Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sWtWoh33vti5p1TYT-WTEnNh1qs.cer
File:                     sWtWoh33vti5p1TYT-WTEnNh1qs.cer (raw, json)
Hash identifier:          cfBZx1jFkut8HojGAj600ZuYsSIKwXw5eBbDXwtaKUA=
Subject key identifier:   B1:6B:56:A2:1D:F7:BE:D8:B9:A7:54:D8:4F:E5:93:12:73:61:D6:AB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B78A3458AF7CCA5ED6FC98FFE2D8768F9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/91ae0a57-9f10-4612-8f65-c9032b41535c/0/B16B56A21DF7BED8B9A754D84FE593127361D6AB.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/91ae0a57-9f10-4612-8f65-c9032b41535c/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 08:18:44 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 209058
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:45:8a:f7:cc:a5:ed:6f:c9:8f:fe:2d:87:68:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b16b56a21df7bed8b9a754d84fe593127361d6ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4c:29:d6:ce:53:d0:4b:ca:10:63:b8:a3:31:
                    34:5a:eb:dd:85:39:4b:a3:30:09:48:72:bc:f3:f3:
                    c4:1d:70:e9:c9:10:66:51:45:a6:77:f9:7f:40:e7:
                    47:10:ca:8c:9f:e0:46:c6:fd:a9:43:15:2b:8e:4f:
                    a6:b5:f8:da:03:c6:be:51:59:67:f1:84:2f:0b:48:
                    e7:d3:75:09:05:cf:36:c9:21:34:aa:c6:77:ae:ba:
                    14:af:4f:ec:51:e4:82:21:fe:b2:98:cb:ee:8d:64:
                    3b:81:64:b3:a7:14:2f:f5:23:c2:79:ee:00:a1:67:
                    63:69:3a:95:68:e0:3a:cd:85:fd:c1:35:7c:7a:27:
                    ba:57:be:db:9d:75:08:bd:58:0b:f7:87:6f:10:60:
                    eb:0f:8a:1d:4f:a4:3f:d4:f1:56:8b:73:86:59:1f:
                    34:ce:b1:32:65:f8:0f:5c:54:8c:09:39:87:1c:eb:
                    d0:45:a8:b7:a4:a3:09:82:74:e2:e3:9e:de:8d:53:
                    d7:83:0a:92:ed:8a:c8:37:7b:9f:4c:6d:8b:45:a4:
                    73:66:d1:7f:f2:26:fd:7e:90:8f:8d:27:b2:da:bf:
                    f1:42:79:31:2e:51:d5:44:e5:02:f5:98:ca:05:a8:
                    10:60:c6:cb:15:5b:01:8c:5d:3e:93:57:de:5e:56:
                    93:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:6B:56:A2:1D:F7:BE:D8:B9:A7:54:D8:4F:E5:93:12:73:61:D6:AB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/91ae0a57-9f10-4612-8f65-c9032b41535c/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/91ae0a57-9f10-4612-8f65-c9032b41535c/0/B16B56A21DF7BED8B9A754D84FE593127361D6AB.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209058

    Signature Algorithm: sha256WithRSAEncryption
         52:27:1b:40:c6:43:a7:17:12:7c:de:50:01:07:a2:47:a3:7b:
         c0:eb:e3:d8:04:fa:c8:e8:47:21:85:be:07:db:77:55:25:58:
         c9:86:ef:da:a9:7d:d9:ba:f9:ed:39:ac:b6:30:12:82:79:3c:
         87:f9:82:af:c8:94:a9:b2:fc:f4:75:75:6d:22:70:92:b9:f6:
         e8:3d:cc:bc:8e:30:86:a1:f0:34:a7:64:3e:43:43:7d:a4:59:
         32:94:6f:93:a9:74:7b:6f:13:d5:f4:b4:90:79:6f:d1:86:7b:
         c3:63:7e:72:14:49:0c:bf:c0:74:0b:aa:f5:0d:5a:54:e5:b8:
         86:49:59:95:bd:f0:bf:0a:2e:33:f2:db:82:2a:59:f9:c5:e8:
         f6:38:c4:bc:fe:2d:85:64:89:ac:6a:fe:6b:e7:a7:fc:9a:42:
         d3:16:e7:34:86:0e:64:45:1b:57:5e:ad:a6:1f:e2:60:a9:b3:
         a6:a2:18:06:7b:f2:1a:0b:03:5f:61:9b:15:bc:90:09:e7:6b:
         80:9d:70:71:db:31:84:28:d7:5a:0e:83:1a:fc:28:44:34:07:
         0d:89:3c:60:d3:19:29:b6:04:42:01:35:26:cc:af:78:5e:da:
         9f:f2:3d:3a:1f:7e:11:1a:3c:74:a6:e8:34:d4:c8:b0:7a:8d:
         df:32:a6:42
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZt4o0WK98yl7W/Jj/4th2j5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDgxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTZiNTZhMjFkZjdiZWQ4YjlhNzU0ZDg0ZmU1OTMxMjczNjFkNmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Uwp1s5T0EvKEGO4ozE0WuvdhTlL
ozAJSHK88/PEHXDpyRBmUUWmd/l/QOdHEMqMn+BGxv2pQxUrjk+mtfjaA8a+UVln
8YQvC0jn03UJBc82ySE0qsZ3rroUr0/sUeSCIf6ymMvujWQ7gWSzpxQv9SPCee4A
oWdjaTqVaOA6zYX9wTV8eie6V77bnXUIvVgL94dvEGDrD4odT6Q/1PFWi3OGWR80
zrEyZfgPXFSMCTmHHOvQRai3pKMJgnTi457ejVPXgwqS7YrIN3ufTG2LRaRzZtF/
8ib9fpCPjSey2r/xQnkxLlHVROUC9ZjKBagQYMbLFVsBjF0+k1feXlaTmQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFLFrVqId977YuadU2E/lkxJzYdarMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzkxYWUw
YTU3LTlmMTAtNDYxMi04ZjY1LWM5MDMyYjQxNTM1Yy8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTFh
ZTBhNTctOWYxMC00NjEyLThmNjUtYzkwMzJiNDE1MzVjLzAvQjE2QjU2QTIxREY3
QkVEOEI5QTc1NEQ4NEZFNTkzMTI3MzYxRDZBQi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDMKIw
DQYJKoZIhvcNAQELBQADggEBAFInG0DGQ6cXEnzeUAEHokeje8Dr49gE+sjoRyGF
vgfbd1UlWMmG79qpfdm6+e05rLYwEoJ5PIf5gq/IlKmy/PR1dW0icJK59ug9zLyO
MIah8DSnZD5DQ32kWTKUb5OpdHtvE9X0tJB5b9GGe8NjfnIUSQy/wHQLqvUNWlTl
uIZJWZW98L8KLjPy24IqWfnF6PY4xLz+LYVkiaxq/mvnp/yaQtMW5zSGDmRFG1de
raYf4mCps6aiGAZ78hoLA19hmxW8kAnna4CdcHHbMYQo11oOgxr8KEQ0Bw2JPGDT
GSm2BEIBNSbMr3he2p/yPToffhEaPHSm6DTUyLB6jd8ypkI=
-----END CERTIFICATE-----