Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tVNDqiHHSjn81Rg_T99V3EZ56D0.cer
File:                     tVNDqiHHSjn81Rg_T99V3EZ56D0.cer (raw, json)
Hash identifier:          8NyNc6BnNi/GsCSaCxtvxMWBBnhfI/wzr8+yDNq1W5w=
Subject key identifier:   B5:53:43:AA:21:C7:4A:39:FC:D5:18:3F:4F:DF:55:DC:46:79:E8:3D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C8066455112C0FD093B411EFAACC0FC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/tVNDqiHHSjn81Rg_T99V3EZ56D0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 02:19:08 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 214335
                          IP: 213.163.236.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:66:45:51:12:c0:fd:09:3b:41:1e:fa:ac:c0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b55343aa21c74a39fcd5183f4fdf55dc4679e83d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:80:a3:8c:57:59:64:35:13:1f:30:71:a8:d7:
                    e5:4f:1c:70:2a:84:62:ae:c2:a4:25:cd:f3:62:d5:
                    1f:77:c1:5b:1f:c2:dd:1e:ce:fe:f2:fd:bd:6c:35:
                    38:cd:85:73:71:66:ce:50:fd:86:da:71:e7:a6:ee:
                    c8:bf:e6:b0:a7:a3:79:a0:e1:7b:1e:e3:b6:fe:19:
                    4d:ea:18:9b:36:7d:06:dc:70:ff:6c:1e:3a:cc:67:
                    cb:ce:07:4c:9d:8e:78:ff:50:98:95:a7:35:7a:5b:
                    02:5f:69:c2:08:c3:59:24:0f:4f:2a:8d:9b:ff:e4:
                    21:be:8f:65:1f:4d:ca:67:20:aa:9a:d0:48:8f:b6:
                    85:a7:52:12:91:d1:d0:db:6f:24:b0:09:76:db:56:
                    75:b8:13:69:ba:1c:ed:09:59:a9:fa:bd:fe:1f:c0:
                    dc:71:47:6d:7a:13:5c:7f:d4:52:db:cd:72:ee:a4:
                    25:a0:ab:7e:f1:2d:61:9a:8d:5a:6f:52:66:00:e7:
                    70:df:2e:a9:36:36:6a:98:e8:2e:04:c1:c0:9a:80:
                    5a:14:e5:07:e6:db:99:b5:75:c7:cf:30:35:45:be:
                    29:ea:25:84:c9:31:8c:5d:4a:42:14:22:aa:10:c8:
                    b5:c6:9c:0b:db:52:3a:52:76:5e:b1:4b:09:f3:25:
                    d4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:53:43:AA:21:C7:4A:39:FC:D5:18:3F:4F:DF:55:DC:46:79:E8:3D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/tVNDqiHHSjn81Rg_T99V3EZ56D0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.163.236.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214335

    Signature Algorithm: sha256WithRSAEncryption
         80:b8:91:f4:8f:03:54:2a:8b:53:62:e3:47:3f:e5:3c:a4:df:
         0f:3f:ec:f1:45:5b:f5:1c:97:ec:cf:7a:56:fe:87:9a:9f:eb:
         93:37:0c:20:b0:4b:b1:7b:a6:9d:6b:9c:99:26:27:db:67:db:
         25:3f:fe:71:c0:63:b8:da:49:4c:ed:8e:36:12:ab:b0:29:74:
         bf:43:8a:65:e3:b0:3c:01:0f:78:09:5b:c8:f3:7e:57:9d:b7:
         5b:45:30:85:ac:01:1a:f1:5d:5b:1f:b4:95:67:cf:ca:5a:45:
         41:da:58:03:28:1f:dd:55:74:fa:2a:03:b7:2f:b0:76:77:1f:
         2d:74:fa:2e:73:35:b3:26:09:d5:8a:86:10:c1:6a:db:20:d4:
         f5:2c:53:9c:91:ef:aa:48:10:7c:f5:27:9e:1f:b4:97:ab:1f:
         a1:77:9f:fc:6c:60:08:58:be:31:61:c2:aa:41:de:7d:15:8f:
         5c:55:66:bf:ca:bf:17:59:be:e3:70:38:01:dd:75:2c:65:8c:
         03:9f:2d:38:06:4a:37:c8:8e:11:32:9b:64:cd:c0:fc:1d:51:
         a6:08:9a:8b:c1:9b:b7:92:c0:c1:8b:56:34:8a:1b:37:1e:c8:
         be:d5:e7:d0:59:a6:19:b2:f6:27:1d:5e:9e:bd:41:f3:66:42:
         d1:d4:3a:dc
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZt8gGZFURLA/Qk7QR76rMD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDIxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTUzNDNhYTIxYzc0YTM5ZmNkNTE4M2Y0ZmRmNTVkYzQ2NzllODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYCjjFdZZDUTHzBxqNflTxxwKoRi
rsKkJc3zYtUfd8FbH8LdHs7+8v29bDU4zYVzcWbOUP2G2nHnpu7Iv+awp6N5oOF7
HuO2/hlN6hibNn0G3HD/bB46zGfLzgdMnY54/1CYlac1elsCX2nCCMNZJA9PKo2b
/+Qhvo9lH03KZyCqmtBIj7aFp1ISkdHQ228ksAl221Z1uBNpuhztCVmp+r3+H8Dc
cUdtehNcf9RS281y7qQloKt+8S1hmo1ab1JmAOdw3y6pNjZqmOguBMHAmoBaFOUH
5tuZtXXHzzA1Rb4p6iWEyTGMXUpCFCKqEMi1xpwL21I6UnZesUsJ8yXUjwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLVTQ6ohx0o5/NUYP0/fVdxGeeg9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y4L2M0OWMw
OC05MmFiLTRjYjEtODA5Yi00ZWM3YjVlZmFlMzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjgvYzQ5YzA4
LTkyYWItNGNiMS04MDliLTRlYzdiNWVmYWUzNy8xL3RWTkRxaUhIU2puODFSZ19U
OTlWM0VaNTZEMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQA1aPsMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNFPzANBgkqhkiG9w0BAQsFAAOCAQEAgLiR9I8DVCqLU2LjRz/lPKTfDz/s8UVb
9RyX7M96Vv6Hmp/rkzcMILBLsXumnWucmSYn22fbJT/+ccBjuNpJTO2ONhKrsCl0
v0OKZeOwPAEPeAlbyPN+V523W0UwhawBGvFdWx+0lWfPylpFQdpYAygf3VV0+ioD
ty+wdncfLXT6LnM1syYJ1YqGEMFq2yDU9SxTnJHvqkgQfPUnnh+0l6sfoXef/Gxg
CFi+MWHCqkHefRWPXFVmv8q/F1m+43A4Ad11LGWMA58tOAZKN8iOETKbZM3A/B1R
pgiai8Gbt5LAwYtWNIobNx7IvtXn0FmmGbL2Jx1enr1B82ZC0dQ63A==
-----END CERTIFICATE-----