Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xHC41L-HFAS8pTx3gVME7y6k4co.cer
File:                     xHC41L-HFAS8pTx3gVME7y6k4co.cer (raw, json)
Hash identifier:          RxBF7X+52MQdL7MNLEl0aFJKonUsRxDiaIA6Y34PSa8=
Subject key identifier:   C4:70:B8:D4:BF:87:14:04:BC:A5:3C:77:81:53:04:EF:2E:A4:E1:CA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01987F55A1B6B259B4724245D822D7A4F51C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/a4ba8f-5e61-4dcc-ba0b-f624ed5f46fe/1/xHC41L-HFAS8pTx3gVME7y6k4co.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/a4ba8f-5e61-4dcc-ba0b-f624ed5f46fe/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 06 Aug 2025 12:22:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 176.117.105.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:55:a1:b6:b2:59:b4:72:42:45:d8:22:d7:a4:f5:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug  6 12:22:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c470b8d4bf871404bca53c77815304ef2ea4e1ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:9a:f5:a9:c4:a7:7e:79:ab:50:8d:a9:1a:4b:
                    ec:4f:e9:7a:41:04:75:67:a7:47:05:1d:b4:28:65:
                    aa:43:0f:af:a0:3b:26:03:6e:81:8b:b9:a3:12:de:
                    ea:5d:8d:79:54:4a:2a:d1:e3:01:ed:22:77:e9:04:
                    1c:28:15:3d:d1:76:9c:13:0c:8a:4f:36:ed:3f:f6:
                    58:be:bf:2e:db:d8:97:40:36:7e:d8:b3:6f:7a:f4:
                    7d:39:7f:bf:6e:ed:ac:85:2c:32:b8:2d:d9:55:a8:
                    a6:c9:ea:2d:82:d0:07:57:a0:bf:57:e4:98:86:de:
                    d9:b2:5d:29:90:55:17:a3:33:dd:4f:3b:7d:f4:4a:
                    2f:67:01:7c:0d:15:65:0e:b1:de:6e:1b:bc:3f:f8:
                    38:e8:a7:7c:4b:eb:1c:e8:f0:f0:ee:6d:b4:a6:ce:
                    b6:87:b0:f0:f2:32:d5:9c:c6:a5:db:da:f9:4b:77:
                    21:2a:7f:eb:bd:d2:f5:01:53:a8:49:2f:99:ac:97:
                    9e:de:94:ca:f4:18:1d:cd:0c:ec:ad:bc:3b:02:0b:
                    60:75:52:df:3f:5d:fa:5e:19:f1:29:2c:32:7b:df:
                    81:87:33:d1:2a:f8:29:87:55:ed:7c:8c:f0:5c:ce:
                    2f:2d:37:35:20:5f:d6:17:d6:80:f4:94:93:d3:b9:
                    9e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:70:B8:D4:BF:87:14:04:BC:A5:3C:77:81:53:04:EF:2E:A4:E1:CA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/a4ba8f-5e61-4dcc-ba0b-f624ed5f46fe/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/a4ba8f-5e61-4dcc-ba0b-f624ed5f46fe/1/xHC41L-HFAS8pTx3gVME7y6k4co.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:64:f3:14:5c:ab:0d:c1:bf:e7:2a:64:ec:ee:54:c4:c1:16:
         69:54:01:0b:18:cb:9f:c1:bc:98:26:fe:79:1a:03:e2:62:d3:
         94:0e:2c:6f:ee:de:b4:1b:bc:3d:7d:03:86:f2:2b:4e:6e:b9:
         14:af:5a:48:7d:4f:b7:e2:33:07:8a:07:ce:c6:af:e4:6d:7f:
         9f:9c:db:56:0a:54:a1:fc:1d:cd:fc:3c:3a:08:d5:8b:6f:92:
         75:80:14:ca:1d:a8:d9:e6:30:57:3f:39:ed:cf:d6:68:d6:fb:
         cc:00:4b:58:7f:fc:06:5a:5c:3d:fa:da:91:0a:5f:15:d8:d0:
         18:ef:d7:3c:3b:9b:fb:7b:30:46:f6:33:36:a9:fa:5c:ee:ba:
         89:5a:08:f5:3e:f0:07:7f:31:d7:7c:d2:cc:00:b9:b5:31:fd:
         cd:fa:fa:b0:6b:3c:a6:6e:3e:7c:17:46:c7:39:20:69:18:4a:
         24:fa:3f:64:10:b1:a1:71:cb:85:9b:90:4c:28:31:ac:8d:41:
         b4:c9:7f:ae:d1:fd:3a:4c:31:01:8f:13:67:b3:85:c1:33:dd:
         f2:0d:88:4b:f9:58:ab:a7:bb:f9:04:87:ea:5c:97:12:bd:23:
         3c:a4:54:77:35:96:8f:0b:90:6f:80:48:c5:d1:65:e7:c3:c2:
         5e:1b:aa:bd
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZh/VaG2slm0ckJF2CLXpPUcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwODA2MTIyMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDcwYjhkNGJmODcxNDA0YmNhNTNjNzc4MTUzMDRlZjJlYTRlMWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA55r1qcSnfnmrUI2pGkvsT+l6QQR1
Z6dHBR20KGWqQw+voDsmA26Bi7mjEt7qXY15VEoq0eMB7SJ36QQcKBU90XacEwyK
TzbtP/ZYvr8u29iXQDZ+2LNvevR9OX+/bu2shSwyuC3ZVaimyeotgtAHV6C/V+SY
ht7Zsl0pkFUXozPdTzt99EovZwF8DRVlDrHebhu8P/g46Kd8S+sc6PDw7m20ps62
h7Dw8jLVnMal29r5S3chKn/rvdL1AVOoSS+ZrJee3pTK9BgdzQzsrbw7AgtgdVLf
P136XhnxKSwye9+BhzPRKvgph1XtfIzwXM4vLTc1IF/WF9aA9JST07me9wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFMRwuNS/hxQEvKU8d4FTBO8upOHKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2L2E0YmE4
Zi01ZTYxLTRkY2MtYmEwYi1mNjI0ZWQ1ZjQ2ZmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvYTRiYThm
LTVlNjEtNGRjYy1iYTBiLWY2MjRlZDVmNDZmZS8xL3hIQzQxTC1IRkFTOHBUeDNn
Vk1FN3k2azRjby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAsHVpMA0GCSqGSIb3DQEBCwUAA4IBAQBPZPMU
XKsNwb/nKmTs7lTEwRZpVAELGMufwbyYJv55GgPiYtOUDixv7t60G7w9fQOG8itO
brkUr1pIfU+34jMHigfOxq/kbX+fnNtWClSh/B3N/Dw6CNWLb5J1gBTKHajZ5jBX
Pzntz9Zo1vvMAEtYf/wGWlw9+tqRCl8V2NAY79c8O5v7ezBG9jM2qfpc7rqJWgj1
PvAHfzHXfNLMALm1Mf3N+vqwazymbj58F0bHOSBpGEok+j9kELGhccuFm5BMKDGs
jUG0yX+u0f06TDEBjxNns4XBM93yDYhL+Virp7v5BIfqXJcSvSM8pFR3NZaPC5Bv
gEjF0WXnw8JeG6q9
-----END CERTIFICATE-----