Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
File:                     G58hugTl4wd7OR49SP9bClCzNp8.cer (raw, json)
Hash identifier:          NztvOcHzO6rfJNIPErL70ZLr6t6VgHPrcgKfqfx+Dbc=
Subject key identifier:   1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942521D98CDF99CAB49AEFAB5CBC1D7E99
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:49:22 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208022
                          IP: 195.93.226.0/24
                          IP: 2a0a:280::/29
                          IP: 2a11:3780::/29
                          IP: 2a12:ef40::/29
                          IP: 2a13:63c0::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:d9:8c:df:99:ca:b4:9a:ef:ab:5c:bc:1d:7e:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:55:a1:c8:b0:0a:71:cc:c7:aa:5a:06:7d:d7:
                    ca:aa:97:14:d9:9c:29:df:cf:ad:b8:ea:a2:70:93:
                    65:a4:40:a3:b8:1f:29:10:3c:f7:9c:cd:31:dd:46:
                    a5:f2:88:02:df:a3:5f:fc:71:29:83:d3:0a:30:97:
                    3f:4e:19:f4:ab:60:99:e7:3a:26:1a:a4:3d:e0:4b:
                    90:af:83:25:13:81:98:0c:8b:87:e1:d6:ff:75:79:
                    ce:b7:67:ad:8c:b1:b1:a3:57:b9:c9:12:f9:b2:18:
                    81:4e:8d:92:e6:a0:9a:8c:c1:d1:e9:15:6a:0c:86:
                    80:c7:bf:d5:02:94:a6:57:4e:87:5e:6b:55:ca:7c:
                    ec:d8:71:3d:35:00:2e:86:b9:7f:75:60:0d:ab:bd:
                    b6:0f:b8:ac:e3:5e:57:90:fe:1b:e6:fd:75:c9:35:
                    23:21:8a:3a:d4:c2:c4:18:3f:d4:8e:ad:04:da:cc:
                    66:38:24:4d:59:27:1d:b5:33:a6:a3:78:bf:38:a8:
                    f3:7e:0e:40:34:1d:79:74:bf:15:f5:c3:92:5d:7e:
                    58:dd:78:09:07:a8:29:13:de:00:c8:b7:4e:0d:dd:
                    e6:a7:11:96:0d:5c:0d:e5:a1:b4:3c:f6:3b:73:d4:
                    4c:ee:bc:04:ce:5d:8f:76:34:4a:73:06:e3:e9:3f:
                    21:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.226.0/24
                IPv6:
                  2a0a:280::/29
                  2a11:3780::/29
                  2a12:ef40::/29
                  2a13:63c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208022

    Signature Algorithm: sha256WithRSAEncryption
         4b:5d:2d:2c:40:8d:36:0d:2d:06:ee:b9:60:76:5d:28:f5:0d:
         4f:9f:50:b2:df:ee:29:b6:e7:28:80:7e:01:dc:e8:07:d3:61:
         4c:9a:82:ae:b3:9a:fd:c8:7c:c4:a6:ed:e9:b0:56:e8:ab:84:
         97:0c:b8:e1:0f:e1:33:7c:05:bd:f1:70:3e:0d:3a:15:ca:68:
         48:7b:06:11:42:2f:60:d7:0a:28:bb:1d:2c:72:b5:b8:e5:9c:
         c7:0b:9a:61:6a:6a:33:d4:9c:df:91:31:e6:65:b6:d0:e1:a2:
         53:12:73:7e:fd:4d:90:b1:cf:e7:c4:a6:4c:ed:92:20:5d:5d:
         4d:d4:b0:82:7c:d2:dd:ed:fd:cb:52:c8:45:df:6f:79:df:cc:
         21:27:ca:84:b6:76:3a:c4:2b:87:f7:8a:4c:42:f9:42:84:98:
         3e:53:4a:ca:3f:3f:6e:fb:ed:71:e6:52:4b:d7:79:8b:74:f5:
         82:10:1f:c2:e1:9c:9c:8c:a9:9d:12:23:98:cc:98:b9:38:a1:
         40:66:80:ba:b1:05:86:3a:c3:7f:63:1d:8e:0e:8c:d6:f6:0c:
         6c:63:30:57:a1:58:0d:7c:05:b0:a8:e5:e2:06:3e:7d:e9:52:
         b7:b8:a0:9f:d5:34:2a:a5:65:c9:08:e7:b8:69:57:eb:8e:8b:
         d8:8b:99:2b
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgISAZQlIdmM35nKtJrvq1y8HX6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjlmMjFiYTA0ZTVlMzA3N2IzOTFlM2Q0OGZmNWIwYTUwYjMzNjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFWhyLAKcczHqloGfdfKqpcU2Zwp
38+tuOqicJNlpECjuB8pEDz3nM0x3Ual8ogC36Nf/HEpg9MKMJc/Thn0q2CZ5zom
GqQ94EuQr4MlE4GYDIuH4db/dXnOt2etjLGxo1e5yRL5shiBTo2S5qCajMHR6RVq
DIaAx7/VApSmV06HXmtVynzs2HE9NQAuhrl/dWANq722D7is415XkP4b5v11yTUj
IYo61MLEGD/Ujq0E2sxmOCRNWScdtTOmo3i/OKjzfg5ANB15dL8V9cOSXX5Y3XgJ
B6gpE94AyLdODd3mpxGWDVwN5aG0PPY7c9RM7rwEzl2PdjRKcwbj6T8hKQIDAQAB
o4ICxDCCAsAwHQYDVR0OBBYEFBufIboE5eMHezkePUj/WwpQszafMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIyL2Y2N2E3
OC0xODNkLTQ5NGEtOTk1ZS1mNTFjNWZiM2RmOWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjIvZjY3YTc4
LTE4M2QtNDk0YS05OTVlLWY1MWM1ZmIzZGY5YS8xL0c1OGh1Z1RsNHdkN09SNDlT
UDliQ2xDek5wOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEMGCCsGAQUF
BwEHAQH/BDQwMjAMBAIAATAGAwQAw13iMCIEAgACMBwDBQMqCgKAAwUDKhE3gAMF
AyoS70ADBQMqE2PAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMsljANBgkqhkiG
9w0BAQsFAAOCAQEAS10tLECNNg0tBu65YHZdKPUNT59Qst/uKbbnKIB+AdzoB9Nh
TJqCrrOa/ch8xKbt6bBW6KuElwy44Q/hM3wFvfFwPg06FcpoSHsGEUIvYNcKKLsd
LHK1uOWcxwuaYWpqM9Sc35Ex5mW20OGiUxJzfv1NkLHP58SmTO2SIF1dTdSwgnzS
3e39y1LIRd9ved/MISfKhLZ2OsQrh/eKTEL5QoSYPlNKyj8/bvvtceZSS9d5i3T1
ghAfwuGcnIypnRIjmMyYuTihQGaAurEFhjrDf2Mdjg6M1vYMbGMwV6FYDXwFsKjl
4gY+felSt7ign9U0KqVlyQjnuGlX646L2IuZKw==
-----END CERTIFICATE-----