Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/pOpmDdthAOfTLl02aJp3fKnK-hk.cer
File:                     pOpmDdthAOfTLl02aJp3fKnK-hk.cer (raw, json)
Hash identifier:          j40gqIM359dd6lGbahWdR3cCgVa0X4jtHx/yHBcOTUo=
Subject key identifier:   A4:EA:66:0D:DB:61:00:E7:D3:2E:5D:36:68:9A:77:7C:A9:CA:FA:19
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019956E0DADCD2A87A461C10C15E041E6CF9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/pOpmDdthAOfTLl02aJp3fKnK-hk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 17 Sep 2025 08:53:20 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 207842
                          IP: 5.42.96.0/19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:56:e0:da:dc:d2:a8:7a:46:1c:10:c1:5e:04:1e:6c:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 17 08:53:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4ea660ddb6100e7d32e5d36689a777ca9cafa19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7b:03:0a:80:2d:40:34:c0:3a:49:d8:a8:98:
                    4d:c7:22:53:66:dc:96:f7:6c:a8:bc:00:31:36:6a:
                    80:c6:fc:27:a5:3a:18:bf:71:a0:2a:49:a7:8f:4d:
                    3a:22:2c:3a:f5:54:e4:25:d4:30:c5:d9:42:ae:ca:
                    82:31:46:73:63:a9:dc:a0:f1:c6:cd:42:54:5d:50:
                    21:4e:2e:31:06:ba:c2:92:f6:60:67:51:e4:f2:9b:
                    f9:e6:21:0f:fb:12:20:9c:14:7a:6b:a7:76:ba:f4:
                    8b:1c:da:cf:f5:81:d6:34:55:d8:72:a0:d5:f8:de:
                    b7:73:13:20:28:51:8b:d6:c0:45:b9:45:a5:0e:2f:
                    55:c7:5d:ba:2c:50:5a:d6:ef:07:e3:f9:52:ed:2f:
                    be:f7:6f:99:06:54:9c:a8:d8:01:34:ef:ae:f5:4d:
                    4a:8a:f2:d0:03:4b:a8:03:29:43:71:0c:c6:7a:b7:
                    0b:bc:5a:ed:ec:6b:98:74:2a:6e:b9:6d:45:8f:53:
                    f2:73:8b:d7:1f:0c:53:97:64:12:30:13:ed:3e:37:
                    7b:9e:27:6d:ea:c9:98:25:45:69:0a:72:3b:7e:33:
                    c3:60:e5:20:d2:20:59:d9:8d:b1:59:d2:c7:f1:8f:
                    29:82:28:bd:32:c9:58:9c:1b:8e:ea:fa:89:82:3d:
                    e0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:EA:66:0D:DB:61:00:E7:D3:2E:5D:36:68:9A:77:7C:A9:CA:FA:19
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/pOpmDdthAOfTLl02aJp3fKnK-hk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.96.0/19

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207842

    Signature Algorithm: sha256WithRSAEncryption
         04:e1:ac:9b:19:17:6e:52:04:67:47:b0:f0:a7:65:86:a8:1c:
         58:fc:ac:c6:44:62:de:f2:8d:c0:c7:96:b7:7b:79:f2:5a:3b:
         31:44:f5:54:1a:13:29:ca:16:ac:b8:d0:24:76:05:ae:75:24:
         66:23:6c:00:f1:8d:11:63:e0:71:9a:ab:fc:1d:1e:eb:ca:2a:
         1c:0b:ec:bc:81:a6:92:1c:ad:61:2a:30:ab:6c:8e:9b:06:b5:
         1a:41:aa:f1:e6:19:7c:80:63:90:e4:14:78:e5:16:74:bb:91:
         92:d6:bf:ce:ce:78:7c:97:b5:14:ce:6b:2e:84:c3:c9:59:a7:
         79:03:09:4d:15:4b:b8:cf:50:f5:82:dd:63:c8:94:38:7d:20:
         1d:bb:08:30:ba:22:20:4b:11:71:c6:97:9a:02:bc:2f:2f:d1:
         85:22:f9:47:be:60:de:e7:92:e0:e5:3f:1f:05:38:02:8e:0d:
         b8:b0:03:24:5d:e8:d4:f2:ca:f8:55:03:0f:ab:5e:f2:2e:10:
         12:0c:bd:31:e2:c4:72:25:7c:ce:9d:9c:62:8c:2c:b6:bf:5f:
         f3:a9:d4:19:19:ce:6a:93:10:39:87:3d:7f:d0:a0:2d:b0:c6:
         bc:12:86:47:bc:18:ff:3c:d6:bf:7f:e3:c0:33:1e:da:49:63:
         6c:4c:ed:37
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZlW4Nrc0qh6RhwQwV4EHmz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwOTE3MDg1MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGVhNjYwZGRiNjEwMGU3ZDMyZTVkMzY2ODlhNzc3Y2E5Y2FmYTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXsDCoAtQDTAOknYqJhNxyJTZtyW
92yovAAxNmqAxvwnpToYv3GgKkmnj006Iiw69VTkJdQwxdlCrsqCMUZzY6ncoPHG
zUJUXVAhTi4xBrrCkvZgZ1Hk8pv55iEP+xIgnBR6a6d2uvSLHNrP9YHWNFXYcqDV
+N63cxMgKFGL1sBFuUWlDi9Vx126LFBa1u8H4/lS7S++92+ZBlScqNgBNO+u9U1K
ivLQA0uoAylDcQzGercLvFrt7GuYdCpuuW1Fj1Pyc4vXHwxTl2QSMBPtPjd7nidt
6smYJUVpCnI7fjPDYOUg0iBZ2Y2xWdLH8Y8pgii9MslYnBuO6vqJgj3gVwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKTqZg3bYQDn0y5dNmiad3ypyvoZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQzL2UyMGFh
MC0zMzhlLTRmMzMtODZlYS02ZjYyMmZkMThkMzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDMvZTIwYWEw
LTMzOGUtNGYzMy04NmVhLTZmNjIyZmQxOGQzMC8xL3BPcG1EZHRoQU9mVExsMDJh
SnAzZktuSy1oay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQFBSpgMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMr4jANBgkqhkiG9w0BAQsFAAOCAQEABOGsmxkXblIEZ0ew8KdlhqgcWPysxkRi
3vKNwMeWt3t58lo7MUT1VBoTKcoWrLjQJHYFrnUkZiNsAPGNEWPgcZqr/B0e68oq
HAvsvIGmkhytYSowq2yOmwa1GkGq8eYZfIBjkOQUeOUWdLuRkta/zs54fJe1FM5r
LoTDyVmneQMJTRVLuM9Q9YLdY8iUOH0gHbsIMLoiIEsRccaXmgK8Ly/RhSL5R75g
3ueS4OU/HwU4Ao4NuLADJF3o1PLK+FUDD6te8i4QEgy9MeLEciV8zp2cYowstr9f
86nUGRnOapMQOYc9f9CgLbDGvBKGR7wY/zzWv3/jwDMe2kljbEztNw==
-----END CERTIFICATE-----