Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
File:                     72eEaVdKzAPXguYygf9E-qqz-Ec.cer (raw, json)
Hash identifier:          9osBIEvSe60M7NLKWBe1XjjxgM++zQxOoYmEJK6ttVU=
Subject key identifier:   EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F6E6FAA9B5E58ACED58A7AC609FB6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 207440
                          AS: 208037
                          AS: 209231
                          IP: 2.56.140.0/22
                          IP: 86.110.204.0/22
                          IP: 89.232.172.0/22
                          IP: 185.161.236.0/22
                          IP: 185.251.36.0/24
                          IP: 2a09:c540::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6e:6f:aa:9b:5e:58:ac:ed:58:a7:ac:60:9f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef678469574acc03d782e63281ff44faaab3f847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:22:d9:5b:da:8c:d0:51:ba:7f:8e:f9:b4:48:
                    28:c6:3c:4a:a0:c8:27:5e:71:d3:7d:b2:d1:1e:3b:
                    c9:6a:d7:c2:65:0f:c4:6e:f9:86:14:24:da:5c:7f:
                    1d:e2:34:b2:6e:6f:60:62:f9:0d:e3:42:ed:37:c5:
                    23:cf:04:20:85:9a:2f:62:5e:5f:12:0d:3e:8f:83:
                    45:4a:07:07:bd:af:4a:3e:56:8e:50:c2:7b:be:67:
                    9b:e4:c5:19:6d:44:b3:b6:89:88:ec:f7:ba:ea:f8:
                    0c:33:50:c7:fd:66:fd:f1:bf:ce:d8:ec:82:db:d7:
                    de:c8:e0:d8:42:24:f7:f9:f6:d9:1f:ab:42:16:b2:
                    d1:7e:ed:fc:e0:0b:3f:f5:38:bb:ee:c2:ec:d7:5a:
                    1f:7f:01:04:01:85:03:d6:02:34:c8:0c:b2:45:d4:
                    70:b4:42:18:bb:27:10:3b:ef:44:bd:cb:e5:de:29:
                    fe:14:db:4b:55:7e:3f:3d:c8:14:dd:96:9c:35:24:
                    32:89:f0:88:4e:4a:d5:92:c7:f1:a4:e5:d9:71:1d:
                    a4:04:34:ac:68:85:52:31:a2:02:f3:0e:63:cf:15:
                    cb:a2:65:11:ba:ae:cf:e6:e1:18:7b:45:3a:f4:34:
                    3c:30:ec:87:20:02:e8:dd:8d:23:13:27:f6:a9:f2:
                    69:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.140.0/22
                  86.110.204.0/22
                  89.232.172.0/22
                  185.161.236.0/22
                  185.251.36.0/24
                IPv6:
                  2a09:c540::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207440
                  208037
                  209231

    Signature Algorithm: sha256WithRSAEncryption
         6d:a5:81:ce:01:0a:1e:1e:9b:de:5a:2b:a0:c4:dd:07:0a:be:
         1c:27:be:9f:ae:4c:cc:32:9f:96:b9:6a:d0:f3:5c:c3:ee:74:
         80:d7:93:e5:e8:40:ba:56:eb:84:c8:21:8f:20:b3:21:fd:6b:
         61:ba:e2:a4:ea:7c:ea:11:79:28:4a:7b:f6:39:fe:4f:46:fa:
         e1:7d:a5:24:4f:46:11:f5:64:e0:95:2a:b5:7e:73:3b:2c:94:
         47:f4:d6:ef:16:e2:f9:36:a3:f6:ef:33:f3:4b:fd:ce:72:39:
         2b:72:01:3c:0b:af:3d:b9:96:fb:f5:71:c3:21:a9:a5:5d:f2:
         c1:7b:9d:9b:8d:34:59:da:34:e8:6b:d8:11:1e:4d:7d:fc:b3:
         36:5d:7d:79:51:78:2a:57:15:3a:26:e0:c0:29:33:3d:55:ff:
         0c:38:02:0d:d8:e0:07:34:50:85:95:c4:23:31:79:f0:6a:21:
         75:38:11:80:74:22:e8:1d:05:03:ad:7d:6c:7d:a4:80:b9:3a:
         83:d1:16:ae:c2:eb:5c:33:ca:a1:fd:ca:01:12:ef:25:eb:32:
         df:32:a5:43:ae:7e:0d:f4:46:7f:4f:7a:bb:ef:4b:d6:92:83:
         94:85:86:ab:ca:a6:cc:ef:a4:35:a1:fa:2d:d3:04:23:a0:a3:
         dc:d3:94:1c
-----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgISAZQlj25vqpteWKztWKesYJ+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjY3ODQ2OTU3NGFjYzAzZDc4MmU2MzI4MWZmNDRmYWFhYjNmODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSLZW9qM0FG6f475tEgoxjxKoMgn
XnHTfbLRHjvJatfCZQ/EbvmGFCTaXH8d4jSybm9gYvkN40LtN8UjzwQghZovYl5f
Eg0+j4NFSgcHva9KPlaOUMJ7vmeb5MUZbUSztomI7Pe66vgMM1DH/Wb98b/O2OyC
29feyODYQiT3+fbZH6tCFrLRfu384As/9Ti77sLs11offwEEAYUD1gI0yAyyRdRw
tEIYuycQO+9Evcvl3in+FNtLVX4/PcgU3ZacNSQyifCITkrVksfxpOXZcR2kBDSs
aIVSMaIC8w5jzxXLomURuq7P5uEYe0U69DQ8MOyHIALo3Y0jEyf2qfJpJQIDAQAB
o4IC0TCCAs0wHQYDVR0OBBYEFO9nhGlXSswD14LmMoH/RPqqs/hHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM4L2I0Njcz
Yi0yMTBiLTRlNWEtODc2YS1kYzA1OWU2OWIxZDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgvYjQ2NzNi
LTIxMGItNGU1YS04NzZhLWRjMDU5ZTY5YjFkMC8xLzcyZUVhVmRLekFQWGd1WXln
ZjlFLXFxei1FYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEYGCCsGAQUF
BwEHAQH/BDcwNTAkBAIAATAeAwQCAjiMAwQCVm7MAwQCWeisAwQCuaHsAwQAufsk
MA0EAgACMAcDBQAqCcVAMCQGCCsGAQUFBwEIAQH/BBUwE6ARMA8CAwMqUAIDAyyl
AgMDMU8wDQYJKoZIhvcNAQELBQADggEBAG2lgc4BCh4em95aK6DE3QcKvhwnvp+u
TMwyn5a5atDzXMPudIDXk+XoQLpW64TIIY8gsyH9a2G64qTqfOoReShKe/Y5/k9G
+uF9pSRPRhH1ZOCVKrV+czsslEf01u8W4vk2o/bvM/NL/c5yOStyATwLrz25lvv1
ccMhqaVd8sF7nZuNNFnaNOhr2BEeTX38szZdfXlReCpXFTom4MApMz1V/ww4Ag3Y
4Ac0UIWVxCMxefBqIXU4EYB0IugdBQOtfWx9pIC5OoPRFq7C61wzyqH9ygES7yXr
Mt8ypUOufg30Rn9PervvS9aSg5SFhqvKpszvpDWh+i3TBCOgo9zTlBw=
-----END CERTIFICATE-----