Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3fHfWY9KjzotB0zLb20WtU0dERw.cer
File:                     3fHfWY9KjzotB0zLb20WtU0dERw.cer (raw, json)
Hash identifier:          WFTBwKaF2tAyENSSHR83Ej1142ZwemylrGPzoIDAnDc=
Subject key identifier:   DD:F1:DF:59:8F:4A:8F:3A:2D:07:4C:CB:6F:6D:16:B5:4D:1D:11:1C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266C1EC0A4BD866FA258FF25EA961287
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/3fHfWY9KjzotB0zLb20WtU0dERw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:50:07 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 5435
                          AS: 15393
                          IP: 185.0.38.0/24
                          IP: 185.178.224.0/22
                          IP: 192.160.15.0/24
                          IP: 212.93.224.0/19
                          IP: 2001:7f8:151::/48
                          IP: 2a02:23d0::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:1e:c0:a4:bd:86:6f:a2:58:ff:25:ea:96:12:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddf1df598f4a8f3a2d074ccb6f6d16b54d1d111c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:27:fb:6b:5f:59:29:29:b4:ef:65:ad:93:
                    2a:98:b8:54:5a:4d:4d:c2:07:52:82:a1:76:90:a0:
                    a1:e1:78:da:7c:89:ec:58:2c:0d:49:4c:13:a2:5c:
                    cd:80:81:c0:2a:7c:4c:b6:52:19:0c:82:7d:34:8d:
                    27:30:4f:68:ec:54:8b:90:78:a5:55:71:ed:e6:b7:
                    a2:cb:96:f0:d7:92:1e:1c:45:69:4c:40:23:ad:6f:
                    4a:44:ce:e5:e0:60:8f:4e:3c:bb:4b:de:0b:3b:54:
                    7f:8c:3b:9f:af:f9:65:c9:37:c5:a9:50:16:af:22:
                    45:c6:07:18:ac:17:1b:55:34:e9:a6:28:3b:34:4c:
                    f4:dc:50:b8:96:2c:01:f9:94:18:8f:e7:7b:2a:54:
                    ec:cf:7f:00:fc:3b:41:a9:52:a7:6b:d0:ac:e9:0d:
                    9f:84:e6:a9:7b:20:02:69:fc:3c:7a:bc:b8:ca:b7:
                    45:25:6e:39:f0:8e:07:2c:2c:cd:bb:67:80:6d:98:
                    4a:5b:43:5e:74:1e:3e:74:c6:a5:fe:9c:2b:80:d3:
                    eb:72:2c:3c:cc:ad:32:0e:45:fb:55:7e:d1:0b:54:
                    b0:ef:e7:ee:14:fa:e8:0e:dd:e6:4d:f3:01:ea:3f:
                    9f:82:3c:b4:f3:51:8a:ed:a0:6e:20:2f:a1:ad:07:
                    ff:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:F1:DF:59:8F:4A:8F:3A:2D:07:4C:CB:6F:6D:16:B5:4D:1D:11:1C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/3fHfWY9KjzotB0zLb20WtU0dERw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.0.38.0/24
                  185.178.224.0/22
                  192.160.15.0/24
                  212.93.224.0/19
