Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
File:                     4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer (raw, json)
Hash identifier:          GABwjL+JJrRdZ3bHkvVmuwwg+f71b6lJRRMPkZ+dwh4=
Subject key identifier:   E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FC38DE787536B978D37DD64EA9CD52
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:49:02 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 25003
                          IP: 80.74.96.0/19
                          IP: 91.143.224.0/20
                          IP: 92.61.224.0/20
                          IP: 94.188.128.0/17
                          IP: 2a02:23b8::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:38:de:78:75:36:b9:78:d3:7d:d6:4e:a9:cd:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d9:12:27:f4:79:84:0e:0c:2b:a5:54:4f:27:
                    5f:d4:17:99:ac:b8:a7:f9:1e:e7:bd:64:89:66:f1:
                    79:84:67:3a:23:03:30:7a:66:39:81:4e:92:32:b6:
                    45:32:39:3e:ce:69:d4:1e:1f:e0:0d:4f:af:f0:24:
                    46:13:03:34:3d:02:ba:1b:bf:ec:80:0b:b8:85:21:
                    bf:c2:2b:d3:ff:d0:3f:03:cd:7b:f1:93:f6:f0:3c:
                    82:0f:7f:3d:83:2f:f9:9f:5d:a1:00:36:ae:e6:32:
                    e9:6a:de:a2:74:2a:1d:26:30:0b:63:37:45:20:8e:
                    8a:f1:a5:d3:78:bb:b4:8f:78:07:d7:8e:70:a2:69:
                    f2:d4:ce:f6:c7:3b:6e:1a:c3:49:94:d3:a4:0a:ff:
                    db:b6:14:d7:e8:1d:43:b6:9c:65:11:32:96:77:f2:
                    36:c5:f0:45:b6:3e:26:53:59:84:ba:a6:7c:fa:15:
                    f0:8c:32:eb:0d:cf:d0:63:7f:e8:c3:83:b0:45:82:
                    82:d8:bb:df:68:0b:17:42:9d:be:70:8b:fe:9c:98:
                    85:28:34:73:46:4a:f8:cf:35:94:5f:21:09:96:eb:
                    93:e3:f0:d2:c4:65:d5:25:e1:7c:b7:d7:dc:0d:9b:
                    a1:f0:ec:35:c1:61:ef:28:1d:3e:5e:ea:1e:4a:f3:
                    1a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.74.96.0/19
                  91.143.224.0/20
                  92.61.224.0/20
                  94.188.128.0/17
                IPv6:
                  2a02:23b8::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25003

    Signature Algorithm: sha256WithRSAEncryption
         41:e5:2f:c4:25:87:6b:bd:2d:a2:cf:b3:50:23:53:52:26:ac:
         f9:ec:f7:28:cf:d5:ce:b8:8d:02:73:2b:1d:7a:85:4c:46:cf:
         7d:ca:09:27:aa:b8:45:ba:d9:5e:1b:7d:ef:7c:5f:f2:a5:f4:
         d3:97:fb:38:dd:65:8f:d1:c3:0a:0b:d4:c3:6f:c0:e1:72:da:
         ca:1a:eb:8e:91:6a:1a:d1:b2:10:33:b0:fa:a8:2e:88:2f:bb:
         55:56:a5:2a:a0:f3:27:f4:09:17:8a:06:d4:3b:0d:60:9b:b6:
         20:b7:fb:00:dc:76:a3:e6:dd:e2:54:ea:ad:7c:31:78:5b:d1:
         b5:8f:99:5e:fe:17:26:a1:ee:71:83:8d:ad:23:ce:3b:23:ff:
         2a:ed:57:95:1d:67:a5:50:e5:48:77:59:d3:8a:e5:32:fa:91:
         9b:09:62:97:83:9c:3c:2a:b0:c4:5e:29:ef:9e:ba:9c:68:06:
         a1:5d:ca:97:ac:05:29:c7:8c:49:33:e5:57:00:04:3a:85:c4:
         f6:45:3c:50:80:43:81:a1:cd:92:fb:b7:1f:89:41:3d:ae:a0:
         84:55:f9:b9:09:9e:b0:93:7a:27:8f:f7:ea:bf:01:e5:6e:40:
         aa:6f:93:3f:25:61:78:dc:e5:43:b1:7d:e8:aa:dc:4b:8b:79:
         a7:c8:ca:d4
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgISAZQi/DjeeHU2uXjTfdZOqc1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmQ1YmI0MDExODBlNTVmNWMxNjVkNDc5MDhkZmY0ZmUyOWEwZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNkSJ/R5hA4MK6VUTydf1BeZrLin
+R7nvWSJZvF5hGc6IwMwemY5gU6SMrZFMjk+zmnUHh/gDU+v8CRGEwM0PQK6G7/s
gAu4hSG/wivT/9A/A8178ZP28DyCD389gy/5n12hADau5jLpat6idCodJjALYzdF
II6K8aXTeLu0j3gH145womny1M72xztuGsNJlNOkCv/bthTX6B1DtpxlETKWd/I2
xfBFtj4mU1mEuqZ8+hXwjDLrDc/QY3/ow4OwRYKC2LvfaAsXQp2+cIv+nJiFKDRz
Rkr4zzWUXyEJluuT4/DSxGXVJeF8t9fcDZuh8Ow1wWHvKB0+XuoeSvMaBwIDAQAB
o4ICwDCCArwwHQYDVR0OBBYEFOLVu0ARgOVfXBZdR5CN/0/img2GMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU5Lzg2Mjk3
YS1kMjE5LTQ1NjctOTE3MS00MjFlNmJjN2UyZTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTkvODYyOTdh
LWQyMTktNDU2Ny05MTcxLTQyMWU2YmM3ZTJlOC8xLzR0VzdRQkdBNVY5Y0ZsMUhr
STNfVC1LYURZWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAGCCsGAQUF
BwEHAQH/BDEwLzAeBAIAATAYAwQFUEpgAwQEW4/gAwQEXD3gAwQHXryAMA0EAgAC
MAcDBQAqAiO4MBkGCCsGAQUFBwEIAQH/BAowCKAGMAQCAmGrMA0GCSqGSIb3DQEB
CwUAA4IBAQBB5S/EJYdrvS2iz7NQI1NSJqz57Pcoz9XOuI0CcysdeoVMRs99ygkn
qrhFutleG33vfF/ypfTTl/s43WWP0cMKC9TDb8DhctrKGuuOkWoa0bIQM7D6qC6I
L7tVVqUqoPMn9AkXigbUOw1gm7Ygt/sA3Haj5t3iVOqtfDF4W9G1j5le/hcmoe5x
g42tI847I/8q7VeVHWelUOVId1nTiuUy+pGbCWKXg5w8KrDEXinvnrqcaAahXcqX
rAUpx4xJM+VXAAQ6hcT2RTxQgEOBoc2S+7cfiUE9rqCEVfm5CZ6wk3onj/fqvwHl
bkCqb5M/JWF43OVDsX3oqtxLi3mnyMrU
-----END CERTIFICATE-----