Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bKEUWWE3FGPWv3mUTSgeDPpqAJ0.cer
File:                     bKEUWWE3FGPWv3mUTSgeDPpqAJ0.cer (raw, json)
Hash identifier:          +XCTW27fFvAnY61B1/IJJuC8qQIDrnHcLLnAJYF1b8g=
Subject key identifier:   6C:A1:14:59:61:37:14:63:D6:BF:79:94:4D:28:1E:0C:FA:6A:00:9D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019D0A006E9CA25C304C689B43DC1A31DFA8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d8/142e24-aaaf-4d35-9c0f-d81c77ab0c43/1/bKEUWWE3FGPWv3mUTSgeDPpqAJ0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d8/142e24-aaaf-4d35-9c0f-d81c77ab0c43/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 20 Mar 2026 06:48:13 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 199868
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:00:6e:9c:a2:5c:30:4c:68:9b:43:dc:1a:31:df:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 20 06:48:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ca1145961371463d6bf79944d281e0cfa6a009d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5d:03:58:ad:3a:87:5d:6c:a8:a9:eb:c6:56:
                    e8:ff:89:b7:31:c7:07:4f:53:44:bf:3e:72:73:e8:
                    e4:7f:67:6c:65:12:a8:99:5a:ec:55:79:d3:96:51:
                    4a:56:e1:db:7e:4e:a0:19:93:4c:70:62:7a:c7:f8:
                    24:06:cc:79:6c:84:8e:d7:a8:76:e2:83:aa:e6:bb:
                    3b:f7:0d:d9:7e:79:5b:92:2b:64:ac:c7:b3:1f:9b:
                    07:49:cf:30:ff:d1:00:02:b1:67:a7:3d:95:65:8c:
                    f3:21:a6:e3:5b:97:a6:d4:05:4e:ea:bf:fe:a0:7e:
                    fe:0a:c8:43:b9:c5:13:a6:fe:67:6a:26:9a:cb:4d:
                    b6:ea:89:d9:dd:35:d9:54:3e:83:1a:88:6c:28:15:
                    91:0b:ba:70:19:59:c5:d1:14:9a:bf:23:aa:33:83:
                    55:99:a8:c1:ff:7e:0d:7e:71:db:04:de:9f:84:50:
                    32:ad:19:44:a7:06:ad:7a:87:56:34:06:f1:c2:45:
                    e4:2f:83:04:3d:1b:8a:f8:2f:d1:04:9a:80:fb:e8:
                    0f:d0:42:03:dc:ec:83:e0:cc:28:1e:63:dc:3a:29:
                    05:70:f0:25:5d:89:37:b6:dd:fc:22:52:a6:1e:97:
                    f9:6f:19:43:d2:83:b3:cf:e8:76:3d:0e:bb:63:c5:
                    a2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A1:14:59:61:37:14:63:D6:BF:79:94:4D:28:1E:0C:FA:6A:00:9D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/142e24-aaaf-4d35-9c0f-d81c77ab0c43/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/142e24-aaaf-4d35-9c0f-d81c77ab0c43/1/bKEUWWE3FGPWv3mUTSgeDPpqAJ0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199868

    Signature Algorithm: sha256WithRSAEncryption
         45:26:41:93:16:85:1c:39:9a:97:a1:bd:01:a8:d0:02:91:3c:
         dc:45:9c:a2:ad:c6:15:b4:12:3c:7d:4f:3b:7b:0c:b7:3f:df:
         c3:1b:5d:e3:18:18:62:94:a9:5f:d1:c6:21:34:39:3f:6f:39:
         68:1b:57:49:e9:f5:d2:db:b9:f7:fd:7b:d4:dc:e9:bc:10:46:
         68:30:05:fa:8d:32:b9:e4:4d:a1:33:54:1b:97:fe:01:7c:79:
         c1:dd:29:14:fc:22:0d:64:3f:b6:ad:19:fb:34:6a:3c:98:77:
         17:f6:24:69:66:cb:4e:61:94:8d:77:17:e4:97:b3:41:c1:59:
         2f:83:97:93:6a:f6:16:a7:7c:31:01:63:e1:f0:ca:b5:06:5b:
         7f:33:77:04:45:fc:4d:70:3f:f0:7f:b8:40:1d:2e:41:20:04:
         69:a4:a7:25:7e:06:50:c1:14:50:f8:c3:68:9e:7b:f0:d1:91:
         35:93:6e:c7:8f:f4:b5:25:67:63:fc:9e:7e:61:03:bf:8d:63:
         de:a0:92:e3:55:2c:c0:f5:cd:d9:94:70:3b:59:32:dc:f2:6d:
         f2:80:10:71:fd:d3:43:e0:98:7f:c0:23:20:55:fa:00:52:f3:
         4f:15:c0:36:42:bc:81:13:5f:69:e0:02:e7:b9:7b:90:2f:2d:
         b0:5a:2e:f1
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZ0KAG6colwwTGibQ9waMd+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMzIwMDY0ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ExMTQ1OTYxMzcxNDYzZDZiZjc5OTQ0ZDI4MWUwY2ZhNmEwMDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2l0DWK06h11sqKnrxlbo/4m3MccH
T1NEvz5yc+jkf2dsZRKomVrsVXnTllFKVuHbfk6gGZNMcGJ6x/gkBsx5bISO16h2
4oOq5rs79w3ZfnlbkitkrMezH5sHSc8w/9EAArFnpz2VZYzzIabjW5em1AVO6r/+
oH7+CshDucUTpv5naiaay0226onZ3TXZVD6DGohsKBWRC7pwGVnF0RSavyOqM4NV
majB/34NfnHbBN6fhFAyrRlEpwateodWNAbxwkXkL4MEPRuK+C/RBJqA++gP0EID
3OyD4MwoHmPcOikFcPAlXYk3tt38IlKmHpf5bxlD0oOzz+h2PQ67Y8WiNQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGyhFFlhNxRj1r95lE0oHgz6agCdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q4LzE0MmUy
NC1hYWFmLTRkMzUtOWMwZi1kODFjNzdhYjBjNDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgvMTQyZTI0
LWFhYWYtNGQzNS05YzBmLWQ4MWM3N2FiMGM0My8xL2JLRVVXV0UzRkdQV3YzbVVU
U2dlRFBwcUFKMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMMvDANBgkqhkiG9w0BAQsFAAOCAQEARSZBkxaFHDma
l6G9AajQApE83EWcoq3GFbQSPH1PO3sMtz/fwxtd4xgYYpSpX9HGITQ5P285aBtX
Sen10tu59/171NzpvBBGaDAF+o0yueRNoTNUG5f+AXx5wd0pFPwiDWQ/tq0Z+zRq
PJh3F/YkaWbLTmGUjXcX5JezQcFZL4OXk2r2Fqd8MQFj4fDKtQZbfzN3BEX8TXA/
8H+4QB0uQSAEaaSnJX4GUMEUUPjDaJ578NGRNZNux4/0tSVnY/yefmEDv41j3qCS
41UswPXN2ZRwO1ky3PJt8oAQcf3TQ+CYf8AjIFX6AFLzTxXANkK8gRNfaeAC57l7
kC8tsFou8Q==
-----END CERTIFICATE-----