Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/i8oO3xIvTPmLCC3UzA2E9e3oBLk.cer
File:                     i8oO3xIvTPmLCC3UzA2E9e3oBLk.cer (raw, json)
Hash identifier:          Mg5Z93gyv17X2rizF+Xj+5lYOR6AYOiI7PeNIw8bOnQ=
Subject key identifier:   8B:CA:0E:DF:12:2F:4C:F9:8B:08:2D:D4:CC:0D:84:F5:ED:E8:04:B9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019DD380A2CF03D7ACBAA5A54EE15EB3FDAA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4f/aef0ea-9403-47fb-ad80-1eda53aebe51/1/i8oO3xIvTPmLCC3UzA2E9e3oBLk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4f/aef0ea-9403-47fb-ad80-1eda53aebe51/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 28 Apr 2026 09:51:56 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 92.119.212.0/22
                          IP: 2a0f:66c0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:80:a2:cf:03:d7:ac:ba:a5:a5:4e:e1:5e:b3:fd:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 28 09:51:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8bca0edf122f4cf98b082dd4cc0d84f5ede804b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:87:ec:85:d6:ad:0c:be:fa:f8:ba:0f:80:12:
                    c2:a8:e1:24:a1:ad:e1:c2:9a:7b:9e:29:03:3c:ee:
                    19:62:95:83:2b:33:63:19:6f:42:96:3d:40:07:ca:
                    2e:ba:63:6a:84:94:48:46:43:0c:d9:c4:30:da:4f:
                    33:a4:be:dd:9a:3e:66:91:59:f9:3d:5b:d3:c2:44:
                    97:77:af:bb:6e:67:96:12:79:37:5e:4b:40:9d:fe:
                    f7:a8:a9:35:79:04:6b:66:7f:5d:28:9b:91:63:72:
                    30:08:0f:7a:7c:dc:4a:d2:cf:7c:bd:17:e1:31:40:
                    59:fb:c2:01:36:55:75:52:f5:b3:dc:79:02:b4:ed:
                    5d:30:a4:68:d3:cc:f4:d5:0d:f5:d1:20:ab:d4:ae:
                    f4:1c:4c:26:7b:fc:3b:d8:45:4f:4d:d7:de:14:9f:
                    cd:65:06:3c:4e:b1:56:e3:05:90:ea:85:60:80:e4:
                    39:c2:2e:01:80:a9:5b:63:45:e8:e4:86:86:5d:62:
                    ae:6e:73:ef:16:f0:14:67:4e:9d:10:c8:44:2a:c3:
                    29:06:b0:0f:22:8f:da:3e:89:6f:ea:60:f2:bb:33:
                    ae:0a:08:d1:69:31:45:4e:0f:eb:13:42:19:d8:41:
                    56:5c:c2:64:64:ca:3c:13:0a:d4:f9:c0:b2:56:a3:
                    ca:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:CA:0E:DF:12:2F:4C:F9:8B:08:2D:D4:CC:0D:84:F5:ED:E8:04:B9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/aef0ea-9403-47fb-ad80-1eda53aebe51/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/aef0ea-9403-47fb-ad80-1eda53aebe51/1/i8oO3xIvTPmLCC3UzA2E9e3oBLk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.212.0/22
                IPv6:
                  2a0f:66c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:a7:bc:a6:9a:97:da:d4:93:30:cd:e4:b5:90:a2:fd:a2:b1:
         7d:9a:9b:9e:37:c0:89:87:4c:4d:14:be:2e:ba:d5:b1:86:2b:
         8b:0a:9a:12:28:f9:58:b2:50:11:5d:ac:c7:d9:03:85:98:65:
         63:f7:6c:9b:08:e2:cd:f9:41:3d:5c:d6:b1:44:1a:1d:4e:47:
         b5:ae:04:68:21:b9:70:9a:ad:0f:79:fd:aa:39:10:d3:33:28:
         a4:d1:6f:4d:f8:6c:73:5c:23:95:f3:66:f2:dd:98:b3:0b:9b:
         99:12:35:43:69:83:95:13:01:5a:10:37:66:fc:4e:d0:76:e5:
         7b:e9:b1:19:69:88:c3:1a:ec:92:6e:3b:76:c3:c1:d3:cd:17:
         06:20:61:42:73:8a:47:37:aa:0b:5f:f0:65:a4:4b:f5:1c:d8:
         69:29:3e:a4:1a:26:ae:b1:64:d3:9b:66:fe:91:77:94:c1:ff:
         33:69:73:45:02:fe:32:e1:35:da:a5:cb:d3:10:db:47:5b:ac:
         5a:a8:8a:a7:61:29:fd:2d:8d:5e:a1:53:a3:1e:9f:d6:25:7b:
         d1:cf:2d:59:0c:b6:30:e5:58:91:5d:63:4d:4d:7a:fd:60:c3:
         5d:bd:a4:2f:d1:23:d0:61:db:cf:cf:95:44:c3:76:2b:b8:fa:
         39:e2:8f:60
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZ3TgKLPA9esuqWlTuFes/2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwNDI4MDk1MTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmNhMGVkZjEyMmY0Y2Y5OGIwODJkZDRjYzBkODRmNWVkZTgwNGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqofshdatDL76+LoPgBLCqOEkoa3h
wpp7nikDPO4ZYpWDKzNjGW9Clj1AB8ouumNqhJRIRkMM2cQw2k8zpL7dmj5mkVn5
PVvTwkSXd6+7bmeWEnk3XktAnf73qKk1eQRrZn9dKJuRY3IwCA96fNxK0s98vRfh
MUBZ+8IBNlV1UvWz3HkCtO1dMKRo08z01Q310SCr1K70HEwme/w72EVPTdfeFJ/N
ZQY8TrFW4wWQ6oVggOQ5wi4BgKlbY0Xo5IaGXWKubnPvFvAUZ06dEMhEKsMpBrAP
Io/aPolv6mDyuzOuCgjRaTFFTg/rE0IZ2EFWXMJkZMo8EwrU+cCyVqPK1wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFIvKDt8SL0z5iwgt1MwNhPXt6AS5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmL2FlZjBl
YS05NDAzLTQ3ZmItYWQ4MC0xZWRhNTNhZWJlNTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvYWVmMGVh
LTk0MDMtNDdmYi1hZDgwLTFlZGE1M2FlYmU1MS8xL2k4b08zeEl2VFBtTENDM1V6
QTJFOWUzb0JMay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCXHfUMA0EAgACMAcDBQAqD2bAMA0GCSqGSIb3
DQEBCwUAA4IBAQB3p7ymmpfa1JMwzeS1kKL9orF9mpueN8CJh0xNFL4uutWxhiuL
CpoSKPlYslARXazH2QOFmGVj92ybCOLN+UE9XNaxRBodTke1rgRoIblwmq0Pef2q
ORDTMyik0W9N+GxzXCOV82by3ZizC5uZEjVDaYOVEwFaEDdm/E7QduV76bEZaYjD
GuySbjt2w8HTzRcGIGFCc4pHN6oLX/BlpEv1HNhpKT6kGiausWTTm2b+kXeUwf8z
aXNFAv4y4TXapcvTENtHW6xaqIqnYSn9LY1eoVOjHp/WJXvRzy1ZDLYw5ViRXWNN
TXr9YMNdvaQv0SPQYdvPz5VEw3YruPo54o9g
-----END CERTIFICATE-----