Certificate

$ rpki-client -vvf rpki-repo.registro.br/repo/nicbr_repo/0/3F89ED2DE6A8CF764FD3D048DA5C4C6AC483D757.cer
File:                     3F89ED2DE6A8CF764FD3D048DA5C4C6AC483D757.cer (raw, json)
Hash identifier:          5OfxSonFFgfP3n677s8C72RmyiarrpoKbZlv6VWMRZc=
Subject key identifier:   3F:89:ED:2D:E6:A8:CF:76:4F:D3:D0:48:DA:5C:4C:6A:C4:83:D7:57
Authority key identifier: EE:91:7E:BC:7A:15:87:83:B4:4B:C6:ED:82:21:74:34:F2:8A:DE:FB
Certificate issuer:       /CN=EE917EBC7A158783B44BC6ED82217434F28ADEFB
Certificate serial:       2338251B1D8BA07C9A51FE3F8A413C67324BAB62
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/fd25c9bb7e5cac7419fa9193770f64a6edf20c19.cer
Manifest:                 rsync://rpki-repo.registro.br/repo/6BpkhkJmtUfYAuvbymTJP9Q3U4eKfEpEHJiCqwMTSdDC/0/3F89ED2DE6A8CF764FD3D048DA5C4C6AC483D757.mft
caRepository:             rsync://rpki-repo.registro.br/repo/6BpkhkJmtUfYAuvbymTJP9Q3U4eKfEpEHJiCqwMTSdDC/0/
Notify URL:               https://rpki-repo.registro.br/rrdp/notification.xml
Certificate not before:   Fri 08 Mar 2024 19:02:12 +0000
Certificate not after:    Fri 07 Mar 2025 19:07:12 +0000
Subordinate resources:    AS: 52858
                          IP: 138.59.248.0/22
                          IP: 170.247.232.0/22
                          IP: 177.87.64.0/22
                          IP: 177.125.248.0/22
                          IP: 2804:774::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:38:25:1b:1d:8b:a0:7c:9a:51:fe:3f:8a:41:3c:67:32:4b:ab:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EE917EBC7A158783B44BC6ED82217434F28ADEFB
        Validity
            Not Before: Mar  8 19:02:12 2024 GMT
            Not After : Mar  7 19:07:12 2025 GMT
        Subject: CN=3F89ED2DE6A8CF764FD3D048DA5C4C6AC483D757
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ab:01:d0:a1:30:9e:2c:fa:c7:99:d6:af:fa:
                    1d:c3:74:c7:d2:dc:99:4f:da:1b:9a:06:d6:35:27:
                    54:d6:a8:6f:6a:f1:a5:ba:c1:e1:30:bf:0e:7d:a2:
                    fd:1e:dd:43:ab:a5:a6:9c:01:8b:c7:bf:04:be:75:
                    84:ff:7b:60:be:67:24:64:63:e8:51:2c:d1:71:82:
                    7a:4d:f0:2e:ef:31:e8:70:21:9a:12:91:07:41:37:
                    98:e4:72:30:d6:84:c0:53:3f:c0:04:1f:a2:26:ec:
                    97:39:82:67:f5:6f:12:f8:0a:7b:6b:ae:a1:13:bd:
                    84:d1:72:7f:86:75:df:c6:66:38:04:d2:35:01:13:
