Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0EJl-xHCoiC8NQcYZz4HBNHtrd4.cer
File:                     0EJl-xHCoiC8NQcYZz4HBNHtrd4.cer (raw, json)
Hash identifier:          jvvSjroNruM1MGMJ7e+/ZNDvxSE9FD6xjv6q5la1c48=
Subject key identifier:   D0:42:65:FB:11:C2:A2:20:BC:35:07:18:67:3E:07:04:D1:ED:AD:DE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D955C6F67A09173DD23D60E726ECCD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/94/fa73f8-33e0-4032-84ec-a96ef6f6435c/1/0EJl-xHCoiC8NQcYZz4HBNHtrd4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/94/fa73f8-33e0-4032-84ec-a96ef6f6435c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:25 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 48678
                          AS: 212742
                          IP: 45.11.96.0/22
                          IP: 62.106.94.0/24
                          IP: 79.110.234.0/24
                          IP: 134.255.199.0/24
                          IP: 149.3.171.0/24
                          IP: 178.211.130.0/24
                          IP: 188.93.141.0/24
                          IP: 2a0c:6d40::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:55:c6:f6:7a:09:17:3d:d2:3d:60:e7:26:ec:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d04265fb11c2a220bc350718673e0704d1edadde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:21:b8:10:4c:59:a9:1d:02:b5:c6:1f:f6:23:
                    51:7f:e6:a1:9d:bd:02:f9:80:04:ef:fe:a5:5f:fe:
                    52:5e:5b:4f:f6:49:b2:10:ee:28:4f:cc:25:1d:a7:
                    c5:ba:84:e6:c8:cc:70:b2:2d:e0:7f:d5:38:e4:7f:
                    9b:af:06:26:64:46:4b:53:4e:b1:5c:4c:ec:7e:0a:
                    6f:c3:6b:7e:3b:f6:e1:f8:15:9b:99:3c:e2:5a:db:
                    7c:54:62:1e:e7:b7:e8:06:d7:95:ae:84:30:af:7c:
                    63:89:50:61:4c:2f:f8:67:74:1b:df:7c:1e:57:47:
                    30:83:1e:63:8a:b0:3a:ce:24:ee:c8:a6:50:7a:b0:
                    b3:1d:b3:65:3f:4b:79:34:4d:7c:7f:b2:08:6b:61:
                    a3:96:9d:cb:92:08:33:88:08:1f:59:b4:e4:d7:b2:
                    59:a3:83:e3:83:c9:64:d0:39:40:68:c9:eb:5c:b6:
                    41:3f:f0:55:bd:b9:dc:c9:65:8a:c9:27:18:17:f0:
                    9a:87:34:09:74:76:81:01:b2:a6:cb:9d:9d:eb:7e:
                    a0:1b:28:ff:90:7c:3a:1a:61:c0:31:ac:3f:82:b7:
                    99:cd:8b:15:43:89:74:93:d7:82:39:ca:84:dc:b6:
                    e6:4a:1f:fc:ee:31:4b:04:74:b6:50:a3:da:e0:37:
                    30:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:42:65:FB:11:C2:A2:20:BC:35:07:18:67:3E:07:04:D1:ED:AD:DE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/fa73f8-33e0-4032-84ec-a96ef6f6435c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/fa73f8-33e0-4032-84ec-a96ef6f6435c/1/0EJl-xHCoiC8NQcYZz4HBNHtrd4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.96.0/22
