Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PuWh3Qzuh0wG4eofcoJ9l8vGcYc.cer
File:                     PuWh3Qzuh0wG4eofcoJ9l8vGcYc.cer (raw, json)
Hash identifier:          bDJsPP3F+jktIrP5xy1FxRq757LPZOZ7yz4FqcRly30=
Subject key identifier:   3E:E5:A1:DD:0C:EE:87:4C:06:E1:EA:1F:72:82:7D:97:CB:C6:71:87
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420685D1EAB7E6ECB73E97C29A18FDE62
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/57/95ffd9-19d3-4517-8c47-c61661d1b71b/1/PuWh3Qzuh0wG4eofcoJ9l8vGcYc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/57/95ffd9-19d3-4517-8c47-c61661d1b71b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:18 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198611
                          IP: 91.231.205.0/24
                          IP: 91.237.68.0/22
                          IP: 2001:67c:16f8::/48
                          IP: 2001:67c:2ad8::/48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:5d:1e:ab:7e:6e:cb:73:e9:7c:29:a1:8f:de:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ee5a1dd0cee874c06e1ea1f72827d97cbc67187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b4:e0:de:a1:fb:10:dd:3c:56:18:1b:a0:eb:
                    1d:ae:cf:0b:8e:13:4f:c2:1a:e7:9c:73:92:80:21:
                    19:c5:55:97:99:a7:89:de:f4:25:a8:fc:2b:37:5d:
                    82:22:0f:ee:f4:78:c6:07:de:ee:d0:df:97:6a:0a:
                    86:de:3a:4f:b2:82:a9:84:ef:cf:b3:4c:d9:a2:74:
                    86:9f:7d:7b:e6:82:e2:fc:08:db:73:d9:9d:14:4d:
                    59:af:1c:e2:ac:52:c3:7b:5e:62:68:0c:91:49:b4:
                    6a:0f:92:f4:8a:bb:8d:b2:44:ed:ba:96:a2:0f:84:
                    dd:84:b5:d3:32:17:25:5a:5b:ae:14:47:b9:fb:06:
                    e4:31:b5:b2:19:05:c6:01:cf:1a:97:b2:64:2e:29:
                    d6:97:07:1b:56:d1:bf:60:26:8f:cc:5b:90:df:9b:
                    3f:b9:0a:45:83:da:d4:0b:23:a0:6c:45:51:0a:8d:
                    91:f1:69:dc:3f:73:02:b1:32:de:d6:3d:3d:ef:6b:
                    48:80:29:49:96:6b:64:db:b1:42:84:79:6b:24:3f:
                    6d:e2:63:5a:e7:62:d9:4c:ca:5b:70:ce:e9:e1:60:
                    2c:28:b8:96:d3:ab:3e:ec:78:d7:b3:66:b6:04:7e:
                    0d:32:1c:1d:dd:0c:de:ae:f1:5a:ed:6e:1c:bd:67:
                    0b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E5:A1:DD:0C:EE:87:4C:06:E1:EA:1F:72:82:7D:97:CB:C6:71:87
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/95ffd9-19d3-4517-8c47-c61661d1b71b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/95ffd9-19d3-4517-8c47-c61661d1b71b/1/PuWh3Qzuh0wG4eofcoJ9l8vGcYc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.205.0/24
