Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer
File:                     CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer (raw, json)
Hash identifier:          x5SXoUYHVFtdVjWzUhRfuBpa8YOAyGqTjvas5M4xxyY=
Subject key identifier:   09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194843E7F18640111B2ACD6D13E9C2D6A7A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 20 Jan 2025 15:04:35 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 47294
                          IP: 185.222.106.0/24
                          IP: 199.244.100.0/22
                          IP: 2a13:e5c0::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:84:3e:7f:18:64:01:11:b2:ac:d6:d1:3e:9c:2d:6a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 20 15:04:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=090e592a2e0d427a09aa2de1b9baf08ccd14f0a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3d:4d:69:cb:32:6c:0f:34:2c:33:76:bf:1c:
                    fc:9a:2e:7d:67:ca:f7:f6:78:7a:3d:99:61:fb:bf:
                    dd:10:60:89:8f:fe:a7:5b:8e:0f:11:5b:a6:83:af:
                    10:a2:29:50:71:22:cb:ff:ec:bf:31:9c:0b:36:be:
                    b2:04:71:b8:8f:fb:ff:05:3f:ee:6b:78:36:54:c3:
                    74:43:05:6a:65:2c:4a:ef:f0:50:8b:ff:68:39:ca:
                    0b:44:5d:e6:e9:18:71:9e:c6:5c:77:c7:4f:a7:fe:
                    1f:05:a7:c3:e9:8e:67:6b:31:a3:7f:7d:27:c8:99:
                    b3:de:16:00:9f:e8:56:da:a1:a9:12:de:99:2d:ed:
                    c3:06:1f:2d:96:2b:be:65:c6:9b:47:39:c7:65:28:
                    ce:ed:3e:4b:ec:a9:54:69:a3:af:21:20:4a:a1:1e:
                    1b:27:e3:9c:ec:d2:7a:66:04:17:f9:d6:6b:54:39:
                    02:e9:ca:b6:b3:a2:01:7c:96:a5:93:48:ba:b3:80:
                    a0:3b:ad:ff:32:22:26:d3:9a:0e:7e:98:35:e0:aa:
                    60:a1:b8:42:c9:d5:ba:a1:6e:e2:1f:68:66:25:6b:
                    a8:70:a8:fd:da:2f:10:5b:81:b6:f2:27:5d:b8:ab:
                    0f:2a:cd:ca:21:46:a4:bc:2f:4f:f3:2b:fd:18:aa:
                    40:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.106.0/24
                  199.244.100.0/22
                IPv6:
                  2a13:e5c0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47294

    Signature Algorithm: sha256WithRSAEncryption
         a2:5a:91:68:88:b8:ae:dd:83:bc:2c:8e:e3:a1:05:2b:db:e7:
         f8:f0:ac:c4:d8:a2:68:54:46:a0:75:e1:68:0f:9c:28:7e:0d:
         98:1a:a1:9f:91:ff:8e:49:9c:e1:cc:1d:71:f6:29:da:e0:61:
         03:c4:35:bb:66:e5:a6:0f:18:64:7e:93:fd:47:6c:c0:b4:12:
         ff:ea:fd:8b:ed:12:a3:b9:df:9e:d5:87:e9:94:db:a6:c5:f0:
         b0:0a:c2:9b:23:37:e9:fd:a4:46:5b:b7:f3:c7:dd:6a:66:3d:
         3e:a0:2d:e6:e7:03:8b:1e:83:58:26:6c:bf:11:2a:f1:2e:31:
         61:b8:43:9e:d1:8e:68:a9:77:df:f1:31:10:29:62:09:c9:14:
         8d:60:c7:56:bc:3b:ea:9b:ee:2b:ca:f6:d9:ec:7e:c1:4c:f6:
         35:78:d3:46:8a:36:17:a3:09:ac:9b:29:d4:9d:e3:c6:28:cb:
         32:52:78:3c:35:eb:96:34:9e:69:6e:57:9a:64:39:96:ef:3d:
         c6:1e:95:c0:ac:22:f9:5e:f7:e7:ab:54:39:f3:27:c2:72:70:
         95:1e:60:0b:16:95:b6:d7:ae:25:f5:1b:56:3e:e7:8d:0c:8d:
         6f:8f:1e:a9:65:87:d3:92:c2:dc:e2:f2:74:40:cd:dd:7e:79:
         d0:4d:3e:25
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZSEPn8YZAERsqzW0T6cLWp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTIwMTUwNDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBlNTkyYTJlMGQ0MjdhMDlhYTJkZTFiOWJhZjA4Y2NkMTRmMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtj1NacsybA80LDN2vxz8mi59Z8r3
9nh6PZlh+7/dEGCJj/6nW44PEVumg68QoilQcSLL/+y/MZwLNr6yBHG4j/v/BT/u
a3g2VMN0QwVqZSxK7/BQi/9oOcoLRF3m6RhxnsZcd8dPp/4fBafD6Y5nazGjf30n
yJmz3hYAn+hW2qGpEt6ZLe3DBh8tliu+ZcabRznHZSjO7T5L7KlUaaOvISBKoR4b
J+Oc7NJ6ZgQX+dZrVDkC6cq2s6IBfJalk0i6s4CgO63/MiIm05oOfpg14KpgobhC
ydW6oW7iH2hmJWuocKj92i8QW4G28idduKsPKs3KIUakvC9P8yv9GKpAXwIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFAkOWSouDUJ6Caot4bm68IzNFPCgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1LzE1ZjY5
MC01YWRkLTQ3MGQtYTI4Ni0zM2JkYzczZWQwZWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvMTVmNjkw
LTVhZGQtNDcwZC1hMjg2LTMzYmRjNzNlZDBlYS8xL0NRNVpLaTROUW5vSnFpM2h1
YnJ3ak0wVThLQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQAud5qAwQCx/RkMA0EAgACMAcDBQAqE+XAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwC4vjANBgkqhkiG9w0BAQsFAAOCAQEAolqR
aIi4rt2DvCyO46EFK9vn+PCsxNiiaFRGoHXhaA+cKH4NmBqhn5H/jkmc4cwdcfYp
2uBhA8Q1u2blpg8YZH6T/UdswLQS/+r9i+0So7nfntWH6ZTbpsXwsArCmyM36f2k
Rlu388fdamY9PqAt5ucDix6DWCZsvxEq8S4xYbhDntGOaKl33/ExECliCckUjWDH
Vrw76pvuK8r22ex+wUz2NXjTRoo2F6MJrJsp1J3jxijLMlJ4PDXrljSeaW5XmmQ5
lu89xh6VwKwi+V7356tUOfMnwnJwlR5gCxaVtteuJfUbVj7njQyNb48eqWWH05LC
3OLydEDN3X550E0+JQ==
-----END CERTIFICATE-----