Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
File:                     YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer (raw, json)
Hash identifier:          p6FonVf11Rvxxx/AOwRoSWB0iq6HLWbnCaDry0Bly9U=
Subject key identifier:   60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01951434FF2096CBD511E5F767AB49E21618
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 17 Feb 2025 13:59:32 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 192.42.253.0/24
                          IP: 212.11.64.0/24
                          IP: 2a0f:6b40::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:14:34:ff:20:96:cb:d5:11:e5:f7:67:ab:49:e2:16:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 17 13:59:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bc:a7:c6:12:5c:dc:87:7a:b5:49:95:72:1e:
                    75:48:0a:c3:07:6d:f8:38:d5:dc:84:c6:61:aa:db:
                    e7:6b:dc:66:0e:8f:6d:02:82:a3:05:48:e0:01:dc:
                    06:27:45:34:52:3c:e7:c4:97:f8:39:4a:55:fa:9c:
                    27:0b:ef:27:bb:1d:26:d8:e7:69:b8:69:07:53:4f:
                    d2:0e:ac:1e:93:5c:41:0b:4d:be:35:df:a8:9d:8e:
                    e5:a6:ea:f3:c0:4e:fa:0f:63:a0:39:ff:fa:00:91:
                    cd:86:bc:49:d3:26:1e:2c:2d:96:f6:b6:11:c2:9e:
                    a3:d2:a1:dd:e1:8c:e5:91:a6:7d:e4:c5:16:01:51:
                    f2:e9:7a:51:7b:85:72:6c:85:bb:f3:19:93:67:61:
                    55:39:91:c2:58:fd:32:5b:67:fb:be:7c:cc:86:77:
                    57:ee:82:7e:ee:a2:31:97:89:4a:bb:2f:d9:af:e3:
                    9d:0f:31:37:4f:0f:7b:1e:e8:90:75:cb:15:c7:d3:
                    f2:c3:5e:34:c3:6d:1d:34:10:40:6b:ed:a2:0a:34:
                    6d:6e:b2:65:1d:cf:71:c6:7c:72:03:cf:ec:41:5b:
                    8f:04:70:c1:52:82:ad:03:4f:62:4d:f1:7b:8f:34:
                    85:d0:76:4c:7f:1f:4c:b6:5d:ba:3c:9e:0c:de:1e:
                    c2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.42.253.0/24
                  212.11.64.0/24
                IPv6:
                  2a0f:6b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:a8:17:59:7a:68:fa:ad:73:87:be:29:57:f7:51:62:65:52:
         19:14:d7:cd:b5:82:14:12:e6:59:c6:2b:53:e1:2c:2f:d1:6f:
         40:2f:c6:a3:b4:83:d4:c3:83:ac:bf:64:18:fb:97:85:8e:bd:
         bc:be:36:0a:36:07:f5:aa:19:b6:45:c1:04:1d:c4:06:84:db:
         6b:b5:fc:67:fb:28:c5:63:4c:7e:ff:24:80:a6:87:d6:51:43:
         66:d5:27:37:0d:9f:46:e7:5b:2c:15:f2:10:16:d7:90:e9:45:
         03:51:ee:aa:3f:82:87:a4:43:7c:72:cf:ec:ac:73:8b:80:61:
         d9:f3:cd:57:15:a8:32:ba:6f:de:86:24:68:ab:1f:eb:2b:cf:
         ba:8b:d0:ae:db:af:e1:a7:6b:0f:41:3f:7f:30:79:ff:af:fe:
         49:d6:e9:b1:06:40:3a:67:b0:8b:04:dc:24:99:0d:a7:37:67:
         04:fd:5d:a7:78:f4:01:16:f7:61:b4:bf:1f:14:ca:49:44:a1:
         e2:8e:cd:0f:cc:5a:a9:0a:f8:df:a8:68:f6:67:1e:6e:05:49:
         03:cf:62:1a:3a:19:00:43:a3:76:71:7d:bf:c9:5c:0f:24:4b:
         62:9f:f1:9e:c7:35:2e:4b:f4:94:31:b9:94:63:e0:d3:37:51:
         1e:81:0c:bf
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAZUUNP8glsvVEeX3Z6tJ4hYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMjE3MTM1OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk5OGQzYzlkOGJkYzljMWRmZjhlMzE5NDI0NDEyYjZjZGMxZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bynxhJc3Id6tUmVch51SArDB234
ONXchMZhqtvna9xmDo9tAoKjBUjgAdwGJ0U0UjznxJf4OUpV+pwnC+8nux0m2Odp
uGkHU0/SDqwek1xBC02+Nd+onY7lpurzwE76D2OgOf/6AJHNhrxJ0yYeLC2W9rYR
wp6j0qHd4YzlkaZ95MUWAVHy6XpRe4VybIW78xmTZ2FVOZHCWP0yW2f7vnzMhndX
7oJ+7qIxl4lKuy/Zr+OdDzE3Tw97HuiQdcsVx9Pyw140w20dNBBAa+2iCjRtbrJl
Hc9xxnxyA8/sQVuPBHDBUoKtA09iTfF7jzSF0HZMfx9Mtl26PJ4M3h7CNQIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFGCZjTydi9ycHf+OMZQkQSts3B3TMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VjLzc3OWFl
OS03ZDIyLTQyNTItOGM1Yi0wZWE0ZDUzMWI3OTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWMvNzc5YWU5
LTdkMjItNDI1Mi04YzViLTBlYTRkNTMxYjc5My8xL1lKbU5QSjJMM0p3ZF80NHhs
Q1JCSzJ6Y0hkTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQAwCr9AwQA1AtAMA0EAgACMAcDBQMqD2tAMA0G
CSqGSIb3DQEBCwUAA4IBAQBGqBdZemj6rXOHvilX91FiZVIZFNfNtYIUEuZZxitT
4Swv0W9AL8ajtIPUw4Osv2QY+5eFjr28vjYKNgf1qhm2RcEEHcQGhNtrtfxn+yjF
Y0x+/ySApofWUUNm1Sc3DZ9G51ssFfIQFteQ6UUDUe6qP4KHpEN8cs/srHOLgGHZ
881XFagyum/ehiRoqx/rK8+6i9Cu26/hp2sPQT9/MHn/r/5J1umxBkA6Z7CLBNwk
mQ2nN2cE/V2nePQBFvdhtL8fFMpJRKHijs0PzFqpCvjfqGj2Zx5uBUkDz2IaOhkA
Q6N2cX2/yVwPJEtin/GexzUuS/SUMbmUY+DTN1EegQy/
-----END CERTIFICATE-----