Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/K5didVR7dd8rBMT5spHAcQxQd0A.cer
File:                     K5didVR7dd8rBMT5spHAcQxQd0A.cer (raw, json)
Hash identifier:          jpzsIwqzXKG/AoUNdLLDbVBtvmlGxv8ucTaFMH9fM0Y=
Subject key identifier:   2B:97:62:75:54:7B:75:DF:2B:04:C4:F9:B2:91:C0:71:0C:50:77:40
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423690C704D3BC85799F56BF62818B4DA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/K5didVR7dd8rBMT5spHAcQxQd0A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:47:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 202975
                          IP: 85.116.128.0/21
                          IP: 89.105.88.0/21
                          IP: 185.89.220.0/22
                          IP: 185.135.100.0/22
                          IP: 2a06:f2c0::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:0c:70:4d:3b:c8:57:99:f5:6b:f6:28:18:b4:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b976275547b75df2b04c4f9b291c0710c507740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f7:82:2e:7b:92:80:e6:e9:0c:20:35:04:a0:
                    e3:73:77:32:0d:73:ea:f2:a8:c5:68:0c:fd:85:6b:
                    f4:40:f0:32:cc:fd:fd:9d:13:9f:68:dd:48:0e:ae:
                    ec:24:1d:1c:ea:99:94:1d:92:36:d2:3d:bc:ad:96:
                    31:76:db:59:8b:0e:1d:d3:ad:c2:62:2f:0f:49:b4:
                    54:df:0b:e2:f4:e1:d5:f2:89:f8:ff:1c:af:d3:6a:
                    ab:a7:fa:56:ea:8b:08:bd:30:4b:e3:cb:94:4e:ef:
                    0e:73:20:1e:bc:a8:d0:35:1c:8b:99:d0:a8:9b:59:
                    ca:c5:aa:19:af:f5:03:4f:02:5b:59:63:30:56:00:
                    c4:0d:c4:bc:71:7c:f0:61:03:54:fa:dd:e4:ea:11:
                    5c:c9:5f:ff:b8:e4:5d:1a:67:06:c8:72:83:7c:12:
                    a5:fd:c6:ec:5f:e1:e2:9a:00:4f:c5:fc:9e:f0:c4:
                    93:de:e8:41:56:b5:67:2c:8f:21:8b:64:fb:f2:c3:
                    de:ca:85:ed:45:89:9b:0c:e5:9e:ee:b3:42:16:01:
                    83:52:f4:7e:9c:f7:d3:6e:7d:85:f7:90:95:c7:4b:
                    93:15:5a:d7:1c:e8:23:de:19:20:b4:c2:b4:f8:9e:
                    12:16:ad:46:35:e9:5e:1f:27:7b:5d:9b:55:bb:39:
                    2c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:97:62:75:54:7B:75:DF:2B:04:C4:F9:B2:91:C0:71:0C:50:77:40
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/K5didVR7dd8rBMT5spHAcQxQd0A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.128.0/21
                  89.105.88.0/21
                  185.89.220.0/22
                  185.135.100.0/22
                IPv6:
                  2a06:f2c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202975

    Signature Algorithm: sha256WithRSAEncryption
         9a:69:8a:5d:af:0e:2f:e4:bb:5c:8e:5b:7a:75:6a:18:8b:8f:
         80:3c:87:19:c0:99:cf:dc:ee:3b:c2:7a:e4:ce:aa:bf:37:0d:
         68:c7:d2:ae:38:9d:a7:20:f0:72:1e:8b:7c:88:5d:b1:ea:3e:
         e3:7b:08:54:80:0e:5b:8c:5b:a7:9f:d3:b2:d2:8c:5a:8a:46:
         35:7e:27:55:fa:2c:05:45:70:f8:f0:42:40:fd:5a:5a:b6:34:
         fb:1d:e6:08:99:55:d7:2b:d0:13:af:5f:48:28:ab:32:e5:f3:
         32:07:51:fd:0f:c1:50:eb:aa:fd:5d:bc:e3:c3:71:95:22:2b:
         46:a5:04:94:d5:b7:db:f1:74:70:14:df:80:90:9e:59:ac:70:
         d2:69:82:3a:12:bf:96:9c:5d:7f:de:07:39:e5:71:5e:09:93:
         c1:ef:2d:d8:37:36:88:56:a3:f7:cd:62:a6:3b:f4:59:8d:00:
         11:e1:17:85:2f:cc:8b:30:51:f9:79:7d:b0:35:dc:b0:aa:65:
         3b:17:68:59:e4:93:9d:11:92:a9:d3:ff:5f:ec:d6:b0:fe:64:
         02:88:1c:95:91:0a:e7:41:74:c1:e7:dd:f1:8a:5c:5a:0d:20:
         40:6e:90:d8:bc:3b:83:d3:f2:dc:b9:46:81:cf:74:51:ce:d6:
         e1:14:42:ae
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAZQjaQxwTTvIV5n1a/YoGLTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjk3NjI3NTU0N2I3NWRmMmIwNGM0ZjliMjkxYzA3MTBjNTA3NzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqveCLnuSgObpDCA1BKDjc3cyDXPq
8qjFaAz9hWv0QPAyzP39nROfaN1IDq7sJB0c6pmUHZI20j28rZYxdttZiw4d063C
Yi8PSbRU3wvi9OHV8on4/xyv02qrp/pW6osIvTBL48uUTu8OcyAevKjQNRyLmdCo
m1nKxaoZr/UDTwJbWWMwVgDEDcS8cXzwYQNU+t3k6hFcyV//uORdGmcGyHKDfBKl
/cbsX+HimgBPxfye8MST3uhBVrVnLI8hi2T78sPeyoXtRYmbDOWe7rNCFgGDUvR+
nPfTbn2F95CVx0uTFVrXHOgj3hkgtMK0+J4SFq1GNeleHyd7XZtVuzksHQIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFCuXYnVUe3XfKwTE+bKRwHEMUHdAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQyLzU4ZjQ1
Zi04YjA3LTRlNmEtOTU0OC1kNWIwZjkxZDk3YzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIvNThmNDVm
LThiMDctNGU2YS05NTQ4LWQ1YjBmOTFkOTdjMi8xL0s1ZGlkVlI3ZGQ4ckJNVDVz
cEhBY1F4UWQwQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAGCCsGAQUF
BwEHAQH/BDEwLzAeBAIAATAYAwQDVXSAAwQDWWlYAwQCuVncAwQCuYdkMA0EAgAC
MAcDBQMqBvLAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMY3zANBgkqhkiG9w0B
AQsFAAOCAQEAmmmKXa8OL+S7XI5benVqGIuPgDyHGcCZz9zuO8J65M6qvzcNaMfS
rjidpyDwch6LfIhdseo+43sIVIAOW4xbp5/TstKMWopGNX4nVfosBUVw+PBCQP1a
WrY0+x3mCJlV1yvQE69fSCirMuXzMgdR/Q/BUOuq/V2848NxlSIrRqUElNW32/F0
cBTfgJCeWaxw0mmCOhK/lpxdf94HOeVxXgmTwe8t2Dc2iFaj981ipjv0WY0AEeEX
hS/MizBR+Xl9sDXcsKplOxdoWeSTnRGSqdP/X+zWsP5kAogclZEK50F0wefd8Ypc
Wg0gQG6Q2Lw7g9Py3LlGgc90Uc7W4RRCrg==
-----END CERTIFICATE-----