Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer
File:                     OA73_1tU9T_PIxKr4uw_WVi6FCU.cer (raw, json)
Hash identifier:          sonTyNZsIttuCNSdOdMgIUngSJ4KWoZbJ4/+ELWoz7w=
Subject key identifier:   38:0E:F7:FF:5B:54:F5:3F:CF:23:12:AB:E2:EC:3F:59:58:BA:14:25
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942825BAA49AA54E4F6B12F1E0402F4887
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 17:52:28 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198090
                          AS: 198843
                          IP: 91.199.170.0/24
                          IP: 91.231.164.0/22
                          IP: 91.237.16.0/23
                          IP: 185.30.68.0/22
                          IP: 185.114.80.0/22
                          IP: 185.158.36.0/22
                          IP: 185.246.36.0/22
                          IP: 2a06:6d40::/29
                          IP: 2a07:a9c0::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:ba:a4:9a:a5:4e:4f:6b:12:f1:e0:40:2f:48:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 17:52:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=380ef7ff5b54f53fcf2312abe2ec3f5958ba1425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:45:76:17:bb:6e:80:6c:2e:6e:dd:a9:27:8f:
                    a4:14:e3:eb:42:de:07:db:6f:94:40:16:e0:5e:55:
                    f6:7b:0d:fc:4d:2a:17:b4:f5:9a:8a:18:2f:5d:e1:
                    87:c2:26:8c:55:8a:88:3f:07:45:02:14:9d:0e:71:
                    16:db:f4:fe:88:59:6f:48:5f:bb:f1:d3:c4:09:7e:
                    e0:da:4f:9c:fe:3a:7a:01:91:a8:ed:5a:e1:89:11:
                    f8:99:c2:c7:1e:7e:72:2b:0b:5d:eb:5e:45:a6:23:
                    21:ea:fe:8c:2e:4e:59:18:8c:8b:b9:95:a7:2d:da:
                    a4:2d:27:c6:27:f1:63:15:c7:0e:dd:09:be:20:fb:
                    c8:99:eb:67:e4:ea:67:af:ae:ea:0d:a2:db:9e:33:
                    44:9b:13:e2:15:e0:5e:e8:8a:43:dd:44:c4:31:3b:
                    3c:fa:1d:f0:39:3c:a5:34:90:29:7e:7d:a2:60:c0:
                    6a:a3:ce:ba:85:e5:6f:6e:94:2c:6c:ca:fd:c4:fd:
                    cc:4a:0a:d8:3b:7a:e4:28:ab:6e:d6:ed:5e:e4:28:
                    57:ee:6a:4d:be:fa:2d:bd:25:87:33:c9:7d:91:a1:
                    5c:97:9f:97:dc:89:74:87:34:47:4a:8f:d6:58:59:
                    f9:8b:be:9c:17:d9:1c:f4:c9:ed:c9:68:5e:a0:83:
                    9b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:0E:F7:FF:5B:54:F5:3F:CF:23:12:AB:E2:EC:3F:59:58:BA:14:25
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.170.0/24
                  91.231.164.0/22
                  91.237.16.0/23
                  185.30.68.0/22
                  185.114.80.0/22
                  185.158.36.0/22
