Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/R37BXKT5JNlmlnVFEk9lUxDSyXM.cer
File:                     R37BXKT5JNlmlnVFEk9lUxDSyXM.cer (raw, json)
Hash identifier:          umkBsVCFFrNJ1RytxyUsq+ZawxeatxC9eWBJgF3IKNs=
Subject key identifier:   47:7E:C1:5C:A4:F9:24:D9:66:96:75:45:12:4F:65:53:10:D2:C9:73
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B76EAFFC94F7A39B706626BBCCFE8F3C3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3d/1a3e49-c5d4-469b-8e85-3c9a66bac395/1/R37BXKT5JNlmlnVFEk9lUxDSyXM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3d/1a3e49-c5d4-469b-8e85-3c9a66bac395/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 00:17:51 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 204592
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:ff:c9:4f:7a:39:b7:06:62:6b:bc:cf:e8:f3:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=477ec15ca4f924d966967545124f655310d2c973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:43:81:5b:a0:96:a9:6d:85:50:a6:8f:23:d1:
                    62:b3:a8:c4:5a:9a:60:1a:82:c3:df:43:79:ea:34:
                    95:5c:34:ba:32:1a:26:cb:d6:28:9c:9b:a9:a0:7a:
                    3b:07:c5:a9:c9:fa:e1:10:1c:13:d1:69:8e:83:e7:
                    62:06:9b:74:a6:f1:64:44:85:1a:e4:68:5d:99:06:
                    bb:d3:ba:1f:f4:ca:ed:b5:12:19:e3:04:af:02:59:
                    6c:76:78:7b:2a:c5:3f:21:93:55:9c:15:01:ea:9c:
                    97:4c:19:66:f6:0a:4b:4e:c2:98:5f:34:08:9f:15:
                    59:c6:4b:94:56:52:3c:35:19:ee:d3:b1:5e:e4:eb:
                    c6:0a:71:66:f4:58:a1:05:c1:41:5e:70:a0:94:80:
                    01:73:55:89:46:53:aa:d6:b3:bc:33:37:45:b1:62:
                    9a:75:c8:5b:e2:31:42:e8:42:23:e3:69:ce:a6:a1:
                    d1:eb:49:34:9e:7f:c0:99:e4:63:05:30:80:4d:24:
                    ff:6c:8a:6e:07:49:92:22:d5:f5:f7:69:49:53:ea:
                    a2:7c:b5:8d:c4:78:95:05:25:42:b1:c6:f7:97:e6:
                    b7:7f:2a:7d:9c:f6:b9:dc:04:9f:3a:03:ea:b7:65:
                    2f:5a:d7:2b:91:e7:d3:e4:52:9d:17:bf:da:89:d6:
                    9e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:7E:C1:5C:A4:F9:24:D9:66:96:75:45:12:4F:65:53:10:D2:C9:73
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1a3e49-c5d4-469b-8e85-3c9a66bac395/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1a3e49-c5d4-469b-8e85-3c9a66bac395/1/R37BXKT5JNlmlnVFEk9lUxDSyXM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204592

    Signature Algorithm: sha256WithRSAEncryption
         4c:7d:d8:76:d5:55:e7:92:0f:c2:57:af:84:f2:52:76:b6:5d:
         dc:40:09:cb:3a:60:1f:6c:40:9a:c1:85:0d:3b:13:92:77:e0:
         27:c3:ea:d7:f2:dd:6b:4b:6a:c4:3b:b9:64:28:01:1b:62:f2:
         eb:fe:c6:09:8d:2c:cc:3a:71:79:ba:f6:0c:c8:2e:e3:17:e9:
         cf:88:5f:de:c9:05:fa:18:6c:7b:9f:93:54:95:10:31:ea:94:
         44:28:4a:40:da:dc:92:f5:1c:92:b4:82:a4:47:e7:69:13:a7:
         18:cf:e9:09:44:70:52:15:02:a4:ac:95:49:8b:b1:f3:42:cf:
         52:7d:a0:ee:48:54:aa:1f:51:46:f7:97:0f:d0:dc:1b:b5:41:
         04:fd:a8:cd:71:29:8d:07:47:58:c3:cf:fa:11:98:58:58:5f:
         5f:ff:df:8d:c9:00:36:94:2c:2a:ef:25:47:d0:ce:f0:52:3b:
         f7:43:35:6e:95:98:b0:22:ab:a6:c7:24:2a:52:8a:29:31:55:
         a3:9c:15:fc:ea:ec:0e:8d:be:22:c0:8d:02:a1:f3:00:f3:2a:
         8e:7a:14:e5:09:68:e5:69:1c:1b:fc:05:be:fc:d9:53:a7:29:
         fc:9c:f3:f9:f5:10:c8:13:09:e3:97:5e:32:20:5d:94:ba:53:
         f1:c1:e1:67
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt26v/JT3o5twZia7zP6PPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzdlYzE1Y2E0ZjkyNGQ5NjY5Njc1NDUxMjRmNjU1MzEwZDJjOTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUOBW6CWqW2FUKaPI9Fis6jEWppg
GoLD30N56jSVXDS6Mhomy9YonJupoHo7B8WpyfrhEBwT0WmOg+diBpt0pvFkRIUa
5GhdmQa707of9MrttRIZ4wSvAllsdnh7KsU/IZNVnBUB6pyXTBlm9gpLTsKYXzQI
nxVZxkuUVlI8NRnu07Fe5OvGCnFm9FihBcFBXnCglIABc1WJRlOq1rO8MzdFsWKa
dchb4jFC6EIj42nOpqHR60k0nn/AmeRjBTCATST/bIpuB0mSItX192lJU+qifLWN
xHiVBSVCscb3l+a3fyp9nPa53ASfOgPqt2UvWtcrkefT5FKdF7/aidaeGQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFEd+wVyk+STZZpZ1RRJPZVMQ0slzMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNkLzFhM2U0
OS1jNWQ0LTQ2OWItOGU4NS0zYzlhNjZiYWMzOTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2QvMWEzZTQ5
LWM1ZDQtNDY5Yi04ZTg1LTNjOWE2NmJhYzM5NS8xL1IzN0JYS1Q1Sk5sbWxuVkZF
azlsVXhEU3lYTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMfMDANBgkqhkiG9w0BAQsFAAOCAQEATH3YdtVV55IP
wlevhPJSdrZd3EAJyzpgH2xAmsGFDTsTknfgJ8Pq1/Lda0tqxDu5ZCgBG2Ly6/7G
CY0szDpxebr2DMgu4xfpz4hf3skF+hhse5+TVJUQMeqURChKQNrckvUckrSCpEfn
aROnGM/pCURwUhUCpKyVSYux80LPUn2g7khUqh9RRveXD9DcG7VBBP2ozXEpjQdH
WMPP+hGYWFhfX//fjckANpQsKu8lR9DO8FI790M1bpWYsCKrpsckKlKKKTFVo5wV
/OrsDo2+IsCNAqHzAPMqjnoU5Qlo5WkcG/wFvvzZU6cp/Jzz+fUQyBMJ45deMiBd
lLpT8cHhZw==
-----END CERTIFICATE-----