                    10:ef:4e:fd:b3:94:49:6a:9d:05:3d:fa:b9:cd:56:
                    9e:75:2e:1c:0e:3b:11:45:1c:bb:4b:6b:fb:04:2c:
                    34:ca:91:5e:c6:6a:52:7f:8f:00:8d:3a:ce:92:a8:
                    af:ae:a3:c7:2b:d0:f1:bf:69:f1:32:f9:b3:9c:88:
                    48:a5:a5:e4:01:09:5f:7f:69:32:e9:49:de:d2:5e:
                    d2:b3:14:50:b7:5b:25:1a:1e:54:4e:d4:a4:ee:ce:
                    3a:b1:b1:f5:c6:b6:e6:31:1e:57:84:bc:e3:28:8c:
                    7a:cc:72:b7:5d:ae:61:33:e1:78:d5:c3:1c:48:fc:
                    77:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                3F:89:ED:2D:E6:A8:CF:76:4F:D3:D0:48:DA:5C:4C:6A:C4:83:D7:57
            X509v3 Authority Key Identifier:
                keyid:EE:91:7E:BC:7A:15:87:83:B4:4B:C6:ED:82:21:74:34:F2:8A:DE:FB

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/0/EE917EBC7A158783B44BC6ED82217434F28ADEFB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/fd25c9bb7e5cac7419fa9193770f64a6edf20c19.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki-repo.registro.br/repo/6BpkhkJmtUfYAuvbymTJP9Q3U4eKfEpEHJiCqwMTSdDC/0/
                RPKI Manifest - URI:rsync://rpki-repo.registro.br/repo/6BpkhkJmtUfYAuvbymTJP9Q3U4eKfEpEHJiCqwMTSdDC/0/3F89ED2DE6A8CF764FD3D048DA5C4C6AC483D757.mft
                RPKI Notify - URI:https://rpki-repo.registro.br/rrdp/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.59.248.0/22
                  170.247.232.0/22
                  177.87.64.0/22
                  177.125.248.0/22
                IPv6:
                  2804:774::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  52858

    Signature Algorithm: sha256WithRSAEncryption
         18:cd:11:f3:a2:bb:06:f8:20:df:57:e9:b0:38:4d:54:a2:df:
         35:64:49:b0:f6:d0:da:ea:11:c5:f2:42:ee:df:f6:e4:75:01:
         f5:cd:7a:03:a9:7e:8e:f2:6f:85:c7:29:44:a1:aa:2e:87:fa:
         d2:a9:70:36:88:c6:f5:26:86:c1:ce:13:89:7a:16:b5:8b:24:
         b2:ee:a0:a6:7a:63:69:f6:9c:48:35:95:de:54:d1:96:95:08:
         c4:f6:d6:8f:b5:11:7f:83:d9:e9:4a:d1:8c:70:07:6a:a3:f6:
         03:52:6c:e5:c1:75:5d:63:44:0a:c8:09:5f:58:c7:a2:52:a8:
         86:34:b9:90:ae:f4:aa:98:ca:f7:34:ec:9f:af:81:da:c5:b2:
         9c:c7:94:9d:23:79:ea:3c:9b:25:e1:7d:26:aa:8a:5a:df:0a:
         aa:68:ff:20:24:36:26:02:b8:77:8e:b1:f0:59:6f:c0:97:78:
         4d:59:68:20:25:e0:2c:e0:ad:fd:a1:d8:a6:b3:3f:6a:7a:ea:
         9b:86:2c:1d:a3:8d:0a:24:d7:7c:c8:8b:49:79:42:8c:a1:38:
