Certificate

$ rpki-client -vvf rpki-repo.registro.br/repo/nicbr_repo/0/34CE853537D20533D457CD0EA7BD47D01344C870.cer
File:                     34CE853537D20533D457CD0EA7BD47D01344C870.cer (raw, json)
Hash identifier:          1GD72onUiKI882DsoJJDAV7lJtxGCIxiHqPDJ/VEaSQ=
Subject key identifier:   34:CE:85:35:37:D2:05:33:D4:57:CD:0E:A7:BD:47:D0:13:44:C8:70
Authority key identifier: EE:91:7E:BC:7A:15:87:83:B4:4B:C6:ED:82:21:74:34:F2:8A:DE:FB
Certificate issuer:       /CN=EE917EBC7A158783B44BC6ED82217434F28ADEFB
Certificate serial:       7BA36D87476797C74F709C1BFE7D4A070CB35AFA
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/fd25c9bb7e5cac7419fa9193770f64a6edf20c19.cer
Manifest:                 rsync://rpki-repo.registro.br/repo/BaBZKaj3KUWNE1p8fhoyCLspn2X9pwMU7PkS2ciAonPv/1/34CE853537D20533D457CD0EA7BD47D01344C870.mft
caRepository:             rsync://rpki-repo.registro.br/repo/BaBZKaj3KUWNE1p8fhoyCLspn2X9pwMU7PkS2ciAonPv/1
Notify URL:               https://rpki-repo.registro.br/rrdp/notification.xml
Certificate not before:   Mon 23 Jan 2023 21:30:20 +0000
Certificate not after:    Mon 22 Jan 2024 21:35:20 +0000
Subordinate resources:    AS: 262509
                          IP: 131.196.76.0/22
                          IP: 168.121.52.0/22
                          IP: 170.247.52.0/22
                          IP: 177.67.0.0/21
                          IP: 2804:558::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:a3:6d:87:47:67:97:c7:4f:70:9c:1b:fe:7d:4a:07:0c:b3:5a:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EE917EBC7A158783B44BC6ED82217434F28ADEFB
        Validity
            Not Before: Jan 23 21:30:20 2023 GMT
            Not After : Jan 22 21:35:20 2024 GMT
        Subject: CN=34CE853537D20533D457CD0EA7BD47D01344C870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:bd:38:9d:a6:a2:61:21:8a:17:3d:e7:53:b4:
                    f9:ca:4e:f2:d8:c8:dc:1a:2c:67:80:64:a6:0f:f8:
                    2a:75:19:b0:a2:18:e0:f2:a0:6e:4d:66:36:c4:b0:
                    08:14:09:27:8f:82:22:a9:84:ba:0a:90:4c:9e:29:
                    4f:89:26:9e:8a:a7:0c:35:1c:01:22:b3:13:78:99:
                    72:09:ad:33:03:11:59:7c:65:e3:2f:68:a2:cb:bc:
                    68:64:37:6c:55:34:54:4d:be:42:f1:4e:ce:c6:42:
                    0b:2c:83:24:4c:87:53:81:31:6d:68:7d:f7:59:13:
                    96:fc:0f:75:56:74:8d:07:76:26:1d:b9:3e:ca:25:
                    2b:bc:fa:c6:ce:3e:54:7e:91:e8:8c:00:aa:cb:7e:
