:cd:a1:35:c0:8b:06:c8:3c:
                    3d:e3:41:95:65:06:fa:f6:73:28:84:0a:03:c6:68:
                    68:b1:da:f7:fe:0b:3b:7a:cc:89:e9:46:90:20:4b:
                    8e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:C8:D0:24:11:08:B0:1F:5E:B7:08:FE:8B:BB:84:7D:53:A3:0F:16
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/fd7af2-5036-42ac-a3f7-d596ec14ee2e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/fd7af2-5036-42ac-a3f7-d596ec14ee2e/1/QcjQJBEIsB9etwj-i7uEfVOjDxY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.32.0/22
                IPv6:
                  2a0a:8800::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:ed:da:3b:19:dc:ee:2d:16:ef:8e:a2:53:85:a3:af:39:db:
         3b:51:1b:96:2e:30:d0:68:09:29:ac:bd:05:79:39:50:23:93:
         a9:5f:fc:f5:df:8c:4f:e9:4d:b2:c9:d6:ea:10:be:7f:a3:95:
         aa:d6:66:68:6c:9a:f2:a9:ba:b7:20:71:fd:92:94:30:e0:e2:
         88:b2:5e:88:e7:e2:2d:f5:e1:f6:6d:7c:be:de:46:7b:7a:9b:
         4d:0c:cc:d5:0d:3e:b7:2c:8e:a3:f8:f0:ce:94:3f:52:20:cc:
         09:d1:68:f6:6c:f4:35:93:38:c5:93:62:74:44:e7:bc:63:5c:
         c3:4d:f0:d0:af:1f:fc:0a:bb:35:08:12:6c:44:4d:00:18:ee:
         fc:fc:1c:b2:22:dd:38:fe:d3:f5:ae:dd:c5:bf:91:d6:5b:36:
         f0:f2:f9:7b:dc:c6:71:dc:88:35:d6:23:74:4d:90:ce:2b:35:
         23:98:7a:3c:df:ee:7b:04:74:9c:42:c6:a5:69:34:ec:04:2d:
         90:cc:93:ed:2c:83:74:73:e0:65:35:6d:3d:2b:f4:94:12:30:
         2e:3f:8c:25:80:04:52:53:5e:4e:81:ae:cd:06:0c:10:3d:f4:
         af:33:a4:74:24:6c:6f:73:c8:2b:45:07:34:ed:2a:f3:bb:0a:
         72:53:a7:0b
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZt8gE14BYN4MAkTzILYb7RjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDIxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWM4ZDAyNDExMDhiMDFmNWViNzA4ZmU4YmJiODQ3ZDUzYTMwZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBfAFU0seSNDEk1IEzZ+TJxu6YCP
dmQQxsfgwNo8VRO1ecLEiuZ6K9cUqEKibAQGaP+hvZw5uWrDBjQQzhoAxH6AyaSu
pXo9kBYrFt0bbO+LjP4KpCrvlDOIbkb7sp+/I+ugwpjSqifefnFN3Ac67I4mzCJH
Zrh637NSwayvX27mL5dPqd2vaweux1hCkrH0NTw++7of8r4rkxpm2LbxbkuPyjTu
2wLKNrHVa5ZMc6/cs6W0l7j+IlU8Bh8CfxvYb2t7QIWhh3OOvcQeDgWRpLwMYVtk
suthzaE1wIsGyDw940GVZQb69nMohAoDxmhosdr3/gs7esyJ6UaQIEuOGwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFEHI0CQRCLAfXrcI/ou7hH1Tow8WMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlL2ZkN2Fm
Mi01MDM2LTQyYWMtYTNmNy1kNTk2ZWMxNGVlMmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvZmQ3YWYy
LTUwMzYtNDJhYy1hM2Y3LWQ1OTZlYzE0ZWUyZS8xL1FjalFKQkVJc0I5ZXR3ai1p
N3VFZlZPakR4WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuaMgMA0EAgACMAcDBQMqCogAMA0GCSqGSIb3
DQEBCwUAA4IBAQAi7do7GdzuLRbvjqJThaOvOds7URuWLjDQaAkprL0FeTlQI5Op
X/z134xP6U2yydbqEL5/o5Wq1mZobJryqbq3IHH9kpQw4OKIsl6I5+It9eH2bXy+
3kZ7eptNDMzVDT63LI6j+PDOlD9SIMwJ0Wj2bPQ1kzjFk2J0ROe8Y1zDTfDQrx/8
Crs1CBJsRE0AGO78/ByyIt04/tP1rt3Fv5HWWzbw8vl73MZx3Ig11iN0TZDOKzUj
mHo83+57BHScQsalaTTsBC2QzJPtLIN0c+BlNW09K/SUEjAuP4wlgARSU15Oga7N
BgwQPfSvM6R0JGxvc8grRQc07SrzuwpyU6cL
-----END CERTIFICATE-----