Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iY7BAjeR9tQ_l5fgUtE1S-v_xzI.cer
File:                     iY7BAjeR9tQ_l5fgUtE1S-v_xzI.cer (raw, json)
Hash identifier:          0vkEMcfIr+SvTdukpI7jFrgsZ2Ukbiqcv8ZpUjhWwok=
Subject key identifier:   89:8E:C1:02:37:91:F6:D4:3F:97:97:E0:52:D1:35:4B:EB:FF:C7:32
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01999EC0C7D6A4EB075DB31833CD07DBE218
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ef/ab6a7b-65ab-4977-9937-ea9b6bb2e39c/1/iY7BAjeR9tQ_l5fgUtE1S-v_xzI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ef/ab6a7b-65ab-4977-9937-ea9b6bb2e39c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Oct 2025 07:50:58 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 43438
                          IP: 91.197.60.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:c0:c7:d6:a4:eb:07:5d:b3:18:33:cd:07:db:e2:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct  1 07:50:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=898ec1023791f6d43f9797e052d1354bebffc732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:56:d1:a8:65:5a:a2:a0:b2:83:2c:6f:33:d1:
                    a0:56:58:b5:b9:58:81:00:f3:db:a6:99:c0:91:d9:
                    67:6a:92:04:8b:3f:cc:da:13:1a:21:50:15:e8:d6:
                    77:21:93:7e:e2:99:53:f6:db:db:be:b7:bc:b1:11:
                    3d:2d:b1:fc:ed:14:9a:26:63:4f:e8:29:0c:35:e0:
                    be:2e:61:06:eb:2c:09:b0:11:54:71:03:83:02:c6:
                    78:92:dc:66:e6:b2:f9:ff:5c:ac:a1:fc:15:3b:6d:
                    bd:48:7a:49:86:ce:a1:e5:db:d1:5b:f1:2d:98:64:
                    f0:b2:45:da:eb:2a:a5:26:c1:53:ae:87:2c:23:16:
                    38:58:13:92:a2:f1:e5:16:5e:a6:32:13:fe:f5:a5:
                    8c:11:f4:40:2e:40:28:02:ee:c3:b9:f7:ba:6e:e2:
                    0a:10:94:9a:0f:a3:51:5c:d0:8e:04:f6:b6:69:cf:
                    5a:d2:61:8e:2c:f8:02:e0:6a:e1:72:5f:54:f8:64:
                    90:53:a6:53:df:1f:36:24:89:96:76:0c:0c:36:20:
                    88:fa:b9:3a:f3:db:1b:46:f5:c9:97:b8:2e:39:74:
                    6d:80:ab:5f:e7:40:a2:99:64:ba:f6:c8:b6:cb:12:
                    34:a3:63:65:83:d9:ef:8b:55:5b:91:72:30:1d:55:
                    06:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8E:C1:02:37:91:F6:D4:3F:97:97:E0:52:D1:35:4B:EB:FF:C7:32
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab6a7b-65ab-4977-9937-ea9b6bb2e39c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab6a7b-65ab-4977-9937-ea9b6bb2e39c/1/iY7BAjeR9tQ_l5fgUtE1S-v_xzI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.60.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43438

    Signature Algorithm: sha256WithRSAEncryption
         1e:e7:f4:9f:25:93:5d:ef:1c:65:8d:2e:0c:64:e2:33:51:cd:
         14:de:43:6d:d4:2c:ea:b1:b3:a4:12:e9:84:85:c3:76:86:e5:
         57:eb:ce:46:e0:76:8f:71:c3:f4:15:91:7e:88:c1:64:96:2d:
         6d:97:e8:29:99:2c:d6:d0:03:76:02:af:35:24:71:e2:84:c9:
         c0:3d:c2:20:23:92:44:52:3c:e1:ec:95:93:cd:24:0b:36:75:
         31:d2:7c:5d:74:70:46:55:c5:1b:19:ca:c2:f0:13:f0:2a:f3:
         ef:65:54:73:b7:94:1c:24:ce:b2:f5:4c:4b:fd:cc:0a:ef:fb:
         cd:44:b7:66:25:62:a7:31:68:29:67:85:a2:6a:f8:a8:4a:1f:
         69:7a:12:33:5f:56:56:3a:bc:27:30:ef:a9:80:fa:cc:83:3d:
         10:94:1b:da:3c:4c:1d:1e:40:07:c0:cf:0f:da:c1:a8:b0:6f:
         d3:9a:c3:0b:b5:a0:2f:28:45:94:11:f8:ce:1d:4c:7f:f5:7d:
         a4:fc:ca:1c:69:16:fa:3c:62:4b:45:ba:37:40:6b:11:75:7a:
         89:54:37:60:fa:1e:65:bc:69:6c:2f:7e:db:d1:0b:bf:9a:52:
         01:08:e1:b4:8f:de:1a:f2:49:a7:64:23:4f:7c:cb:30:e8:c4:
         dd:78:2a:59
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZmewMfWpOsHXbMYM80H2+IYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUxMDAxMDc1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThlYzEwMjM3OTFmNmQ0M2Y5Nzk3ZTA1MmQxMzU0YmViZmZjNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1bRqGVaoqCygyxvM9GgVli1uViB
APPbppnAkdlnapIEiz/M2hMaIVAV6NZ3IZN+4plT9tvbvre8sRE9LbH87RSaJmNP
6CkMNeC+LmEG6ywJsBFUcQODAsZ4ktxm5rL5/1ysofwVO229SHpJhs6h5dvRW/Et
mGTwskXa6yqlJsFTrocsIxY4WBOSovHlFl6mMhP+9aWMEfRALkAoAu7Dufe6buIK
EJSaD6NRXNCOBPa2ac9a0mGOLPgC4Grhcl9U+GSQU6ZT3x82JImWdgwMNiCI+rk6
89sbRvXJl7guOXRtgKtf50CimWS69si2yxI0o2Nlg9nvi1VbkXIwHVUGDwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFImOwQI3kfbUP5eX4FLRNUvr/8cyMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VmL2FiNmE3
Yi02NWFiLTQ5NzctOTkzNy1lYTliNmJiMmUzOWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWYvYWI2YTdi
LTY1YWItNDk3Ny05OTM3LWVhOWI2YmIyZTM5Yy8xL2lZN0JBamVSOXRRX2w1ZmdV
dEUxUy12X3h6SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCW8U8MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCprjANBgkqhkiG9w0BAQsFAAOCAQEAHuf0nyWTXe8cZY0uDGTiM1HNFN5DbdQs
6rGzpBLphIXDdoblV+vORuB2j3HD9BWRfojBZJYtbZfoKZks1tADdgKvNSRx4oTJ
wD3CICOSRFI84eyVk80kCzZ1MdJ8XXRwRlXFGxnKwvAT8Crz72VUc7eUHCTOsvVM
S/3MCu/7zUS3ZiVipzFoKWeFomr4qEofaXoSM19WVjq8JzDvqYD6zIM9EJQb2jxM
HR5AB8DPD9rBqLBv05rDC7WgLyhFlBH4zh1Mf/V9pPzKHGkW+jxiS0W6N0BrEXV6
iVQ3YPoeZbxpbC9+29ELv5pSAQjhtI/eGvJJp2QjT3zLMOjE3XgqWQ==
-----END CERTIFICATE-----