Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gHxaewQd3kDvSjWe6yGZ1Foz0dM.cer
File:                     gHxaewQd3kDvSjWe6yGZ1Foz0dM.cer (raw, json)
Hash identifier:          G/pdk/QW1dLGAm6PSehEmeYJAvaeuX4vuourKo3en5o=
Subject key identifier:   80:7C:5A:7B:04:1D:DE:40:EF:4A:35:9E:EB:21:99:D4:5A:33:D1:D3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B76EAF28D2E0B7AE3961338FC6E9C9F8E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2c/6cfc59-4595-4bd3-8a22-09619fe64d73/1/gHxaewQd3kDvSjWe6yGZ1Foz0dM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2c/6cfc59-4595-4bd3-8a22-09619fe64d73/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 00:17:47 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 212887
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f2:8d:2e:0b:7a:e3:96:13:38:fc:6e:9c:9f:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=807c5a7b041dde40ef4a359eeb2199d45a33d1d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:67:c4:c4:88:e8:6c:3f:c6:4f:67:77:9c:ff:
                    8f:31:2c:7c:54:22:3e:af:c1:2f:14:df:e7:08:33:
                    c1:c3:81:76:21:97:1f:df:fa:c7:2e:fe:cc:5c:60:
                    77:e3:e0:af:60:d9:e6:52:22:58:0d:4d:c1:df:29:
                    21:62:bd:23:24:65:7a:2a:ee:8d:8c:07:2f:de:5f:
                    11:d4:93:fd:41:68:e7:4b:de:08:3e:06:b4:59:40:
                    c1:12:41:3a:a4:e6:95:14:a2:65:f0:00:68:48:de:
                    d5:ea:3c:59:8e:5b:23:2c:ad:ab:19:c4:60:e6:bb:
                    7c:87:4e:a6:12:2b:28:36:90:95:4c:17:d8:37:19:
                    ad:d0:6a:f3:70:bd:34:2c:89:79:25:97:94:c4:4a:
                    e8:7b:2e:29:39:15:47:c8:c5:eb:3f:5d:57:d0:55:
                    43:be:99:b7:f7:4e:78:f0:5d:3e:25:ee:b9:46:46:
                    e8:3b:36:8b:35:9c:0d:51:b4:37:a9:59:52:a8:d8:
                    2f:0e:c0:94:7d:1e:45:df:8a:96:27:e0:45:94:ae:
                    f1:67:05:b9:cd:24:49:04:53:06:84:d5:15:8e:d7:
                    f0:ae:45:72:3e:c6:d0:ae:91:55:94:23:f4:1e:84:
                    ec:12:27:60:b8:4a:12:4b:7b:5a:24:e8:3d:79:24:
                    f1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7C:5A:7B:04:1D:DE:40:EF:4A:35:9E:EB:21:99:D4:5A:33:D1:D3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/6cfc59-4595-4bd3-8a22-09619fe64d73/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/6cfc59-4595-4bd3-8a22-09619fe64d73/1/gHxaewQd3kDvSjWe6yGZ1Foz0dM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212887

    Signature Algorithm: sha256WithRSAEncryption
         43:5f:eb:1c:37:24:9a:50:31:37:cf:a3:b4:b7:93:58:cc:7a:
         05:b9:9f:62:cc:15:a6:06:a0:f1:0b:d0:1b:4b:93:d1:de:35:
         6b:3f:44:ba:45:cf:71:76:a5:b6:a5:28:60:6b:fc:12:77:98:
         b2:9b:37:7f:c6:a8:a7:b3:0e:ea:d0:c4:a5:0f:7a:7e:e6:91:
         af:74:31:7e:af:ef:05:aa:fe:f6:e4:26:90:c4:73:ee:40:7e:
         5e:26:50:bb:49:9c:41:de:f2:28:e4:ba:d6:d1:bc:71:7b:a8:
         e0:69:2f:72:9a:6c:c3:71:ed:03:b3:cf:4e:b8:ca:06:11:fc:
         55:e0:c7:5d:03:d3:3f:70:95:e4:e0:17:9d:a3:36:56:9b:39:
         99:f3:19:86:0e:e9:9c:42:e0:7e:57:18:af:c0:7e:66:a5:58:
         12:ca:2b:74:9e:8a:50:50:a6:8e:56:d2:4c:de:bc:22:31:1e:
         87:ef:cb:df:ba:c7:c7:2f:15:f2:09:16:49:fe:6c:dc:5d:15:
         89:fd:3a:e6:e7:0b:12:bb:57:ad:2d:08:a2:87:a7:36:b8:43:
         72:ec:15:68:c6:c5:7f:fb:f0:c0:e1:c8:ff:9f:46:71:9b:b2:
         8a:ac:c4:73:67:0c:75:16:6d:e1:b7:b2:86:b6:75:ee:18:27:
         74:d7:eb:90
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt26vKNLgt645YTOPxunJ+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDAxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdjNWE3YjA0MWRkZTQwZWY0YTM1OWVlYjIxOTlkNDVhMzNkMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmfExIjobD/GT2d3nP+PMSx8VCI+
r8EvFN/nCDPBw4F2IZcf3/rHLv7MXGB34+CvYNnmUiJYDU3B3ykhYr0jJGV6Ku6N
jAcv3l8R1JP9QWjnS94IPga0WUDBEkE6pOaVFKJl8ABoSN7V6jxZjlsjLK2rGcRg
5rt8h06mEisoNpCVTBfYNxmt0GrzcL00LIl5JZeUxEroey4pORVHyMXrP11X0FVD
vpm390548F0+Je65RkboOzaLNZwNUbQ3qVlSqNgvDsCUfR5F34qWJ+BFlK7xZwW5
zSRJBFMGhNUVjtfwrkVyPsbQrpFVlCP0HoTsEidguEoSS3taJOg9eSTxJwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIB8WnsEHd5A70o1nushmdRaM9HTMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJjLzZjZmM1
OS00NTk1LTRiZDMtOGEyMi0wOTYxOWZlNjRkNzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvNmNmYzU5
LTQ1OTUtNGJkMy04YTIyLTA5NjE5ZmU2NGQ3My8xL2dIeGFld1FkM2tEdlNqV2U2
eUdaMUZvejBkTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM/lzANBgkqhkiG9w0BAQsFAAOCAQEAQ1/rHDckmlAx
N8+jtLeTWMx6BbmfYswVpgag8QvQG0uT0d41az9EukXPcXaltqUoYGv8EneYsps3
f8aop7MO6tDEpQ96fuaRr3Qxfq/vBar+9uQmkMRz7kB+XiZQu0mcQd7yKOS61tG8
cXuo4Gkvcppsw3HtA7PPTrjKBhH8VeDHXQPTP3CV5OAXnaM2Vps5mfMZhg7pnELg
flcYr8B+ZqVYEsordJ6KUFCmjlbSTN68IjEeh+/L37rHxy8V8gkWSf5s3F0Vif06
5ucLErtXrS0IooenNrhDcuwVaMbFf/vwwOHI/59GcZuyiqzEc2cMdRZt4beyhrZ1
7hgndNfrkA==
-----END CERTIFICATE-----