                  185.246.36.0/22
                IPv6:
                  2a06:6d40::/29
                  2a07:a9c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198090
                  198843

    Signature Algorithm: sha256WithRSAEncryption
         60:3a:73:9c:d7:69:6b:0a:27:90:94:87:86:5f:4e:52:e1:6a:
         c4:5b:34:1a:a3:ef:1a:d5:c1:b6:60:9c:9c:ac:f9:b7:74:bf:
         72:d9:09:20:db:94:25:1e:7c:00:24:c7:39:04:50:fb:ab:37:
         f5:f7:7e:98:70:5e:b6:c9:55:64:47:59:a0:9d:56:51:42:57:
         06:77:f5:c5:4b:9d:b5:fd:43:72:00:f3:eb:17:1a:d3:60:5e:
         4a:48:5c:23:de:03:bd:65:b1:c5:7d:16:e6:73:d1:46:79:fd:
         51:76:66:e0:91:05:bb:30:a7:e4:33:ed:7d:e7:27:86:ae:71:
         e8:9a:cd:f8:46:cb:7c:d0:8d:6e:1e:14:6d:6e:4d:bf:49:f8:
         c6:bc:0b:fa:a3:72:dd:2c:71:5a:25:41:5b:35:37:72:c7:bf:
         67:e4:90:90:4e:aa:ba:55:ac:16:f1:f1:83:0c:3a:fd:c2:ab:
         88:03:d3:ef:f2:4d:bc:fc:a8:6c:97:42:6d:a2:0f:35:d7:b9:
         f9:02:a6:f3:34:46:f8:b8:f3:ef:2a:23:a1:83:17:86:d1:48:
         3b:9b:66:e9:1e:3c:6d:0d:00:80:b9:8e:84:c6:45:bc:1d:f1:
         44:f0:a2:4d:19:59:bd:04:42:f8:0a:5b:e1:91:55:c0:c3:8b:
         e4:83:4c:af
-----BEGIN CERTIFICATE-----
MIIF0zCCBLugAwIBAgISAZQoJbqkmqVOT2sS8eBAL0iHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTc1MjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBlZjdmZjViNTRmNTNmY2YyMzEyYWJlMmVjM2Y1OTU4YmExNDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0V2F7tugGwubt2pJ4+kFOPrQt4H
22+UQBbgXlX2ew38TSoXtPWaihgvXeGHwiaMVYqIPwdFAhSdDnEW2/T+iFlvSF+7
8dPECX7g2k+c/jp6AZGo7VrhiRH4mcLHHn5yKwtd615FpiMh6v6MLk5ZGIyLuZWn
LdqkLSfGJ/FjFccO3Qm+IPvImetn5Opnr67qDaLbnjNEmxPiFeBe6IpD3UTEMTs8
+h3wOTylNJApfn2iYMBqo866heVvbpQsbMr9xP3MSgrYO3rkKKtu1u1e5ChX7mpN
vvotvSWHM8l9kaFcl5+X3Il0hzRHSo/WWFn5i76cF9kc9MntyWheoIObFQIDAQAB
o4IC3zCCAtswHQYDVR0OBBYEFDgO9/9bVPU/zyMSq+LsP1lYuhQlMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZkL2Q5MTI1
NS0zMjQzLTRhNDctOTQ2YS1mMDRjYzFjMjMwY2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQvZDkxMjU1
LTMyNDMtNGE0Ny05NDZhLWYwNGNjMWMyMzBjZi8xL09BNzNfMXRVOVRfUEl4S3I0
dXdfV1ZpNkZDVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFkGCCsGAQUF
BwEHAQH/BEowSDAwBAIAATAqAwQAW8eqAwQCW+ekAwQBW+0QAwQCuR5EAwQCuXJQ
AwQCuZ4kAwQCufYkMBQEAgACMA4DBQMqBm1AAwUDKgepwDAfBggrBgEFBQcBCAEB
/wQQMA6gDDAKAgMDBcoCAwMIuzANBgkqhkiG9w0BAQsFAAOCAQEAYDpznNdpawon
kJSHhl9OUuFqxFs0GqPvGtXBtmCcnKz5t3S/ctkJINuUJR58ACTHOQRQ+6s39fd+
mHBetslVZEdZoJ1WUUJXBnf1xUudtf1DcgDz6xca02BeSkhcI94DvWWxxX0W5nPR
Rnn9UXZm4JEFuzCn5DPtfecnhq5x6JrN+EbLfNCNbh4UbW5Nv0n4xrwL+qNy3Sxx
WiVBWzU3cse/Z+SQkE6qulWsFvHxgww6/cKriAPT7/JNvPyobJdCbaIPNde5+QKm
8zRG+Ljz7yojoYMXhtFIO5tm6R48bQ0AgLmOhMZFvB3xRPCiTRlZvQRC+Apb4ZFV
wMOL5INMrw==
-----END CERTIFICATE-----