Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YxB3zMSCuRtFmfUslKiJABOSSf8.cer
File:                     YxB3zMSCuRtFmfUslKiJABOSSf8.cer (raw, json)
Hash identifier:          rZE3EeYSFmiWEudLFWhyvcUYjGJhRSApVt5DKfEijZo=
Subject key identifier:   63:10:77:CC:C4:82:B9:1B:45:99:F5:2C:94:A8:89:00:13:92:49:FF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B797F38A51AF7F6D4C2F7347EBB378DFC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/54/814253-f21f-4bc8-b768-804b760dd879/1/YxB3zMSCuRtFmfUslKiJABOSSf8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/54/814253-f21f-4bc8-b768-804b760dd879/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 12:18:59 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 207099
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:38:a5:1a:f7:f6:d4:c2:f7:34:7e:bb:37:8d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=631077ccc482b91b4599f52c94a88900139249ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bc:05:0d:86:bc:5d:8b:6e:b2:94:08:ed:30:
                    6a:34:44:5a:24:e2:e4:ec:87:13:9d:a3:30:bf:6d:
                    0e:13:3d:fc:4a:8b:d7:08:cf:59:d4:45:79:a5:12:
                    6a:82:d3:cd:09:0b:e3:f2:26:8d:ae:45:91:02:c6:
                    b6:c4:bf:4d:50:4f:fd:1b:a9:7a:db:16:70:10:03:
                    6d:18:fb:fe:10:f1:16:c1:0e:8e:6f:59:ab:f1:82:
                    81:73:1f:85:13:d3:53:57:d3:3b:f3:4d:a4:17:29:
                    8a:cc:a2:43:2d:34:f4:de:ea:5f:03:6d:27:2f:22:
                    a0:45:13:5f:ab:f0:26:6e:02:7d:42:21:96:e3:c1:
                    8e:aa:a7:87:8a:1d:e1:d1:eb:e4:93:35:ce:32:e5:
                    91:01:ce:cc:f0:46:40:18:02:30:53:c1:da:cf:ed:
                    05:66:fe:8d:41:b4:90:ac:96:45:a4:23:20:75:5e:
                    a7:42:9e:0a:0b:84:39:d2:4a:1f:9f:c5:50:1f:dc:
                    57:95:85:da:c0:b8:5a:9c:9f:14:42:a7:ae:b7:0a:
                    dd:60:f1:70:a5:cc:1c:3e:e8:12:92:67:63:6f:70:
                    c0:5f:52:91:4d:dc:0d:9d:91:ea:57:63:07:74:98:
                    8e:32:08:ab:33:67:8d:64:14:d1:9d:94:64:03:ff:
                    94:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:10:77:CC:C4:82:B9:1B:45:99:F5:2C:94:A8:89:00:13:92:49:FF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/814253-f21f-4bc8-b768-804b760dd879/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/814253-f21f-4bc8-b768-804b760dd879/1/YxB3zMSCuRtFmfUslKiJABOSSf8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207099

    Signature Algorithm: sha256WithRSAEncryption
         88:ed:da:2e:66:34:71:1f:ce:74:30:88:6d:d6:ba:b6:a1:e9:
         56:ff:a9:4d:27:31:ca:5e:0d:e4:75:b0:68:26:f4:76:4f:40:
         00:ec:94:5e:5f:65:63:a1:83:e7:45:ea:db:44:d0:d2:13:9c:
         33:30:f8:e1:be:b2:7f:87:10:93:e1:df:d6:6b:8a:7c:45:ea:
         12:42:04:fe:71:62:3c:36:9b:50:ac:e4:6f:87:3c:1f:84:00:
         4b:b0:b1:22:a7:74:41:70:cc:87:36:f4:40:de:2d:ea:f5:2b:
         f8:17:a3:8f:c5:3f:c7:16:9b:6b:7a:39:ed:7d:bf:fb:66:1e:
         52:27:16:ee:c4:f5:ba:34:92:bf:e0:f7:41:05:dd:1f:83:76:
         1c:3d:0c:c7:89:09:18:e5:51:2b:07:f2:87:89:dd:80:aa:cd:
         f8:8a:cc:9c:03:32:40:e4:7e:3a:e7:93:c5:6d:22:f4:67:1e:
         40:67:a6:9b:8c:ae:65:3e:6a:04:76:0f:37:d0:2c:b4:5e:5a:
         fa:a8:04:08:5a:0a:e6:23:1a:82:50:1e:51:c1:4f:28:f0:83:
         26:c8:67:43:88:d8:98:9a:c0:17:9f:25:b9:78:5f:e3:d0:73:
         6f:01:15:50:23:f5:5d:11:67:ad:2b:75:57:f6:40:36:64:e6:
         0c:80:0a:44
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt5fzilGvf21ML3NH67N438MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTIxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzEwNzdjY2M0ODJiOTFiNDU5OWY1MmM5NGE4ODkwMDEzOTI0OWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLwFDYa8XYtuspQI7TBqNERaJOLk
7IcTnaMwv20OEz38SovXCM9Z1EV5pRJqgtPNCQvj8iaNrkWRAsa2xL9NUE/9G6l6
2xZwEANtGPv+EPEWwQ6Ob1mr8YKBcx+FE9NTV9M7802kFymKzKJDLTT03upfA20n
LyKgRRNfq/AmbgJ9QiGW48GOqqeHih3h0evkkzXOMuWRAc7M8EZAGAIwU8Haz+0F
Zv6NQbSQrJZFpCMgdV6nQp4KC4Q50kofn8VQH9xXlYXawLhanJ8UQqeutwrdYPFw
pcwcPugSkmdjb3DAX1KRTdwNnZHqV2MHdJiOMgirM2eNZBTRnZRkA/+UeQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGMQd8zEgrkbRZn1LJSoiQATkkn/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU0LzgxNDI1
My1mMjFmLTRiYzgtYjc2OC04MDRiNzYwZGQ4NzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvODE0MjUz
LWYyMWYtNGJjOC1iNzY4LTgwNGI3NjBkZDg3OS8xL1l4QjN6TVNDdVJ0Rm1mVXNs
S2lKQUJPU1NmOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMo+zANBgkqhkiG9w0BAQsFAAOCAQEAiO3aLmY0cR/O
dDCIbda6tqHpVv+pTScxyl4N5HWwaCb0dk9AAOyUXl9lY6GD50Xq20TQ0hOcMzD4
4b6yf4cQk+Hf1muKfEXqEkIE/nFiPDabUKzkb4c8H4QAS7CxIqd0QXDMhzb0QN4t
6vUr+Bejj8U/xxaba3o57X2/+2YeUicW7sT1ujSSv+D3QQXdH4N2HD0Mx4kJGOVR
Kwfyh4ndgKrN+IrMnAMyQOR+OueTxW0i9GceQGemm4yuZT5qBHYPN9AstF5a+qgE
CFoK5iMaglAeUcFPKPCDJshnQ4jYmJrAF58luXhf49BzbwEVUCP1XRFnrSt1V/ZA
NmTmDIAKRA==
-----END CERTIFICATE-----