         84:10:ba:2c:47:fb:30:9f:21:d1:98:cb:d8:1a:83:bb:3e:16:
         af:10:3c:4e:11:6e:c7:6e:30:ec:82:cd:12:3f:ac:9e:3e:a0:
         dd:40:9a:4e
-----BEGIN CERTIFICATE-----
MIIGIzCCBQugAwIBAgIUIzglGx2LoHyaUf4/ikE8ZzJLq2IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRUU5MTdFQkM3QTE1ODc4M0I0NEJDNkVEODIyMTc0MzRG
MjhBREVGQjAeFw0yNDAzMDgxOTAyMTJaFw0yNTAzMDcxOTA3MTJaMDMxMTAvBgNV
BAMTKDNGODlFRDJERTZBOENGNzY0RkQzRDA0OERBNUM0QzZBQzQ4M0Q3NTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcqwHQoTCeLPrHmdav+h3DdMfS
3JlP2huaBtY1J1TWqG9q8aW6weEwvw59ov0e3UOrpaacAYvHvwS+dYT/e2C+ZyRk
Y+hRLNFxgnpN8C7vMehwIZoSkQdBN5jkcjDWhMBTP8AEH6Im7Jc5gmf1bxL4Cntr
rqETvYTRcn+Gdd/GZjgE0jUBExDvTv2zlElqnQU9+rnNVp51LhwOOxFFHLtLa/sE
LDTKkV7GalJ/jwCNOs6SqK+uo8cr0PG/afEy+bOciEilpeQBCV9/aTLpSd7SXtKz
FFC3WyUaHlRO1KTuzjqxsfXGtuYxHleEvOMojHrMcrddrmEz4XjVwxxI/HdNAgMB
AAGjggMtMIIDKTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ/ie0t5qjPdk/T
0EjaXExqxIPXVzAfBgNVHSMEGDAWgBTukX68ehWHg7RLxu2CIXQ08ore+zAOBgNV
HQ8BAf8EBAMCAQYwbQYDVR0fBGYwZDBioGCgXoZccnN5bmM6Ly9ycGtpLXJlcG8u
cmVnaXN0cm8uYnIvcmVwby9uaWNicl9yZXBvLzAvRUU5MTdFQkM3QTE1ODc4M0I0
NEJDNkVEODIyMTc0MzRGMjhBREVGQi5jcmwwgZoGCCsGAQUFBwEBBIGNMIGKMIGH
BggrBgEFBQcwAoZ7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNDhmMDgzYmItZjYwMy00ODkzLTk5OTAtMDI4NGMwNGNlYjg1L2ZkMjVj
OWJiN2U1Y2FjNzQxOWZhOTE5Mzc3MGY2NGE2ZWRmMjBjMTkuY2VyMIIBQAYIKwYB
BQUHAQsEggEyMIIBLjBeBggrBgEFBQcwBYZScnN5bmM6Ly9ycGtpLXJlcG8ucmVn
aXN0cm8uYnIvcmVwby82QnBraGtKbXRVZllBdXZieW1USlA5UTNVNGVLZkVwRUhK
aUNxd01UU2REQy8wLzCBigYIKwYBBQUHMAqGfnJzeW5jOi8vcnBraS1yZXBvLnJl
Z2lzdHJvLmJyL3JlcG8vNkJwa2hrSm10VWZZQXV2YnltVEpQOVEzVTRlS2ZFcEVI
SmlDcXdNVFNkREMvMC8zRjg5RUQyREU2QThDRjc2NEZEM0QwNDhEQTVDNEM2QUM0
ODNENzU3Lm1mdDA/BggrBgEFBQcwDYYzaHR0cHM6Ly9ycGtpLXJlcG8ucmVnaXN0
cm8uYnIvcnJkcC9ub3RpZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwQAYIKwYBBQUHAQcBAf8EMTAvMB4EAgABMBgDBAKKO/gDBAKq9+gDBAKx
V0ADBAKxffgwDQQCAAIwBwMFACgEB3QwGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQID
AM56MA0GCSqGSIb3DQEBCwUAA4IBAQAYzRHzorsG+CDfV+mwOE1Uot81ZEmw9tDa
6hHF8kLu3/bkdQH1zXoDqX6O8m+FxylEoaouh/rSqXA2iMb1JobBzhOJeha1iySy
7qCmemNp9pxINZXeVNGWlQjE9taPtRF/g9npStGMcAdqo/YDUmzlwXVdY0QKyAlf
WMeiUqiGNLmQrvSqmMr3NOyfr4HaxbKcx5SdI3nqPJsl4X0mqopa3wqqaP8gJDYm
Arh3jrHwWW/Al3hNWWggJeAs4K39odimsz9qeuqbhiwdo40KJNd8yItJeUKMoTiE
ELosR/swnyHRmMvYGoO7PhavEDxOEW7HbjDsgs0SP6yePqDdQJpO
-----END CERTIFICATE-----