                IPv6:
                  2001:7f8:151::/48
                  2a02:23d0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  5435
                  15393

    Signature Algorithm: sha256WithRSAEncryption
         75:0f:92:8c:51:99:78:f8:32:96:fa:34:90:ba:96:0a:86:c5:
         a4:84:11:64:35:34:6e:8f:54:3a:f3:c2:36:e6:90:90:d8:95:
         a3:bb:44:b5:f3:73:54:0d:aa:94:8c:0c:45:8c:b5:1b:48:fc:
         df:35:a1:89:50:18:a1:c6:22:9d:ee:ce:8b:03:34:e2:0f:c3:
         48:5e:4e:2c:53:8d:bd:58:c2:4f:4f:bb:5a:58:23:2d:86:0e:
         07:84:73:39:68:4f:fb:90:5d:2d:99:78:0c:71:46:b7:ac:90:
         c7:4c:c7:c5:61:3f:a9:75:13:c1:9e:57:d8:8e:d4:24:ab:5b:
         dd:2b:2c:96:70:fe:8f:9d:ca:5d:3d:7a:c4:21:c4:03:8d:04:
         c6:26:20:aa:90:2c:80:0d:92:5a:b4:3e:29:56:47:5a:8c:3d:
         cb:2b:36:e6:2e:2f:3a:ea:2a:6b:52:a0:8f:e3:aa:ca:b7:8f:
         8d:e7:9b:e9:08:62:d5:5a:b9:e4:1c:4e:35:fd:00:bf:9c:3d:
         eb:e6:9b:c0:63:ad:19:6b:c4:69:0e:fc:32:b0:38:e6:66:25:
         1f:37:60:d2:19:70:e2:dc:ba:1c:68:db:13:9a:7f:64:85:37:
         fb:58:36:2a:d2:45:ab:c8:1c:86:a5:32:5a:16:bd:51:28:ae:
         26:01:0f:4d
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAZQmbB7ApL2Gb6JY/yXqlhKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGYxZGY1OThmNGE4ZjNhMmQwNzRjY2I2ZjZkMTZiNTRkMWQxMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua8n+2tfWSkptO9lrZMqmLhUWk1N
wgdSgqF2kKCh4XjafInsWCwNSUwTolzNgIHAKnxMtlIZDIJ9NI0nME9o7FSLkHil
VXHt5reiy5bw15IeHEVpTEAjrW9KRM7l4GCPTjy7S94LO1R/jDufr/llyTfFqVAW
ryJFxgcYrBcbVTTppig7NEz03FC4liwB+ZQYj+d7KlTsz38A/DtBqVKna9Cs6Q2f
hOapeyACafw8ery4yrdFJW458I4HLCzNu2eAbZhKW0NedB4+dMal/pwrgNPrciw8
zK0yDkX7VX7RC1Sw7+fuFProDt3mTfMB6j+fgjy081GK7aBuIC+hrQf/0wIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFN3x31mPSo86LQdMy29tFrVNHREcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IzLzZiOGJj
ZS01ODRjLTQ5MmMtYmQ3ZS1kMGYzMWJjOTMwNzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMvNmI4YmNl
LTU4NGMtNDkyYy1iZDdlLWQwZjMxYmM5MzA3OS8xLzNmSGZXWTlLanpvdEIwekxi
MjBXdFUwZEVSdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEkGCCsGAQUF
BwEHAQH/BDowODAeBAIAATAYAwQAuQAmAwQCubLgAwQAwKAPAwQF1F3gMBYEAgAC
MBADBwAgAQf4AVEDBQAqAiPQMB0GCCsGAQUFBwEIAQH/BA4wDKAKMAgCAhU7AgI8
ITANBgkqhkiG9w0BAQsFAAOCAQEAdQ+SjFGZePgylvo0kLqWCobFpIQRZDU0bo9U
OvPCNuaQkNiVo7tEtfNzVA2qlIwMRYy1G0j83zWhiVAYocYine7OiwM04g/DSF5O
LFONvVjCT0+7WlgjLYYOB4RzOWhP+5BdLZl4DHFGt6yQx0zHxWE/qXUTwZ5X2I7U
JKtb3SsslnD+j53KXT16xCHEA40ExiYgqpAsgA2SWrQ+KVZHWow9yys25i4vOuoq
a1Kgj+OqyrePjeeb6Qhi1Vq55BxONf0Av5w96+abwGOtGWvEaQ78MrA45mYlHzdg
0hlw4ty6HGjbE5p/ZIU3+1g2KtJFq8gchqUyWha9USiuJgEPTQ==
-----END CERTIFICATE-----