Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1zOqpdLKQWssmKvRSwCKAMWqrs.cer
File:                     a1zOqpdLKQWssmKvRSwCKAMWqrs.cer (raw, json)
Hash identifier:          BeSUuY7Y0y1A8iLkXfbRVg59UccT6JPvqtv4qw571w0=
Subject key identifier:   6B:5C:CE:AA:97:4B:29:05:AC:B2:62:AF:45:2C:02:28:03:16:AA:BB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019E02DBBBBB2FB330988F25EFB323B8405F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/a1zOqpdLKQWssmKvRSwCKAMWqrs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 07 May 2026 14:33:35 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 45.91.122.0/24
                          IP: 2a13:9b40::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:db:bb:bb:2f:b3:30:98:8f:25:ef:b3:23:b8:40:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May  7 14:33:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b5cceaa974b2905acb262af452c02280316aabb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fc:d0:4b:a9:f5:3e:3b:fd:40:e3:15:36:f1:
                    7f:62:3f:77:80:56:fe:eb:af:e7:46:cf:aa:5d:6a:
                    e8:bf:7b:58:0d:44:56:a5:7e:9c:5b:06:79:34:79:
                    51:df:7e:d8:03:a9:23:23:d2:e7:87:d3:59:bc:67:
                    1c:6b:1f:3a:60:f5:11:b9:b9:6e:ee:0c:a0:66:98:
                    59:34:18:d7:e1:64:01:1f:92:5e:1d:91:34:e3:1e:
                    5a:c9:87:e9:dd:f0:15:c7:92:93:89:5e:11:e8:e6:
                    a1:ca:d3:44:bf:e6:43:88:95:7d:44:04:4a:47:46:
                    c6:85:68:e6:a8:5b:7f:ff:b9:7b:38:eb:b3:45:11:
                    0e:c9:e1:80:ec:92:98:22:6f:14:04:46:35:44:6a:
                    8d:92:91:c0:13:e8:d2:01:f9:28:84:f9:be:d8:53:
                    0e:27:0d:6d:6a:e7:a0:aa:ac:c6:3b:3a:bf:fc:aa:
                    31:0a:91:ae:d0:ff:d4:85:f3:a7:a7:35:34:93:82:
                    a4:f2:81:59:69:9f:d2:be:8e:d9:b3:60:78:46:5c:
                    2c:ec:a1:39:df:55:5a:54:73:44:01:1f:d4:4d:29:
                    08:a9:73:52:af:42:9d:ce:46:80:b4:6c:0a:18:5a:
                    9d:ed:9c:ad:d2:39:bb:c6:0e:ce:db:1f:b5:01:0c:
                    75:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:5C:CE:AA:97:4B:29:05:AC:B2:62:AF:45:2C:02:28:03:16:AA:BB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/a1zOqpdLKQWssmKvRSwCKAMWqrs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.122.0/24
                IPv6:
                  2a13:9b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:3e:2e:fc:9d:9e:b6:c4:2e:44:02:35:58:cd:2e:16:c8:88:
         db:19:b1:51:18:27:19:27:bd:92:c3:a1:29:5f:62:68:5a:76:
         bd:bf:0f:8e:67:f7:c1:43:b8:4c:23:d0:94:a9:3b:4b:4d:7f:
         f8:af:4c:d7:92:95:fb:4d:48:7b:2c:f4:ae:a9:ba:38:e0:ee:
         3a:09:14:16:15:e8:f6:98:f4:bd:43:90:f8:44:ac:18:42:4e:
         8c:36:e6:6b:67:22:b2:84:1a:f1:a6:d4:32:8c:ea:6b:1f:1e:
         12:79:8f:a9:91:b3:07:50:00:20:00:2c:78:ed:e1:94:10:5e:
         67:1f:f7:b0:ca:97:e0:00:1a:d9:a0:b8:f7:53:5e:96:6d:92:
         74:4e:b3:5e:9c:d7:d2:61:ab:8c:1c:a5:de:2b:27:10:f8:24:
         bd:a3:10:a1:56:ad:26:43:15:51:b8:06:2b:08:eb:c8:ce:0b:
         b9:0d:52:85:30:de:71:e7:c1:4a:e0:1f:02:ae:61:01:3f:95:
         f6:39:6f:44:81:23:b1:c8:74:0f:ef:86:8f:35:03:90:75:d2:
         40:c1:0e:4a:b1:ba:ed:55:bf:c3:2c:24:83:55:f7:2f:01:bf:
         13:06:9e:62:41:b2:07:b5:31:e9:c3:49:62:79:8a:c9:a4:60:
         c4:dd:9c:c1
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZ4C27u7L7MwmI8l77MjuEBfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNTA3MTQzMzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjVjY2VhYTk3NGIyOTA1YWNiMjYyYWY0NTJjMDIyODAzMTZhYWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvzQS6n1Pjv9QOMVNvF/Yj93gFb+
66/nRs+qXWrov3tYDURWpX6cWwZ5NHlR337YA6kjI9Lnh9NZvGccax86YPURublu
7gygZphZNBjX4WQBH5JeHZE04x5ayYfp3fAVx5KTiV4R6OahytNEv+ZDiJV9RARK
R0bGhWjmqFt//7l7OOuzRREOyeGA7JKYIm8UBEY1RGqNkpHAE+jSAfkohPm+2FMO
Jw1tauegqqzGOzq//KoxCpGu0P/UhfOnpzU0k4Kk8oFZaZ/Svo7Zs2B4Rlws7KE5
31VaVHNEAR/UTSkIqXNSr0KdzkaAtGwKGFqd7Zyt0jm7xg7O2x+1AQx1NwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFGtczqqXSykFrLJir0UsAigDFqq7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y3LzM5ZjFl
MC0zNjI3LTQ5MmYtYWU5My04YjA3YWNkMDdjOTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjcvMzlmMWUw
LTM2MjctNDkyZi1hZTkzLThiMDdhY2QwN2M5NC8xL2Exek9xcGRMS1FXc3NtS3ZS
U3dDS0FNV3Fycy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQALVt6MA0EAgACMAcDBQMqE5tAMA0GCSqGSIb3
DQEBCwUAA4IBAQCsPi78nZ62xC5EAjVYzS4WyIjbGbFRGCcZJ72Sw6EpX2JoWna9
vw+OZ/fBQ7hMI9CUqTtLTX/4r0zXkpX7TUh7LPSuqbo44O46CRQWFej2mPS9Q5D4
RKwYQk6MNuZrZyKyhBrxptQyjOprHx4SeY+pkbMHUAAgACx47eGUEF5nH/ewypfg
ABrZoLj3U16WbZJ0TrNenNfSYauMHKXeKycQ+CS9oxChVq0mQxVRuAYrCOvIzgu5
DVKFMN5x58FK4B8CrmEBP5X2OW9EgSOxyHQP74aPNQOQddJAwQ5KsbrtVb/DLCSD
VfcvAb8TBp5iQbIHtTHpw0lieYrJpGDE3ZzB
-----END CERTIFICATE-----