Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3LZakO089K4EUlVO40uSqEdtzxA.cer
File:                     3LZakO089K4EUlVO40uSqEdtzxA.cer (raw, json)
Hash identifier:          hsk0ezx0Ln1HnEceFCJIa4oIJMby1IgxAqtKoCAIPWU=
Subject key identifier:   DC:B6:5A:90:ED:3C:F4:AE:04:52:55:4E:E3:4B:92:A8:47:6D:CF:10
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942445A4FC2852F8FA2CBD841B47DF666C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/3LZakO089K4EUlVO40uSqEdtzxA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:48:51 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 41805
                          AS: 202366
                          AS: 205473
                          AS: 212460
                          IP: 37.77.64.0/20
                          IP: 185.217.88.0/22
                          IP: 194.113.196.0/22
                          IP: 2a0b:c640::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a4:fc:28:52:f8:fa:2c:bd:84:1b:47:df:66:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcb65a90ed3cf4ae0452554ee34b92a8476dcf10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e8:d6:3b:9e:93:38:80:17:f5:5a:9c:5c:39:
                    c3:db:3c:be:a7:c2:b1:1b:21:54:ab:74:d2:7a:ba:
                    70:b2:22:0b:c1:a7:01:70:b9:ba:d7:28:5a:7e:19:
                    e3:4d:3c:18:b6:c3:e2:55:fd:64:47:58:d3:4b:c3:
                    13:6d:d6:57:ab:eb:99:a4:b6:0d:0c:54:8a:9b:66:
                    5d:69:ac:15:ce:f5:07:7a:1b:55:95:8c:b2:0c:bc:
                    c0:8a:5a:8b:f2:17:dc:80:98:b0:7a:cc:92:b1:33:
                    47:d5:ce:c9:e1:bd:3e:02:cf:8a:c5:7c:0a:f3:54:
                    ee:57:65:35:2c:5e:7d:e3:7c:8c:6d:6b:a7:29:b8:
                    83:0d:02:72:fb:91:36:9c:01:51:9d:a0:fb:cd:24:
                    69:d0:79:a7:17:7d:ef:82:a0:87:bc:e4:e3:75:9c:
                    7d:4f:e8:10:bf:70:90:9c:63:a4:78:4d:2e:6c:9c:
                    d3:f1:14:d9:19:c0:d3:b2:ca:88:54:82:d6:15:2e:
                    57:ec:ba:97:0b:74:39:92:14:96:79:8a:c1:13:05:
                    95:c5:9e:0f:a4:a0:6c:35:6a:4d:84:94:99:95:00:
                    ed:a5:9c:f2:6a:6d:6c:4d:80:22:54:d1:ea:4e:21:
                    19:1b:61:74:44:fb:0f:f5:82:e2:15:a2:a9:5b:67:
                    09:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B6:5A:90:ED:3C:F4:AE:04:52:55:4E:E3:4B:92:A8:47:6D:CF:10
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/3LZakO089K4EUlVO40uSqEdtzxA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.64.0/20
                  185.217.88.0/22
                  194.113.196.0/22
                IPv6:
                  2a0b:c640::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41805
                  202366
                  205473
                  212460

    Signature Algorithm: sha256WithRSAEncryption
         80:bb:ff:be:f8:9b:f8:94:be:b1:76:28:e9:9d:de:45:a9:8f:
         70:cb:b6:89:54:b7:4f:5e:1c:fc:be:98:aa:f8:2a:d3:91:1e:
         74:64:92:83:1f:34:ab:17:08:a8:26:d6:b3:ce:c6:6f:00:1e:
         b1:25:94:e4:7f:43:85:79:ba:d6:88:e6:1d:20:fd:3e:ad:79:
         3d:40:95:dd:05:66:8b:e4:da:28:52:cb:ef:9c:f9:1c:86:2d:
         6e:57:a8:93:5e:36:b0:fe:af:67:20:0c:74:d4:f2:28:b1:56:
         d3:52:5f:66:cf:b2:2f:cb:a8:68:2c:d7:98:23:ef:db:2c:f4:
         3e:9a:07:48:84:72:20:a3:0c:10:30:17:97:a4:69:f1:5a:50:
         3c:c4:f8:f4:de:fe:76:46:37:f9:c8:a6:86:3e:63:12:f0:6d:
         1b:2a:8d:9c:4c:a7:81:b1:26:f1:93:c3:c6:03:be:7f:66:ba:
         0c:95:01:c5:fa:27:7a:34:65:0c:5e:d1:15:e7:0c:07:cb:ad:
         8e:bd:60:5d:ec:56:f8:82:fd:32:49:df:26:dc:b0:6d:ad:2c:
         f3:14:ba:88:9b:f3:4c:f1:a3:ff:04:15:e7:c0:66:7b:89:f7:
         ae:27:51:2f:a7:11:f6:f8:7b:ea:f4:81:b1:28:62:a1:ef:77:
         45:af:82:3b
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZQkRaT8KFL4+iy9hBtH32ZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2I2NWE5MGVkM2NmNGFlMDQ1MjU1NGVlMzRiOTJhODQ3NmRjZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOjWO56TOIAX9VqcXDnD2zy+p8Kx
GyFUq3TSerpwsiILwacBcLm61yhafhnjTTwYtsPiVf1kR1jTS8MTbdZXq+uZpLYN
DFSKm2ZdaawVzvUHehtVlYyyDLzAilqL8hfcgJiwesySsTNH1c7J4b0+As+KxXwK
81TuV2U1LF5943yMbWunKbiDDQJy+5E2nAFRnaD7zSRp0HmnF33vgqCHvOTjdZx9
T+gQv3CQnGOkeE0ubJzT8RTZGcDTssqIVILWFS5X7LqXC3Q5khSWeYrBEwWVxZ4P
pKBsNWpNhJSZlQDtpZzyam1sTYAiVNHqTiEZG2F0RPsP9YLiFaKpW2cJNwIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFNy2WpDtPPSuBFJVTuNLkqhHbc8QMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YyLzA5MjAw
ZS05OTlkLTRiNDUtYTc0MS04NWE5NTVmMjE2M2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvMDkyMDBl
LTk5OWQtNGI0NS1hNzQxLTg1YTk1NWYyMTYzYi8xLzNMWmFrTzA4OUs0RVVsVk80
MHVTcUVkdHp4QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQEJU1AAwQCudlYAwQCwnHEMA0EAgACMAcDBQMq
C8ZAMCkGCCsGAQUFBwEIAQH/BBowGKAWMBQCAwCjTQIDAxZ+AgMDIqECAwM97DAN
BgkqhkiG9w0BAQsFAAOCAQEAgLv/vvib+JS+sXYo6Z3eRamPcMu2iVS3T14c/L6Y
qvgq05EedGSSgx80qxcIqCbWs87GbwAesSWU5H9DhXm61ojmHSD9Pq15PUCV3QVm
i+TaKFLL75z5HIYtbleok142sP6vZyAMdNTyKLFW01JfZs+yL8uoaCzXmCPv2yz0
PpoHSIRyIKMMEDAXl6Rp8VpQPMT49N7+dkY3+cimhj5jEvBtGyqNnEyngbEm8ZPD
xgO+f2a6DJUBxfonejRlDF7RFecMB8utjr1gXexW+IL9MknfJtywba0s8xS6iJvz
TPGj/wQV58Bme4n3ridRL6cR9vh76vSBsShioe93Ra+COw==
-----END CERTIFICATE-----