Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JygMxTRRbRwdnqAk6q-9Af3GjJc.cer
File:                     JygMxTRRbRwdnqAk6q-9Af3GjJc.cer (raw, json)
Hash identifier:          rBsOADoyM9VRDoeAga7sVvzvUmG67zoJZlbovWfN6Us=
Subject key identifier:   27:28:0C:C5:34:51:6D:1C:1D:9E:A0:24:EA:AF:BD:01:FD:C6:8C:97
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942444869D51674733468E0773D9D6AA1F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/JygMxTRRbRwdnqAk6q-9Af3GjJc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:47:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 39238
                          IP: 79.143.64.0/22
                          IP: 79.143.76.0/22
                          IP: 185.38.160.0/22
                          IP: 194.36.148.0/22
                          IP: 217.29.50.0 -- 217.29.63.255
                          IP: 2a0c:f540::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:86:9d:51:67:47:33:46:8e:07:73:d9:d6:aa:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27280cc534516d1c1d9ea024eaafbd01fdc68c97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:36:2a:4a:c8:9d:a5:84:20:59:e8:35:44:da:
                    ba:6a:ed:04:44:c7:3a:96:c0:bd:c8:54:71:25:de:
                    f8:d8:54:de:e6:34:f3:cd:1c:db:ab:58:79:65:7f:
                    ae:b1:e1:ca:e5:bf:6f:8b:5a:fb:0a:7f:fc:cb:50:
                    b6:99:dc:d3:f3:3c:cc:10:e7:da:58:24:f0:a1:2f:
                    74:bd:9e:39:6c:50:e5:61:45:f6:17:92:24:98:b1:
                    10:d0:ec:de:b4:20:96:f6:59:51:a3:89:6b:c3:1b:
                    a6:54:72:75:64:6e:27:a4:af:f5:e8:de:c3:01:2a:
                    d5:6f:35:ad:1b:e2:42:fc:6e:a0:3d:67:d3:38:24:
                    de:73:53:5c:68:f5:bf:9d:7f:6c:30:4c:0b:a4:14:
                    26:6c:3d:2e:65:07:00:9d:2f:cc:88:9b:e4:46:dc:
                    36:ff:d9:25:07:19:7e:92:be:54:3e:be:24:b9:d9:
                    21:6e:f2:0f:65:c9:4b:11:7f:b1:17:e3:c1:dc:48:
                    c5:92:53:6d:f5:d3:88:9e:fb:6a:d3:09:bc:be:46:
                    01:51:8a:9d:ff:1b:ab:dc:1c:05:fb:1d:4b:4f:69:
                    86:91:f8:cf:84:b8:57:ea:61:e5:f2:c8:7c:94:b7:
                    4b:f4:97:f7:7d:f7:10:27:2f:2b:89:04:00:ab:ab:
                    50:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:28:0C:C5:34:51:6D:1C:1D:9E:A0:24:EA:AF:BD:01:FD:C6:8C:97
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/JygMxTRRbRwdnqAk6q-9Af3GjJc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.143.64.0/22
                  79.143.76.0/22
                  185.38.160.0/22
                  194.36.148.0/22