                    f0:2f:5b:36:84:ff:9f:c8:89:0c:bb:c8:5b:bb:a9:
                    9a:94:b0:14:34:63:0a:14:a6:a0:29:58:92:a8:c1:
                    b9:4d:4b:52:14:94:45:36:94:c1:53:f8:53:e7:00:
                    96:6d:35:95:2a:9c:a3:fb:13:7e:8d:42:c3:8f:3b:
                    97:d3:0e:2b:c4:01:14:03:76:d3:8a:17:4f:e2:54:
                    de:ab:25:7f:ef:d6:e5:08:35:d9:dc:7b:f9:1f:e1:
                    b5:bf:ea:30:82:97:84:e6:eb:05:89:d2:96:2f:4c:
                    b8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                34:CE:85:35:37:D2:05:33:D4:57:CD:0E:A7:BD:47:D0:13:44:C8:70
            X509v3 Authority Key Identifier:
                keyid:EE:91:7E:BC:7A:15:87:83:B4:4B:C6:ED:82:21:74:34:F2:8A:DE:FB

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/0/EE917EBC7A158783B44BC6ED82217434F28ADEFB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/fd25c9bb7e5cac7419fa9193770f64a6edf20c19.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki-repo.registro.br/repo/BaBZKaj3KUWNE1p8fhoyCLspn2X9pwMU7PkS2ciAonPv/1
                RPKI Manifest - URI:rsync://rpki-repo.registro.br/repo/BaBZKaj3KUWNE1p8fhoyCLspn2X9pwMU7PkS2ciAonPv/1/34CE853537D20533D457CD0EA7BD47D01344C870.mft
                RPKI Notify - URI:https://rpki-repo.registro.br/rrdp/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.196.76.0/22
                  168.121.52.0/22
                  170.247.52.0/22
                  177.67.0.0/21
                IPv6:
                  2804:558::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  262509

    Signature Algorithm: sha256WithRSAEncryption
         31:8c:43:7f:ba:1e:15:88:78:47:1d:9b:cf:bc:6f:79:42:7f:
         22:e2:91:28:be:6f:6d:a1:36:f2:8c:d0:ea:7f:0a:d2:1a:c5:
         b3:dd:f3:c0:b8:b3:fc:d9:79:fc:9e:89:45:c7:ba:c9:7d:f0:
         75:a0:f4:91:44:f7:75:8e:d8:f9:55:05:a9:57:ed:c1:81:35:
         03:44:90:7d:8b:ba:33:cc:e9:f4:b3:fe:5f:74:db:d6:cf:4e:
         3b:5d:13:f1:02:87:a0:f2:55:f5:87:56:19:f0:67:cd:a0:39:
         e6:aa:cd:f3:9f:9f:11:07:f9:61:19:92:b7:c7:53:8f:b8:a5:
         d8:e0:cb:01:0a:02:c6:e3:e2:3f:61:fa:a5:fa:21:95:5e:86:
         7e:dd:a0:44:6a:c1:b7:bb:40:68:f5:3f:f6:ef:1a:d1:01:79:
         9c:76:5b:13:7f:b7:c1:4a:e6:e3:03:e3:57:df:78:42:35:62:
         3c:2b:f8:79:3d:db:a6:7f:37:51:2f:6d:02:56:a7:ed:67:cb:
         33:93:e1:6a:b0:e4:3f:30:83:f2:d5:43:8c:91:c5:f0:fb:8e:
