Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vkFhezq6Mltoxn6z0ghK3RnmTt8.cer
File:                     vkFhezq6Mltoxn6z0ghK3RnmTt8.cer (raw, json)
Hash identifier:          U46cWTrUaWhUIc6p4I1NbD0M3VEKTIX2vEuE5FR22Mc=
Subject key identifier:   BE:41:61:7B:3A:BA:32:5B:68:C6:7E:B3:D2:08:4A:DD:19:E6:4E:DF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B78A3711A670CAFCC84BD90452AF78F9E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/77/69f1e5-28a3-4008-9dcd-5c47ca28112b/1/vkFhezq6Mltoxn6z0ghK3RnmTt8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/77/69f1e5-28a3-4008-9dcd-5c47ca28112b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 08:18:55 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 207738
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:71:1a:67:0c:af:cc:84:bd:90:45:2a:f7:8f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be41617b3aba325b68c67eb3d2084add19e64edf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d8:3c:22:0f:12:8f:13:e3:b8:89:a0:c0:9e:
                    84:f5:6a:c2:62:26:7c:be:e9:5f:3e:8b:c6:5f:0d:
                    a8:51:99:35:1e:97:82:01:29:81:cf:af:46:41:f0:
                    39:0c:0d:22:20:76:3d:d2:70:49:d3:1d:f0:69:ff:
                    fe:85:e0:6a:d3:cd:ea:38:1c:26:cb:ee:5c:bb:34:
                    eb:84:51:cd:4d:83:57:9a:95:01:3c:3f:30:e3:03:
                    e6:72:00:1a:3d:60:e7:de:30:fe:ce:a6:4a:36:58:
                    bc:5d:51:2f:68:68:76:78:3c:ae:e8:53:9e:63:f2:
                    25:30:f4:a5:d6:41:9d:69:a2:92:e3:be:f4:76:a6:
                    d5:eb:c7:58:98:b2:2b:8f:de:52:20:c9:02:8e:5d:
                    10:ed:b4:91:68:5b:84:43:ec:d3:b5:ac:94:41:01:
                    13:8a:67:29:39:56:24:a6:36:c8:d2:83:d3:44:22:
                    bb:36:a9:7e:b3:af:a3:af:2e:71:d3:97:31:c2:b0:
                    87:9f:41:e8:9e:2e:1c:f0:e9:ed:63:c6:e0:cf:93:
                    e9:6d:a4:5c:bd:0e:ac:d5:11:f6:43:01:a9:e5:19:
                    60:00:b6:bd:84:fb:f5:0c:52:e8:24:14:54:81:a1:
                    51:29:09:cd:a3:3a:08:33:38:70:60:10:b6:4c:73:
                    ca:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:41:61:7B:3A:BA:32:5B:68:C6:7E:B3:D2:08:4A:DD:19:E6:4E:DF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/69f1e5-28a3-4008-9dcd-5c47ca28112b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/69f1e5-28a3-4008-9dcd-5c47ca28112b/1/vkFhezq6Mltoxn6z0ghK3RnmTt8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207738

    Signature Algorithm: sha256WithRSAEncryption
         73:a3:a6:d8:53:53:ea:2a:aa:f9:c6:31:26:dc:99:60:49:9a:
         f5:e4:8a:37:5a:9c:65:67:48:57:bb:f3:9a:43:bb:b0:b2:59:
         fb:32:a7:c8:0d:e6:ea:ac:d2:e7:52:3e:c6:ea:ac:be:ca:3e:
         79:0a:0b:22:13:16:4a:e2:9a:60:f7:8d:ba:8b:e4:e9:c2:9b:
         3b:7d:f5:29:49:e4:95:84:03:04:9d:77:64:f1:27:de:18:eb:
         c4:dd:a3:59:68:af:c9:03:15:0b:e1:e6:40:b7:ae:b4:74:ef:
         ad:09:4c:3b:a5:8a:e9:5c:11:22:6a:df:f6:31:d9:bd:b0:69:
         cd:a8:43:43:88:61:b2:7c:e2:61:ec:f7:6e:10:0e:fc:0c:df:
         0a:e5:21:31:58:ab:ed:5f:f4:9c:2e:d9:32:57:73:aa:66:3d:
         b0:59:01:81:07:a1:ab:d6:2b:bb:38:cd:ad:64:f0:95:f1:28:
         eb:f4:15:00:9b:0a:67:99:bd:b7:75:be:07:d0:f1:8f:5c:90:
         fd:0f:0b:89:5d:eb:18:b4:41:92:98:84:66:ec:02:bc:a9:f3:
         be:fe:b8:6a:b9:af:42:7f:73:66:68:c0:09:b2:7b:4c:8f:b0:
         3d:09:52:f2:41:d0:b4:61:e4:5f:82:88:e5:6d:b3:90:6a:e1:
         32:e1:18:5e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt4o3EaZwyvzIS9kEUq94+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDgxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQxNjE3YjNhYmEzMjViNjhjNjdlYjNkMjA4NGFkZDE5ZTY0ZWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNg8Ig8SjxPjuImgwJ6E9WrCYiZ8
vulfPovGXw2oUZk1HpeCASmBz69GQfA5DA0iIHY90nBJ0x3waf/+heBq083qOBwm
y+5cuzTrhFHNTYNXmpUBPD8w4wPmcgAaPWDn3jD+zqZKNli8XVEvaGh2eDyu6FOe
Y/IlMPSl1kGdaaKS4770dqbV68dYmLIrj95SIMkCjl0Q7bSRaFuEQ+zTtayUQQET
imcpOVYkpjbI0oPTRCK7Nql+s6+jry5x05cxwrCHn0Honi4c8OntY8bgz5PpbaRc
vQ6s1RH2QwGp5RlgALa9hPv1DFLoJBRUgaFRKQnNozoIMzhwYBC2THPKrQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFL5BYXs6ujJbaMZ+s9IISt0Z5k7fMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc3LzY5ZjFl
NS0yOGEzLTQwMDgtOWRjZC01YzQ3Y2EyODExMmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzcvNjlmMWU1
LTI4YTMtNDAwOC05ZGNkLTVjNDdjYTI4MTEyYi8xL3ZrRmhlenE2TWx0b3huNnow
Z2hLM1JubVR0OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMrejANBgkqhkiG9w0BAQsFAAOCAQEAc6Om2FNT6iqq
+cYxJtyZYEma9eSKN1qcZWdIV7vzmkO7sLJZ+zKnyA3m6qzS51I+xuqsvso+eQoL
IhMWSuKaYPeNuovk6cKbO331KUnklYQDBJ13ZPEn3hjrxN2jWWivyQMVC+HmQLeu
tHTvrQlMO6WK6VwRImrf9jHZvbBpzahDQ4hhsnziYez3bhAO/AzfCuUhMVir7V/0
nC7ZMldzqmY9sFkBgQehq9YruzjNrWTwlfEo6/QVAJsKZ5m9t3W+B9Dxj1yQ/Q8L
iV3rGLRBkpiEZuwCvKnzvv64armvQn9zZmjACbJ7TI+wPQlS8kHQtGHkX4KI5W2z
kGrhMuEYXg==
-----END CERTIFICATE-----