                  217.29.50.0-217.29.63.255
                IPv6:
                  2a0c:f540::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39238

    Signature Algorithm: sha256WithRSAEncryption
         40:06:ad:2a:d9:e6:e4:df:4b:7f:60:9a:78:50:d2:cc:ac:0e:
         1b:83:b6:f4:bb:50:5e:47:a0:66:64:33:4e:b3:e7:84:be:63:
         3b:5c:57:57:75:1a:07:72:18:1d:30:27:6d:4a:3a:6a:e4:88:
         41:1e:88:dc:de:73:37:c2:bc:ae:52:13:66:c1:5b:c4:0c:66:
         d5:46:ff:f7:a8:f9:2f:82:53:67:7f:2a:a1:cf:1e:7a:d0:0f:
         74:1c:00:72:2c:0d:83:9f:d9:06:24:68:5d:78:2f:36:8c:85:
         94:cb:9a:19:31:05:3d:da:da:ff:a4:8e:5b:3c:a8:94:b7:07:
         2c:e8:b5:f8:02:4c:31:e6:ca:ae:11:cc:78:53:9f:1c:51:1c:
         51:55:cd:54:4d:5a:57:c0:4c:e3:8b:b7:54:5e:39:60:68:0c:
         05:72:b0:e2:81:7c:30:aa:0d:9b:e9:47:b3:70:09:68:e1:65:
         75:1c:d0:33:d7:59:40:f7:b7:a7:60:68:38:44:b7:69:af:9c:
         72:52:9b:d5:65:25:1f:f2:98:d1:87:6d:df:44:1b:41:a2:e7:
         47:1d:74:0e:a7:49:5f:1b:1a:f1:75:83:0d:97:f1:05:51:06:
         98:bf:4b:83:c1:8c:39:2d:c0:82:5d:b1:a4:2e:a4:01:a2:24:
         30:27:19:71
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgISAZQkRIadUWdHM0aOB3PZ1qofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzI4MGNjNTM0NTE2ZDFjMWQ5ZWEwMjRlYWFmYmQwMWZkYzY4Yzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zYqSsidpYQgWeg1RNq6au0ERMc6
lsC9yFRxJd742FTe5jTzzRzbq1h5ZX+useHK5b9vi1r7Cn/8y1C2mdzT8zzMEOfa
WCTwoS90vZ45bFDlYUX2F5IkmLEQ0OzetCCW9llRo4lrwxumVHJ1ZG4npK/16N7D
ASrVbzWtG+JC/G6gPWfTOCTec1NcaPW/nX9sMEwLpBQmbD0uZQcAnS/MiJvkRtw2
/9klBxl+kr5UPr4kudkhbvIPZclLEX+xF+PB3EjFklNt9dOInvtq0wm8vkYBUYqd
/xur3BwF+x1LT2mGkfjPhLhX6mHl8sh8lLdL9Jf3ffcQJy8riQQAq6tQMwIDAQAB
o4ICzzCCAsswHQYDVR0OBBYEFCcoDMU0UW0cHZ6gJOqvvQH9xoyXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEwLzBjYzZi
NS01NDc3LTQ5MGEtYTI5NS0xNWI3OWIwMjk0M2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAvMGNjNmI1
LTU0NzctNDkwYS1hMjk1LTE1Yjc5YjAyOTQzZS8xL0p5Z014VFJSYlJ3ZG5xQWs2
cS05QWYzR2pKYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CME4GCCsGAQUF
BwEHAQH/BD8wPTAsBAIAATAmAwQCT49AAwQCT49MAwQCuSagAwQCwiSUMAwDBAHZ
HTIDBAbZHQAwDQQCAAIwBwMFAyoM9UAwGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQID
AJlGMA0GCSqGSIb3DQEBCwUAA4IBAQBABq0q2ebk30t/YJp4UNLMrA4bg7b0u1Be
R6BmZDNOs+eEvmM7XFdXdRoHchgdMCdtSjpq5IhBHojc3nM3wryuUhNmwVvEDGbV
Rv/3qPkvglNnfyqhzx560A90HAByLA2Dn9kGJGhdeC82jIWUy5oZMQU92tr/pI5b
PKiUtwcs6LX4Akwx5squEcx4U58cURxRVc1UTVpXwEzji7dUXjlgaAwFcrDigXww
qg2b6UezcAlo4WV1HNAz11lA97enYGg4RLdpr5xyUpvVZSUf8pjRh23fRBtBoudH
HXQOp0lfGxrxdYMNl/EFUQaYv0uDwYw5LcCCXbGkLqQBoiQwJxlx
-----END CERTIFICATE-----