Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QWUyQgoh5CuK0w2iTr9DR96V7zU.cer
File:                     QWUyQgoh5CuK0w2iTr9DR96V7zU.cer (raw, json)
Hash identifier:          IaChNs2yum9Q+5yugZqQewYSett2+D0PJd7m3hvcqRo=
Subject key identifier:   41:65:32:42:0A:21:E4:2B:8A:D3:0D:A2:4E:BF:43:47:DE:95:EF:35
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D962D65F037DC77875BDEFBDB9A6E4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/QWUyQgoh5CuK0w2iTr9DR96V7zU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:28 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 207645
                          IP: 45.137.18.0/24
                          IP: 194.120.133.0/24
                          IP: 2a0d:b100::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:62:d6:5f:03:7d:c7:78:75:bd:ef:bd:b9:a6:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=416532420a21e42b8ad30da24ebf4347de95ef35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7b:08:93:50:36:f3:e9:f7:ac:b7:85:ec:32:
                    95:17:73:88:b1:69:d0:49:61:68:83:dc:7e:60:67:
                    60:b6:26:80:06:c9:09:eb:e6:da:93:48:6f:8d:c0:
                    4e:37:92:0f:29:ed:58:39:40:c7:d5:44:f5:87:07:
                    69:64:dd:fb:a8:01:c6:55:8c:43:ed:86:b1:f1:e8:
                    d9:b9:78:27:10:9b:58:9c:eb:5a:fc:20:c4:83:b9:
                    af:c7:0f:3b:d2:1a:e6:2a:3b:f1:8d:89:b2:61:5c:
                    4e:98:e7:41:23:94:d7:d0:cb:33:5a:5c:7a:58:40:
                    4a:15:f6:2f:33:90:c6:db:e2:5a:f1:29:38:78:86:
                    a0:06:87:d9:ae:0c:fe:04:30:86:c8:8e:66:42:51:
                    3d:e8:09:03:fa:13:69:f0:52:77:2c:da:28:c7:e6:
                    1f:5e:64:1b:0b:58:55:6f:26:74:b3:b2:ff:88:fd:
                    56:cb:c7:5e:d3:79:71:93:a9:54:a2:d9:f6:39:e9:
                    e7:0c:43:27:ea:59:11:52:65:be:63:00:a0:b3:36:
                    f8:c1:e5:c1:2f:6f:1f:17:36:23:a7:7e:b7:61:2b:
                    47:de:7b:06:91:d3:fc:52:ab:ff:76:97:29:81:7a:
                    1a:e6:70:79:e2:0a:60:99:ec:46:90:93:5b:db:b0:
                    64:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:65:32:42:0A:21:E4:2B:8A:D3:0D:A2:4E:BF:43:47:DE:95:EF:35
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/QWUyQgoh5CuK0w2iTr9DR96V7zU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.18.0/24
                  194.120.133.0/24
                IPv6:
                  2a0d:b100::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207645

    Signature Algorithm: sha256WithRSAEncryption
         3c:c9:7d:6b:8c:d0:fc:e9:60:62:95:2d:7c:92:2e:9e:c9:3d:
         b5:14:93:25:93:42:22:dc:d5:67:94:2b:9e:d1:b6:9b:d8:08:
         8a:d8:60:9a:bf:d5:6a:00:1a:de:46:26:84:0e:a8:f2:f8:fa:
         66:de:f0:b8:91:29:b7:2a:43:bf:99:bf:d7:f0:9a:67:c3:c0:
         d6:27:31:87:18:c5:b7:be:e1:8e:bb:8f:46:92:db:8f:94:19:
         3d:95:20:de:a4:f8:7c:b1:85:e7:ee:85:87:b5:7c:36:82:c2:
         32:1d:cc:82:58:13:25:45:15:14:9b:af:4a:4b:a6:1e:a6:0a:
         70:19:7b:f9:a8:2f:5f:7f:d7:2f:43:b1:4b:18:a8:8e:10:aa:
         8d:64:e5:52:5e:38:a7:4c:21:cd:53:fa:06:13:62:4a:0c:bb:
         0e:ac:76:75:c2:17:84:a0:3b:f1:a3:c0:d4:e4:88:17:1a:de:
         e5:0a:eb:7d:ef:21:d4:c9:dc:bc:ec:c2:9f:35:61:ac:16:4f:
         bc:67:f3:06:79:51:ed:dc:d5:b3:33:30:e3:63:18:e3:f1:92:
         e0:8f:b3:bd:38:cc:03:3b:7f:e0:12:09:ef:37:98:62:cd:fa:
         97:f1:90:ab:40:ff:1e:67:ce:f3:2f:0a:17:a8:95:1f:43:55:
         c4:6b:ad:d6
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZQm2WLWXwN9x3h1ve+9uabkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY1MzI0MjBhMjFlNDJiOGFkMzBkYTI0ZWJmNDM0N2RlOTVlZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nsIk1A28+n3rLeF7DKVF3OIsWnQ
SWFog9x+YGdgtiaABskJ6+bak0hvjcBON5IPKe1YOUDH1UT1hwdpZN37qAHGVYxD
7Yax8ejZuXgnEJtYnOta/CDEg7mvxw870hrmKjvxjYmyYVxOmOdBI5TX0MszWlx6
WEBKFfYvM5DG2+Ja8Sk4eIagBofZrgz+BDCGyI5mQlE96AkD+hNp8FJ3LNoox+Yf
XmQbC1hVbyZ0s7L/iP1Wy8de03lxk6lUotn2OennDEMn6lkRUmW+YwCgszb4weXB
L28fFzYjp363YStH3nsGkdP8Uqv/dpcpgXoa5nB54gpgmexGkJNb27BkUQIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFEFlMkIKIeQritMNok6/Q0fele81MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg2LzRmNGIy
MC01MTM2LTQyMGItYjUxNi1iNmQ2NGEwMDNkOWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvNGY0YjIw
LTUxMzYtNDIwYi1iNTE2LWI2ZDY0YTAwM2Q5ZS8xL1FXVXlRZ29oNUN1SzB3MmlU
cjlEUjk2Vjd6VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQALYkSAwQAwniFMA0EAgACMAcDBQMqDbEAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwMrHTANBgkqhkiG9w0BAQsFAAOCAQEAPMl9
a4zQ/OlgYpUtfJIunsk9tRSTJZNCItzVZ5QrntG2m9gIithgmr/VagAa3kYmhA6o
8vj6Zt7wuJEptypDv5m/1/CaZ8PA1icxhxjFt77hjruPRpLbj5QZPZUg3qT4fLGF
5+6Fh7V8NoLCMh3MglgTJUUVFJuvSkumHqYKcBl7+agvX3/XL0OxSxiojhCqjWTl
Ul44p0whzVP6BhNiSgy7Dqx2dcIXhKA78aPA1OSIFxre5Qrrfe8h1MncvOzCnzVh
rBZPvGfzBnlR7dzVszMw42MY4/GS4I+zvTjMAzt/4BIJ7zeYYs36l/GQq0D/HmfO
8y8KF6iVH0NVxGut1g==
-----END CERTIFICATE-----