Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BbvbYp_dDxwzv7GsfPRBIbxebq0.cer
File:                     BbvbYp_dDxwzv7GsfPRBIbxebq0.cer (raw, json)
Hash identifier:          Tfn/g8HcLGIg9YpsGhDgc2cDqB0ncA0czI7BpaESA1U=
Subject key identifier:   05:BB:DB:62:9F:DD:0F:1C:33:BF:B1:AC:7C:F4:41:21:BC:5E:6E:AD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5C20E31A07A289CEDC26BAD6C7807
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/05BBDB629FDD0F1C33BFB1AC7CF44121BC5E6EAD.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 50788
                          IP: 84.38.254.0/24
                          IP: 2a0c:31c0::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c2:0e:31:a0:7a:28:9c:ed:c2:6b:ad:6c:78:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05bbdb629fdd0f1c33bfb1ac7cf44121bc5e6ead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:88:a9:53:f3:4e:68:eb:1e:ec:c6:ef:03:66:
                    30:39:e1:07:9a:22:45:f8:de:5a:89:69:3a:81:78:
                    b1:e6:09:41:dc:70:5d:dd:b3:dd:a5:b3:11:19:9b:
                    93:ca:0d:a7:94:cd:a2:bb:a1:d2:6b:e8:72:29:16:
                    b1:dc:72:4a:9e:ff:0c:d1:fc:d8:2e:6a:c2:b2:21:
                    d8:38:f9:3a:8f:9a:0c:49:fd:84:8d:64:fa:94:ce:
                    a3:a1:95:59:56:50:67:4e:14:73:96:96:89:f0:76:
                    64:dd:3d:b5:0a:c3:f2:99:09:7b:fc:4f:01:12:ed:
                    48:70:2e:ea:9a:90:43:42:8e:0c:04:d9:75:21:5f:
                    04:d2:26:d1:3d:b3:6d:b8:04:33:40:b1:b1:a3:ac:
                    47:7a:fa:32:d7:36:54:c0:8a:df:77:77:43:bc:6f:
                    97:cf:65:4b:e9:92:1f:f3:4c:1f:af:00:52:a4:51:
                    9d:2a:0c:0f:64:6d:fd:3c:65:ae:74:9a:9f:a8:c0:
                    f5:91:91:8c:c2:79:a8:ca:df:49:57:1a:57:54:d1:
                    d1:4a:89:1c:0a:72:2d:c6:c9:14:dc:cf:49:be:e1:
                    44:a6:eb:4b:13:68:d4:7c:7a:34:99:8f:9f:62:c7:
                    3a:50:da:7c:05:52:25:54:6d:13:60:32:86:00:66:
                    29:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:BB:DB:62:9F:DD:0F:1C:33:BF:B1:AC:7C:F4:41:21:BC:5E:6E:AD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/05BBDB629FDD0F1C33BFB1AC7CF44121BC5E6EAD.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.254.0/24
                IPv6:
                  2a0c:31c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50788

    Signature Algorithm: sha256WithRSAEncryption
         36:43:13:7f:39:ad:bc:43:6b:01:2e:dc:8f:7f:f6:c2:de:9f:
         13:7e:5e:5b:9b:75:4c:1c:58:de:75:cd:04:68:fa:23:16:91:
         30:e9:0f:a3:15:a1:77:cb:a2:2a:95:37:98:24:d6:3c:7a:a1:
         30:ca:98:e3:de:b9:06:39:4e:c0:d9:68:e9:47:88:06:d1:77:
         70:42:97:91:b6:c7:02:4c:24:2a:42:a7:35:c0:73:12:b7:11:
         d6:e7:ac:62:df:fb:4b:9d:2d:89:7e:4c:30:dc:42:cb:72:74:
         cf:b1:58:4f:1f:6d:e1:a5:de:b3:ff:cb:a5:77:7d:17:0e:2b:
         64:f1:c5:bd:fe:31:f9:b1:62:d4:01:9a:52:7d:0b:bd:4e:07:
         93:b6:3d:86:07:e6:9d:d2:d0:2d:ae:12:f4:2b:55:5f:9e:fa:
         f4:eb:5f:9c:44:64:fd:02:59:1c:99:7b:55:94:64:9c:99:15:
         82:ee:f4:67:58:20:83:bf:91:e8:43:3d:a9:df:90:34:c2:19:
         5a:9f:48:14:d0:56:1b:ab:b8:2d:87:92:77:41:29:6a:8d:96:
         13:6e:b9:af:94:c5:cd:bb:98:4c:06:cb:bc:50:2c:a7:9d:10:
         67:d5:1c:16:fb:30:6f:ef:56:27:0c:6b:e1:1c:50:54:39:98:
         d4:b1:34:9e
-----BEGIN CERTIFICATE-----
MIIFvzCCBKegAwIBAgISAZQg1cIOMaB6KJztwmutbHgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWJiZGI2MjlmZGQwZjFjMzNiZmIxYWM3Y2Y0NDEyMWJjNWU2ZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4ipU/NOaOse7MbvA2YwOeEHmiJF
+N5aiWk6gXix5glB3HBd3bPdpbMRGZuTyg2nlM2iu6HSa+hyKRax3HJKnv8M0fzY
LmrCsiHYOPk6j5oMSf2EjWT6lM6joZVZVlBnThRzlpaJ8HZk3T21CsPymQl7/E8B
Eu1IcC7qmpBDQo4MBNl1IV8E0ibRPbNtuAQzQLGxo6xHevoy1zZUwIrfd3dDvG+X
z2VL6ZIf80wfrwBSpFGdKgwPZG39PGWudJqfqMD1kZGMwnmoyt9JVxpXVNHRSokc
CnItxskU3M9JvuFEputLE2jUfHo0mY+fYsc6UNp8BVIlVG0TYDKGAGYpeQIDAQAB
o4ICyzCCAscwHQYDVR0OBBYEFAW722Kf3Q8cM7+xrHz0QSG8Xm6tMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzkzZjA4
M2I3LTc4MTgtNGNjZi04NjYzLTkxOTFmOGE4NjE2YS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTNm
MDgzYjctNzgxOC00Y2NmLTg2NjMtOTE5MWY4YTg2MTZhLzAvMDVCQkRCNjI5RkRE
MEYxQzMzQkZCMUFDN0NGNDQxMjFCQzVFNkVBRC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgME
AFQm/jANBAIAAjAHAwUDKgwxwDAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMAxmQw
DQYJKoZIhvcNAQELBQADggEBADZDE385rbxDawEu3I9/9sLenxN+XlubdUwcWN51
zQRo+iMWkTDpD6MVoXfLoiqVN5gk1jx6oTDKmOPeuQY5TsDZaOlHiAbRd3BCl5G2
xwJMJCpCpzXAcxK3EdbnrGLf+0udLYl+TDDcQstydM+xWE8fbeGl3rP/y6V3fRcO
K2Txxb3+MfmxYtQBmlJ9C71OB5O2PYYH5p3S0C2uEvQrVV+e+vTrX5xEZP0CWRyZ
e1WUZJyZFYLu9GdYIIO/kehDPanfkDTCGVqfSBTQVhuruC2HkndBKWqNlhNuua+U
xc27mEwGy7xQLKedEGfVHBb7MG/vVicMa+EcUFQ5mNSxNJ4=
-----END CERTIFICATE-----