                  62.106.94.0/24
                  79.110.234.0/24
                  134.255.199.0/24
                  149.3.171.0/24
                  178.211.130.0/24
                  188.93.141.0/24
                IPv6:
                  2a0c:6d40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48678
                  212742

    Signature Algorithm: sha256WithRSAEncryption
         44:a9:40:97:08:e2:2e:ae:75:76:6e:ad:5a:5b:6c:68:67:0e:
         ea:15:87:2d:71:58:c5:8d:f1:3e:38:91:28:bf:dd:cc:2c:41:
         33:f7:db:cb:f0:7c:73:5a:c6:6b:19:38:3e:d2:cf:65:f7:fa:
         e7:a5:ab:18:0d:2a:5b:92:2b:4e:a8:ae:d7:be:2d:b8:dd:29:
         93:8f:a0:15:82:55:e4:f2:e8:90:c9:d7:78:c0:82:fb:b4:a9:
         50:ef:e5:a9:b4:f1:ec:ca:ba:06:75:cc:ae:19:20:b6:98:7d:
         69:fa:1c:9e:a2:10:28:8f:7d:54:3a:5a:f2:46:b0:67:ce:2e:
         f7:56:5b:26:85:94:d1:ea:08:5a:a2:59:ca:03:be:d0:4f:d2:
         c7:00:95:29:f4:02:e1:d5:3c:47:e8:ed:a8:68:7e:6a:64:d5:
         f8:84:4a:bf:bf:f6:c6:d0:ca:d3:d6:a7:27:cb:26:66:2b:c6:
         23:61:02:a4:e7:ca:33:8c:e7:91:d7:ec:9f:f2:6e:f6:39:a3:
         73:92:40:20:aa:c8:cc:bf:97:c2:2e:1f:16:a0:29:ae:8e:5e:
         f8:d5:b4:bb:af:76:96:55:bc:23:67:1c:20:97:9f:c2:dc:d9:
         12:93:98:1b:24:34:c1:43:37:22:10:56:7f:c1:a0:f4:2a:8d:
         18:a4:57:48
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgISAZQm2VXG9noJFz3SPWDnJuzNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQyNjVmYjExYzJhMjIwYmMzNTA3MTg2NzNlMDcwNGQxZWRhZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yG4EExZqR0CtcYf9iNRf+ahnb0C
+YAE7/6lX/5SXltP9kmyEO4oT8wlHafFuoTmyMxwsi3gf9U45H+brwYmZEZLU06x
XEzsfgpvw2t+O/bh+BWbmTziWtt8VGIe57foBteVroQwr3xjiVBhTC/4Z3Qb33we
V0cwgx5jirA6ziTuyKZQerCzHbNlP0t5NE18f7IIa2Gjlp3LkggziAgfWbTk17JZ
o4Pjg8lk0DlAaMnrXLZBP/BVvbncyWWKyScYF/CahzQJdHaBAbKmy52d636gGyj/
kHw6GmHAMaw/greZzYsVQ4l0k9eCOcqE3LbmSh/87jFLBHS2UKPa4DcwnwIDAQAB
o4IC2DCCAtQwHQYDVR0OBBYEFNBCZfsRwqIgvDUHGGc+BwTR7a3eMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk0L2ZhNzNm
OC0zM2UwLTQwMzItODRlYy1hOTZlZjZmNjQzNWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTQvZmE3M2Y4
LTMzZTAtNDAzMi04NGVjLWE5NmVmNmY2NDM1Yy8xLzBFSmwteEhDb2lDOE5RY1la
ejRIQk5IdHJkNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFIGCCsGAQUF
BwEHAQH/BEMwQTAwBAIAATAqAwQCLQtgAwQAPmpeAwQAT27qAwQAhv/HAwQAlQOr
AwQAstOCAwQAvF2NMA0EAgACMAcDBQMqDG1AMB8GCCsGAQUFBwEIAQH/BBAwDqAM
MAoCAwC+JgIDAz8GMA0GCSqGSIb3DQEBCwUAA4IBAQBEqUCXCOIurnV2bq1aW2xo
Zw7qFYctcVjFjfE+OJEov93MLEEz99vL8HxzWsZrGTg+0s9l9/rnpasYDSpbkitO
qK7Xvi243SmTj6AVglXk8uiQydd4wIL7tKlQ7+WptPHsyroGdcyuGSC2mH1p+hye
ohAoj31UOlryRrBnzi73VlsmhZTR6ghaolnKA77QT9LHAJUp9ALh1TxH6O2oaH5q
ZNX4hEq/v/bG0MrT1qcnyyZmK8YjYQKk58ozjOeR1+yf8m72OaNzkkAgqsjMv5fC
Lh8WoCmujl741bS7r3aWVbwjZxwgl5/C3NkSk5gbJDTBQzciEFZ/waD0Ko0YpFdI
-----END CERTIFICATE-----