Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
File:                     IwNA0n5LJPkSSXcyLts2lC4tFgw.cer (raw, json)
Hash identifier:          rZc1axGBJHjIZn3OkdWn/FoX9L/bcvRJSNMJidbnqi8=
Subject key identifier:   23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427486D660DEABB8E712B23C0B00979D6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:50:45 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 24848
                          AS: 30778
                          IP: 81.6.128.0/18
                          IP: 81.26.0.0/19
                          IP: 2a00:cd80::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:6d:66:0d:ea:bb:8e:71:2b:23:c0:b0:09:79:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:50:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=230340d27e4b24f9124977322edb36942e2d160c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:19:75:29:da:ee:a5:8d:0f:39:fb:b9:70:17:
                    60:79:95:54:79:e3:22:05:a8:2b:0c:50:71:df:2b:
                    f1:aa:c7:6c:a3:ea:22:3b:0c:94:8a:d3:c3:6d:e5:
                    c2:8f:5c:1b:6d:92:78:28:c7:3b:2a:af:c1:63:25:
                    e8:ae:2b:69:37:2a:c2:01:e5:2a:1d:04:6b:00:46:
                    1a:1e:a7:7c:e1:ed:82:74:9d:a6:39:94:7d:77:12:
                    19:0a:39:0c:3e:80:33:91:b8:f7:41:b7:67:56:51:
                    54:a7:39:78:ed:a4:76:46:c9:5a:99:bd:13:6a:9e:
                    a9:62:88:7a:e9:46:94:da:23:eb:15:0f:40:2f:d7:
                    63:ce:9c:d1:e5:4a:8b:9b:69:1c:d9:ce:c2:0d:6b:
                    4b:ac:fd:a8:4d:41:41:15:61:ba:c9:8d:4c:fe:2d:
                    bd:42:db:18:ab:f3:e6:aa:83:3d:04:27:bb:a3:17:
                    b4:16:42:ca:b8:26:ec:79:af:88:82:0a:90:23:c1:
                    15:f2:ff:54:c2:f7:17:71:b7:63:4a:a7:b1:34:52:
                    07:02:42:13:16:10:5e:f7:16:00:fe:69:60:63:68:
                    7f:c7:85:63:41:a6:cd:d8:27:19:8e:38:c6:4a:ad:
                    a7:47:fd:9b:a7:a9:3c:29:3c:c7:ac:5b:9a:d6:c3:
                    55:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.6.128.0/18
                  81.26.0.0/19
                IPv6:
                  2a00:cd80::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  24848
                  30778

    Signature Algorithm: sha256WithRSAEncryption
         09:49:04:f1:98:82:46:d0:9d:aa:0f:d3:18:3f:04:cc:a4:b8:
         90:1e:9a:31:0a:6e:83:df:01:f0:45:d3:32:ff:5b:26:39:92:
         0f:fd:67:d8:21:d5:cc:0b:e1:ec:8f:99:0f:88:ba:87:b0:b3:
         6c:5f:0e:93:42:8b:1c:5c:06:30:48:dc:1b:8d:31:e1:26:83:
         84:56:85:e1:08:f3:f6:e3:1e:1b:49:7a:07:59:46:9a:12:48:
         8c:c6:40:62:6d:b2:8b:54:cf:c0:33:32:b1:fb:25:ac:8e:bb:
         f2:7e:20:05:f8:33:f8:7d:16:62:e6:e5:a0:55:1e:7d:48:41:
         39:bc:01:3d:27:10:4e:3c:88:a6:48:36:f1:48:6f:1b:09:11:
         90:15:d7:a5:3e:04:df:aa:f1:ad:c9:e2:94:5d:41:69:af:f3:
         11:1d:6f:3e:a4:ea:58:92:1b:1c:aa:d2:fd:31:64:38:57:99:
         97:7f:df:9d:bb:08:20:db:ca:ac:83:06:68:98:a4:5c:f5:20:
         64:15:0e:cc:2d:c4:ce:9a:95:40:77:87:b5:97:54:70:af:19:
         3a:60:81:cf:b9:93:7a:80:3e:f5:41:80:2e:dd:72:5b:a8:85:
         8b:f7:ad:70:62:8e:60:30:a2:bf:ca:0a:73:c1:06:ed:f7:d3:
         77:09:5f:05
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAZQnSG1mDeq7jnErI8CwCXnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM1MDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzAzNDBkMjdlNGIyNGY5MTI0OTc3MzIyZWRiMzY5NDJlMmQxNjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Bl1KdrupY0POfu5cBdgeZVUeeMi
BagrDFBx3yvxqsdso+oiOwyUitPDbeXCj1wbbZJ4KMc7Kq/BYyXoritpNyrCAeUq
HQRrAEYaHqd84e2CdJ2mOZR9dxIZCjkMPoAzkbj3QbdnVlFUpzl47aR2Rslamb0T
ap6pYoh66UaU2iPrFQ9AL9djzpzR5UqLm2kc2c7CDWtLrP2oTUFBFWG6yY1M/i29
QtsYq/PmqoM9BCe7oxe0FkLKuCbsea+IggqQI8EV8v9UwvcXcbdjSqexNFIHAkIT
FhBe9xYA/mlgY2h/x4VjQabN2CcZjjjGSq2nR/2bp6k8KTzHrFua1sNVLwIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFCMDQNJ+SyT5Ekl3Mi7bNpQuLRYMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I5LzdiZGY1
Mi02YWM1LTRjMjQtYmZkMC1iNTcwOTA3YjU5ZWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkvN2JkZjUy
LTZhYzUtNGMyNC1iZmQwLWI1NzA5MDdiNTllYi8xL0l3TkEwbjVMSlBrU1NYY3lM
dHMybEM0dEZndy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQGUQaAAwQFURoAMA0EAgACMAcDBQAqAM2AMB0G
CCsGAQUFBwEIAQH/BA4wDKAKMAgCAmEQAgJ4OjANBgkqhkiG9w0BAQsFAAOCAQEA
CUkE8ZiCRtCdqg/TGD8EzKS4kB6aMQpug98B8EXTMv9bJjmSD/1n2CHVzAvh7I+Z
D4i6h7CzbF8Ok0KLHFwGMEjcG40x4SaDhFaF4Qjz9uMeG0l6B1lGmhJIjMZAYm2y
i1TPwDMysfslrI678n4gBfgz+H0WYubloFUefUhBObwBPScQTjyIpkg28UhvGwkR
kBXXpT4E36rxrcnilF1Baa/zER1vPqTqWJIbHKrS/TFkOFeZl3/fnbsIINvKrIMG
aJikXPUgZBUOzC3EzpqVQHeHtZdUcK8ZOmCBz7mTeoA+9UGALt1yW6iFi/etcGKO
YDCiv8oKc8EG7ffTdwlfBQ==
-----END CERTIFICATE-----