                  91.237.68.0/22
                IPv6:
                  2001:67c:16f8::/48
                  2001:67c:2ad8::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198611

    Signature Algorithm: sha256WithRSAEncryption
         9b:a1:05:b3:50:14:6e:46:dc:14:74:94:24:20:2d:9b:d7:bc:
         8a:1e:65:b1:25:b3:2a:50:ab:f6:74:94:ed:9e:0e:74:34:73:
         ef:d6:51:67:e3:b9:3f:31:5b:cc:ff:07:e2:f0:75:46:68:ad:
         47:ad:e3:3f:8d:8a:db:64:47:af:7f:0d:03:16:70:88:22:12:
         d1:88:91:18:51:5d:81:17:a3:43:99:c8:a7:39:f5:38:52:ab:
         df:96:75:c7:df:90:30:2f:66:7b:7d:8a:d5:41:76:df:8d:88:
         1c:b5:80:61:f7:09:02:b7:2e:f8:3b:8f:db:e1:a3:0c:42:bc:
         94:e1:f3:24:d0:3b:1a:c0:51:ea:5b:c5:29:53:10:8a:56:39:
         09:62:76:ae:6f:16:e5:9b:a9:c4:a6:84:a3:6f:63:ba:71:d6:
         9b:8d:e1:f7:71:7a:ae:a5:f8:e9:09:cf:e7:26:20:da:75:07:
         da:bf:89:80:2b:71:5e:f6:37:89:ca:2b:ad:a3:15:2c:5a:10:
         ee:4e:55:47:48:4a:7f:d9:25:86:c6:1c:05:b2:6e:9d:9f:2a:
         a5:97:d6:35:68:9c:bb:48:6d:9e:ae:a8:2a:f8:59:8a:77:d7:
         70:dd:58:62:0a:85:6f:ab:bd:be:76:ac:05:ee:d8:bd:69:e6:
         43:e6:e8:ff
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgISAZQgaF0eq35uy3PpfCmhj95iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWU1YTFkZDBjZWU4NzRjMDZlMWVhMWY3MjgyN2Q5N2NiYzY3MTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbTg3qH7EN08VhgboOsdrs8LjhNP
whrnnHOSgCEZxVWXmaeJ3vQlqPwrN12CIg/u9HjGB97u0N+XagqG3jpPsoKphO/P
s0zZonSGn3175oLi/Ajbc9mdFE1ZrxzirFLDe15iaAyRSbRqD5L0iruNskTtupai
D4TdhLXTMhclWluuFEe5+wbkMbWyGQXGAc8al7JkLinWlwcbVtG/YCaPzFuQ35s/
uQpFg9rUCyOgbEVRCo2R8WncP3MCsTLe1j0972tIgClJlmtk27FChHlrJD9t4mNa
52LZTMpbcM7p4WAsKLiW06s+7HjXs2a2BH4NMhwd3QzervFa7W4cvWcLWQIDAQAB
o4ICwDCCArwwHQYDVR0OBBYEFD7lod0M7odMBuHqH3KCfZfLxnGHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU3Lzk1ZmZk
OS0xOWQzLTQ1MTctOGM0Ny1jNjE2NjFkMWI3MWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTcvOTVmZmQ5
LTE5ZDMtNDUxNy04YzQ3LWM2MTY2MWQxYjcxYi8xL1B1V2gzUXp1aDB3RzRlb2Zj
b0o5bDh2R2NZYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMD8GCCsGAQUF
BwEHAQH/BDAwLjASBAIAATAMAwQAW+fNAwQCW+1EMBgEAgACMBIDBwAgAQZ8FvgD
BwAgAQZ8KtgwGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQIDAwfTMA0GCSqGSIb3DQEB
CwUAA4IBAQCboQWzUBRuRtwUdJQkIC2b17yKHmWxJbMqUKv2dJTtng50NHPv1lFn
47k/MVvM/wfi8HVGaK1HreM/jYrbZEevfw0DFnCIIhLRiJEYUV2BF6NDmcinOfU4
UqvflnXH35AwL2Z7fYrVQXbfjYgctYBh9wkCty74O4/b4aMMQryU4fMk0DsawFHq
W8UpUxCKVjkJYnaubxblm6nEpoSjb2O6cdabjeH3cXqupfjpCc/nJiDadQfav4mA
K3Fe9jeJyiutoxUsWhDuTlVHSEp/2SWGxhwFsm6dnyqll9Y1aJy7SG2erqgq+FmK
d9dw3VhiCoVvq72+dqwF7ti9aeZD5uj/
-----END CERTIFICATE-----