Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.cer
File:                     atOL1MDQ6fMCgCGYTNg1VgR_Y5g.cer (raw, json)
Hash identifier:          wc1PrNQPecigDyfAk3LPjo3ywWI8RpFly7rsBPG+Rwc=
Subject key identifier:   6A:D3:8B:D4:C0:D0:E9:F3:02:80:21:98:4C:D8:35:56:04:7F:63:98
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0199519518F546D545E140322A4F3E8BAAD2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 16 Sep 2025 08:12:29 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 138.32.24.0/22
                          IP: 138.32.168.0/22
                          IP: 153.15.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:51:95:18:f5:46:d5:45:e1:40:32:2a:4f:3e:8b:aa:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 16 08:12:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ad38bd4c0d0e9f3028021984cd83556047f6398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1d:c3:9e:1c:ea:75:88:7f:cd:33:7c:a6:d9:
                    c6:de:11:e6:65:8b:fb:0c:87:d7:83:2a:2a:28:be:
                    94:1b:41:15:31:73:8c:98:cd:1c:1b:1e:5f:d0:8e:
                    41:f1:96:06:42:04:79:97:ce:0a:a2:46:41:e0:c2:
                    9c:eb:f4:69:39:ae:6b:0b:3c:91:5f:8f:aa:8b:5e:
                    22:59:d3:f4:1a:36:09:54:07:ac:c0:f3:6d:c3:81:
                    c2:e1:4d:d5:15:91:3f:20:08:ad:4b:21:8f:bb:25:
                    6b:b9:1a:0f:65:6e:d9:9e:af:6f:26:b6:8a:f5:60:
                    af:bf:01:84:60:bf:b7:07:80:89:b3:32:71:a7:f3:
                    ad:3c:dd:73:ac:a1:c5:f9:e1:fb:f5:25:cf:fc:9e:
                    d7:28:6d:7d:b9:f3:47:3a:e0:9c:67:b3:de:63:24:
                    86:ab:10:20:1b:4c:68:ad:b6:7c:c9:95:67:17:cf:
                    2c:4a:5b:16:1a:37:0b:b4:47:6b:07:52:6a:41:84:
                    44:2f:b8:b4:7d:5a:41:3a:6d:47:c8:fb:49:dd:3f:
                    17:cf:2c:20:ca:d6:d5:b2:d3:2e:51:83:99:a7:72:
                    62:20:41:27:cc:02:1a:80:d6:81:49:02:81:fc:32:
                    a1:55:90:49:3a:7a:63:61:e8:b1:a5:81:cf:7d:0f:
                    3e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D3:8B:D4:C0:D0:E9:F3:02:80:21:98:4C:D8:35:56:04:7F:63:98
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.32.24.0/22
                  138.32.168.0/22
                  153.15.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:0d:d9:9f:43:32:90:de:7a:68:9a:97:6b:52:71:dc:0a:ef:
         d2:6d:1f:9b:e5:3a:37:67:4e:09:b8:e0:d9:e2:bc:49:b9:6a:
         83:b1:1f:d6:85:cb:10:33:44:27:23:07:62:14:9b:7e:d2:51:
         b5:93:e4:04:e0:8c:7c:89:75:c2:65:b0:6a:c2:52:f0:12:11:
         3b:84:04:74:76:37:4a:f7:5f:34:20:ed:9a:f0:9c:32:0b:41:
         dd:76:95:78:f9:46:f6:2e:02:41:24:1e:f8:44:ff:75:d0:cc:
         62:6d:3d:a4:db:5c:05:39:2a:ca:a7:1e:4a:9e:4d:e6:ac:11:
         40:01:f9:0e:f0:8d:42:79:32:9d:1c:19:a2:be:14:35:c3:4a:
         19:bc:9a:50:4c:7a:44:0c:cc:1f:50:e3:c2:75:33:dd:85:98:
         59:43:42:61:1f:63:43:b4:15:79:18:1b:07:59:74:48:09:95:
         8b:e7:b8:f9:af:b8:47:58:5f:d6:c2:41:93:32:2d:a7:7a:3c:
         22:b5:b8:8b:bd:97:27:2a:d0:e2:79:be:73:f4:f2:bf:4c:8a:
         98:17:63:84:7e:22:65:59:c5:57:95:5b:ff:01:ab:d2:43:57:
         46:92:6f:06:78:b2:c4:24:13:54:a8:07:e4:b4:c1:07:b4:dc:
         1c:9a:68:1f
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgISAZlRlRj1RtVF4UAyKk8+i6rSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwOTE2MDgxMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQzOGJkNGMwZDBlOWYzMDI4MDIxOTg0Y2Q4MzU1NjA0N2Y2Mzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzh3DnhzqdYh/zTN8ptnG3hHmZYv7
DIfXgyoqKL6UG0EVMXOMmM0cGx5f0I5B8ZYGQgR5l84KokZB4MKc6/RpOa5rCzyR
X4+qi14iWdP0GjYJVAeswPNtw4HC4U3VFZE/IAitSyGPuyVruRoPZW7Znq9vJraK
9WCvvwGEYL+3B4CJszJxp/OtPN1zrKHF+eH79SXP/J7XKG19ufNHOuCcZ7PeYySG
qxAgG0xorbZ8yZVnF88sSlsWGjcLtEdrB1JqQYREL7i0fVpBOm1HyPtJ3T8Xzywg
ytbVstMuUYOZp3JiIEEnzAIagNaBSQKB/DKhVZBJOnpjYeixpYHPfQ8+IQIDAQAB
o4ICjzCCAoswHQYDVR0OBBYEFGrTi9TA0OnzAoAhmEzYNVYEf2OYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYxLzkyODYx
OC0yYTY5LTRmYmYtOTZjOS1jZTcwMDA3NGE3ZmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEvOTI4NjE4
LTJhNjktNGZiZi05NmM5LWNlNzAwMDc0YTdmYy8xL2F0T0wxTURRNmZNQ2dDR1lU
TmcxVmdSX1k1Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCoGCCsGAQUF
BwEHAQH/BBswGTAXBAIAATARAwQCiiAYAwQCiiCoAwMAmQ8wDQYJKoZIhvcNAQEL
BQADggEBALIN2Z9DMpDeemial2tScdwK79JtH5vlOjdnTgm44NnivEm5aoOxH9aF
yxAzRCcjB2IUm37SUbWT5ATgjHyJdcJlsGrCUvASETuEBHR2N0r3XzQg7ZrwnDIL
Qd12lXj5RvYuAkEkHvhE/3XQzGJtPaTbXAU5KsqnHkqeTeasEUAB+Q7wjUJ5Mp0c
GaK+FDXDShm8mlBMekQMzB9Q48J1M92FmFlDQmEfY0O0FXkYGwdZdEgJlYvnuPmv
uEdYX9bCQZMyLad6PCK1uIu9lycq0OJ5vnP08r9MipgXY4R+ImVZxVeVW/8Bq9JD
V0aSbwZ4ssQkE1SoB+S0wQe03ByaaB8=
-----END CERTIFICATE-----