         c6:f7:4f:c5:b6:5c:91:24:bd:26:0f:e9:97:5f:99:7d:7c:41:
         dc:e3:20:37:9c:1b:c2:25:f2:12:cd:7a:5d:b2:9e:c5:1b:df:
         9d:18:c5:26
-----BEGIN CERTIFICATE-----
MIIGIjCCBQqgAwIBAgIUe6Nth0dnl8dPcJwb/n1KBwyzWvowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRUU5MTdFQkM3QTE1ODc4M0I0NEJDNkVEODIyMTc0MzRG
MjhBREVGQjAeFw0yMzAxMjMyMTMwMjBaFw0yNDAxMjIyMTM1MjBaMDMxMTAvBgNV
BAMTKDM0Q0U4NTM1MzdEMjA1MzNENDU3Q0QwRUE3QkQ0N0QwMTM0NEM4NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuvTidpqJhIYoXPedTtPnKTvLY
yNwaLGeAZKYP+Cp1GbCiGODyoG5NZjbEsAgUCSePgiKphLoKkEyeKU+JJp6Kpww1
HAEisxN4mXIJrTMDEVl8ZeMvaKLLvGhkN2xVNFRNvkLxTs7GQgssgyRMh1OBMW1o
ffdZE5b8D3VWdI0HdiYduT7KJSu8+sbOPlR+keiMAKrLfvAvWzaE/5/IiQy7yFu7
qZqUsBQ0YwoUpqApWJKowblNS1IUlEU2lMFT+FPnAJZtNZUqnKP7E36NQsOPO5fT
DivEARQDdtOKF0/iVN6rJX/v1uUINdnce/kf4bW/6jCCl4Tm6wWJ0pYvTLhzAgMB
AAGjggMsMIIDKDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ0zoU1N9IFM9RX
zQ6nvUfQE0TIcDAfBgNVHSMEGDAWgBTukX68ehWHg7RLxu2CIXQ08ore+zAOBgNV
HQ8BAf8EBAMCAQYwbQYDVR0fBGYwZDBioGCgXoZccnN5bmM6Ly9ycGtpLXJlcG8u
cmVnaXN0cm8uYnIvcmVwby9uaWNicl9yZXBvLzAvRUU5MTdFQkM3QTE1ODc4M0I0
NEJDNkVEODIyMTc0MzRGMjhBREVGQi5jcmwwgZoGCCsGAQUFBwEBBIGNMIGKMIGH
BggrBgEFBQcwAoZ7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNDhmMDgzYmItZjYwMy00ODkzLTk5OTAtMDI4NGMwNGNlYjg1L2ZkMjVj
OWJiN2U1Y2FjNzQxOWZhOTE5Mzc3MGY2NGE2ZWRmMjBjMTkuY2VyMIIBPwYIKwYB
BQUHAQsEggExMIIBLTBdBggrBgEFBQcwBYZRcnN5bmM6Ly9ycGtpLXJlcG8ucmVn
aXN0cm8uYnIvcmVwby9CYUJaS2FqM0tVV05FMXA4ZmhveUNMc3BuMlg5cHdNVTdQ
a1MyY2lBb25Qdi8xMIGKBggrBgEFBQcwCoZ+cnN5bmM6Ly9ycGtpLXJlcG8ucmVn
aXN0cm8uYnIvcmVwby9CYUJaS2FqM0tVV05FMXA4ZmhveUNMc3BuMlg5cHdNVTdQ
a1MyY2lBb25Qdi8xLzM0Q0U4NTM1MzdEMjA1MzNENDU3Q0QwRUE3QkQ0N0QwMTM0
NEM4NzAubWZ0MD8GCCsGAQUFBzANhjNodHRwczovL3Jwa2ktcmVwby5yZWdpc3Ry
by5ici9ycmRwL25vdGlmaWNhdGlvbi54bWwwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjBABggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAoPETAMEAqh5NAMEAqr3
NAMEA7FDADANBAIAAjAHAwUAKAQFWDAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgME
AW0wDQYJKoZIhvcNAQELBQADggEBADGMQ3+6HhWIeEcdm8+8b3lCfyLikSi+b22h
NvKM0Op/CtIaxbPd88C4s/zZefyeiUXHusl98HWg9JFE93WO2PlVBalX7cGBNQNE
kH2LujPM6fSz/l9029bPTjtdE/ECh6DyVfWHVhnwZ82gOeaqzfOfnxEH+WEZkrfH
U4+4pdjgywEKAsbj4j9h+qX6IZVehn7doERqwbe7QGj1P/bvGtEBeZx2WxN/t8FK
5uMD41ffeEI1Yjwr+Hk926Z/N1EvbQJWp+1nyzOT4Wqw5D8wg/LVQ4yRxfD7jsb3
T8W2XJEkvSYP6ZdfmX18QdzjIDecG8Il8hLNel2ynsUb350YxSY=
-----END CERTIFICATE-----