Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer
File:                     KflnDuKjDqyMCjncR_96jNJHOwA.cer (raw, json)
Hash identifier:          EruHHGzSXcG7/bEEs3fCT5A+5qPTTvxfx0Vj7VcbW/A=
Subject key identifier:   29:F9:67:0E:E2:A3:0E:AC:8C:0A:39:DC:47:FF:7A:8C:D2:47:3B:00
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B38E21E09ACADC2BCFD1794C633448
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 209114
                          IP: 193.33.120.0/24
                          IP: 194.31.130.0/24
                          IP: 212.56.58.0/23
                          IP: 2a12:6e40::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:8e:21:e0:9a:ca:dc:2b:cf:d1:79:4c:63:34:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29f9670ee2a30eac8c0a39dc47ff7a8cd2473b00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:07:0d:e3:62:6b:f0:94:ff:97:6e:bc:64:84:
                    06:f2:b9:df:67:8d:d8:7e:0a:9d:9c:a7:e3:dc:c4:
                    a7:0d:a4:07:92:68:6a:74:a4:1b:27:c3:22:d6:41:
                    c0:90:4e:fe:1a:cb:f3:34:f3:f5:04:0d:ed:61:9b:
                    d7:3a:46:0b:78:75:90:52:50:55:96:83:0c:88:da:
                    20:d2:90:62:9b:87:2b:8e:04:12:3f:8e:19:dd:65:
                    47:d1:1f:ee:73:88:88:95:39:53:4c:0d:bc:57:49:
                    9c:60:a0:d2:aa:c8:18:86:b4:4e:2c:d6:a6:11:c3:
                    4c:b1:55:04:8a:cb:2e:4f:82:5c:0d:51:83:43:74:
                    00:4c:42:81:e5:a0:7c:f4:20:ba:20:8a:bb:3f:9e:
                    de:ae:6d:cf:71:c3:ce:9f:f1:a7:a3:b6:f7:85:bc:
                    c0:0b:40:23:d4:9d:12:cb:a9:15:4c:ef:c4:8b:41:
                    fb:24:d3:17:67:7a:1d:2b:2b:9b:57:cf:ad:18:6d:
                    20:86:03:cc:46:f4:5c:47:7a:a5:45:73:64:a7:a0:
                    de:10:48:23:e4:3e:92:c3:df:dd:e0:56:6d:63:e1:
                    40:7e:2d:4c:ee:8d:49:8f:d7:f9:79:e0:ad:9c:8b:
                    6b:20:12:c0:64:2a:52:65:03:b6:14:cb:ed:24:d5:
                    b6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F9:67:0E:E2:A3:0E:AC:8C:0A:39:DC:47:FF:7A:8C:D2:47:3B:00
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.120.0/24
                  194.31.130.0/24
                  212.56.58.0/23
                IPv6:
                  2a12:6e40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209114

    Signature Algorithm: sha256WithRSAEncryption
         9e:c2:35:ca:ed:30:94:17:e0:77:e8:49:00:f3:74:c6:09:6e:
         e7:34:d3:d9:34:56:82:96:c2:be:bb:8b:27:ad:75:f9:0a:31:
         d7:c7:d5:12:a1:d9:81:5a:43:1f:bc:e4:e1:c4:21:64:6a:a5:
         71:29:dd:3b:b3:56:07:e5:4c:39:80:ae:af:23:31:a6:9f:0c:
         66:0f:24:4b:0a:16:3c:6d:8c:3c:05:ea:82:90:b3:b6:a4:95:
         09:11:f5:8a:19:7e:bb:fb:c4:51:81:3e:2e:92:5a:1c:ac:65:
         4c:d8:9d:58:7d:c3:64:39:37:a8:40:4a:8e:25:ad:f3:5e:c8:
         f7:d9:f9:fa:95:42:66:44:ec:a7:ad:5c:d0:30:2a:9b:dd:15:
         c4:3c:bb:b7:d6:72:e9:3c:ab:98:b3:71:00:9b:78:e9:62:84:
         1c:00:d0:55:ad:2f:5e:00:ee:ca:5f:0a:10:45:87:72:91:b2:
         7e:9f:a9:3f:10:1e:95:58:e2:5e:98:cd:83:af:5f:10:4f:4d:
         86:d8:5e:1b:00:7c:07:3e:45:18:87:50:92:47:b0:43:be:7c:
         c5:b9:55:a4:fa:d8:c4:10:8b:ec:9c:dd:f5:9e:f1:b6:df:ec:
         43:9c:67:41:49:1f:83:08:0c:e7:a1:33:b2:f6:3f:3c:4e:be:
         2a:b0:33:82
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgISAZQks44h4JrK3CvP0XlMYzRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWY5NjcwZWUyYTMwZWFjOGMwYTM5ZGM0N2ZmN2E4Y2QyNDczYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAcN42Jr8JT/l268ZIQG8rnfZ43Y
fgqdnKfj3MSnDaQHkmhqdKQbJ8Mi1kHAkE7+GsvzNPP1BA3tYZvXOkYLeHWQUlBV
loMMiNog0pBim4crjgQSP44Z3WVH0R/uc4iIlTlTTA28V0mcYKDSqsgYhrROLNam
EcNMsVUEissuT4JcDVGDQ3QATEKB5aB89CC6IIq7P57erm3PccPOn/Gno7b3hbzA
C0Aj1J0Sy6kVTO/Ei0H7JNMXZ3odKyubV8+tGG0ghgPMRvRcR3qlRXNkp6DeEEgj
5D6Sw9/d4FZtY+FAfi1M7o1Jj9f5eeCtnItrIBLAZCpSZQO2FMvtJNW28wIDAQAB
o4ICuzCCArcwHQYDVR0OBBYEFCn5Zw7iow6sjAo53Ef/eozSRzsAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg2LzJmZjc2
ZC1mMTE2LTQ0MzAtODQwNy02ZTI5ZWZkZmQ0ZTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvMmZmNzZk
LWYxMTYtNDQzMC04NDA3LTZlMjllZmRmZDRlMy8xL0tmbG5EdUtqRHF5TUNqbmNS
Xzk2ak5KSE93QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQAwSF4AwQAwh+CAwQB1Dg6MA0EAgACMAcDBQMq
Em5AMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMw2jANBgkqhkiG9w0BAQsFAAOC
AQEAnsI1yu0wlBfgd+hJAPN0xglu5zTT2TRWgpbCvruLJ611+Qox18fVEqHZgVpD
H7zk4cQhZGqlcSndO7NWB+VMOYCuryMxpp8MZg8kSwoWPG2MPAXqgpCztqSVCRH1
ihl+u/vEUYE+LpJaHKxlTNidWH3DZDk3qEBKjiWt817I99n5+pVCZkTsp61c0DAq
m90VxDy7t9Zy6TyrmLNxAJt46WKEHADQVa0vXgDuyl8KEEWHcpGyfp+pPxAelVji
XpjNg69fEE9NhtheGwB8Bz5FGIdQkkewQ758xblVpPrYxBCL7Jzd9Z7xtt/sQ5xn
QUkfgwgM56EzsvY/PE6+KrAzgg==
-----END CERTIFICATE-----