Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/RO8gb-MIXZlDy2oGPcl-Det_Q4Q.cer
File:                     RO8gb-MIXZlDy2oGPcl-Det_Q4Q.cer (raw, json)
Hash identifier:          aId8wNJ+4tk2Be1eBqE2uW9DVb9kP317oKkicSGrv1g=
Subject key identifier:   44:EF:20:6F:E3:08:5D:99:43:CB:6A:06:3D:C9:7E:0D:EB:7F:43:84
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7DC9D4886CE06F639BFC1573B8D7A680
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a0/62b5ed-5f84-4bfb-85fd-fbd50cd88ec4/1/RO8gb-MIXZlDy2oGPcl-Det_Q4Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a0/62b5ed-5f84-4bfb-85fd-fbd50cd88ec4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 08:18:57 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 214354
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:d4:88:6c:e0:6f:63:9b:fc:15:73:b8:d7:a6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44ef206fe3085d9943cb6a063dc97e0deb7f4384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:70:b8:4c:6f:6d:e6:ad:8c:d0:13:81:31:96:
                    36:55:bf:bf:cc:93:eb:4d:8f:26:80:90:3a:97:8f:
                    65:cf:d3:8e:30:29:db:7a:15:ed:21:69:a4:6d:7b:
                    fa:da:77:f1:5b:b1:e6:23:41:cd:d6:57:72:e7:d4:
                    9e:7a:bf:e9:ef:b2:ea:65:79:d3:56:cd:cf:8d:b9:
                    04:68:11:94:ad:ec:23:1d:a2:fb:db:dd:c7:8f:87:
                    b8:62:93:92:c8:33:c5:7a:4b:88:40:2d:be:68:a5:
                    4a:31:47:bf:db:3f:1a:4d:d1:05:bf:7c:6f:f3:29:
                    e6:80:19:09:01:14:14:b2:0b:4a:16:25:23:ef:4d:
                    c9:f0:41:9a:69:82:1d:b6:5d:4b:d8:16:0d:f2:f5:
                    6c:02:29:b6:17:34:0f:b4:24:1e:ea:e8:14:99:28:
                    89:d1:1d:9e:de:ad:dc:e2:d0:74:45:ad:76:df:49:
                    8f:2b:62:36:62:39:f9:bf:df:f9:84:8a:a9:b0:2d:
                    94:24:d2:16:c5:8e:28:53:d0:18:80:1f:ec:e7:fa:
                    63:a3:59:1d:30:f9:cb:a3:6b:75:bf:27:a0:49:15:
                    37:4a:94:47:67:9c:45:de:f8:c7:6b:4b:97:09:47:
                    85:3a:02:9e:e8:5c:c9:81:9e:c7:cc:92:67:d2:c1:
                    42:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:EF:20:6F:E3:08:5D:99:43:CB:6A:06:3D:C9:7E:0D:EB:7F:43:84
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/62b5ed-5f84-4bfb-85fd-fbd50cd88ec4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/62b5ed-5f84-4bfb-85fd-fbd50cd88ec4/1/RO8gb-MIXZlDy2oGPcl-Det_Q4Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214354

    Signature Algorithm: sha256WithRSAEncryption
         a7:c8:2f:36:ab:7c:ae:bb:74:83:b3:e8:c4:16:84:b8:38:1d:
         fe:05:10:e3:d0:2d:74:b6:d2:79:62:2e:07:30:e2:e4:8a:d5:
         58:d5:7d:4d:97:d6:88:e8:81:1f:2a:31:f5:fb:f7:4b:54:fe:
         ab:75:32:ab:15:02:f3:af:a1:f7:d0:96:f1:d6:b4:5d:1a:77:
         f4:a1:e5:60:ad:36:bb:30:1f:81:78:65:b7:e0:f2:0b:43:89:
         34:74:11:f4:a5:00:ca:f2:94:64:69:18:da:f5:ef:82:9f:d5:
         7e:e8:92:58:93:23:a3:bd:46:7e:c8:7c:e0:7f:9f:4c:0d:95:
         b4:69:65:b0:42:a6:68:a1:7f:2e:6b:0b:29:1c:80:57:d4:ff:
         2e:0f:a5:42:2c:52:06:cb:48:f1:e8:1c:0f:8c:13:e7:13:db:
         c8:ae:65:dc:9a:cb:bc:ce:37:de:38:72:43:be:4c:17:8c:f5:
         b6:df:1f:ad:51:f0:65:86:2c:b6:56:43:a5:f1:30:0e:de:2e:
         52:8a:ba:29:7a:26:8c:0c:a1:c1:ca:cf:6f:10:0b:98:b6:60:
         60:db:ba:af:05:0f:a4:f4:fe:d2:60:0f:d4:88:ae:78:5e:61:
         c7:1f:ab:84:78:3d:e8:75:26:72:72:17:60:bd:2a:1d:3b:8c:
         28:b6:7b:e7
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt9ydSIbOBvY5v8FXO416aAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDgxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGVmMjA2ZmUzMDg1ZDk5NDNjYjZhMDYzZGM5N2UwZGViN2Y0Mzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3C4TG9t5q2M0BOBMZY2Vb+/zJPr
TY8mgJA6l49lz9OOMCnbehXtIWmkbXv62nfxW7HmI0HN1ldy59Seer/p77LqZXnT
Vs3PjbkEaBGUrewjHaL7293Hj4e4YpOSyDPFekuIQC2+aKVKMUe/2z8aTdEFv3xv
8ynmgBkJARQUsgtKFiUj703J8EGaaYIdtl1L2BYN8vVsAim2FzQPtCQe6ugUmSiJ
0R2e3q3c4tB0Ra1230mPK2I2Yjn5v9/5hIqpsC2UJNIWxY4oU9AYgB/s5/pjo1kd
MPnLo2t1vyegSRU3SpRHZ5xF3vjHa0uXCUeFOgKe6FzJgZ7HzJJn0sFC8QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFETvIG/jCF2ZQ8tqBj3Jfg3rf0OEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EwLzYyYjVl
ZC01Zjg0LTRiZmItODVmZC1mYmQ1MGNkODhlYzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvNjJiNWVk
LTVmODQtNGJmYi04NWZkLWZiZDUwY2Q4OGVjNC8xL1JPOGdiLU1JWFpsRHkyb0dQ
Y2wtRGV0X1E0US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNFUjANBgkqhkiG9w0BAQsFAAOCAQEAp8gvNqt8rrt0
g7PoxBaEuDgd/gUQ49AtdLbSeWIuBzDi5IrVWNV9TZfWiOiBHyox9fv3S1T+q3Uy
qxUC86+h99CW8da0XRp39KHlYK02uzAfgXhlt+DyC0OJNHQR9KUAyvKUZGkY2vXv
gp/VfuiSWJMjo71Gfsh84H+fTA2VtGllsEKmaKF/LmsLKRyAV9T/Lg+lQixSBstI
8egcD4wT5xPbyK5l3JrLvM433jhyQ75MF4z1tt8frVHwZYYstlZDpfEwDt4uUoq6
KXomjAyhwcrPbxALmLZgYNu6rwUPpPT+0mAP1IiueF5hxx+rhHg96HUmcnIXYL0q
HTuMKLZ75w==
-----END CERTIFICATE-----