Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.cer
File:                     WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.cer (raw, json)
Hash identifier:          fPXdwrkfb3hSrkz/Zn0KMhmv367ZPr9ntW+drmSosOE=
Subject key identifier:   59:F9:15:AE:3E:22:16:BE:33:8F:63:34:53:2F:93:80:CF:D2:F4:0A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C2E9A6CBE8B40B3B630C5BB5340A1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 21190
                          AS: 25090
                          IP: 193.8.222.0/23
                          IP: 194.56.96.0 -- 194.56.123.255
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:2e:9a:6c:be:8b:40:b3:b6:30:c5:bb:53:40:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59f915ae3e2216be338f6334532f9380cfd2f40a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:00:6c:a8:b6:76:ec:72:b6:11:b9:15:be:3a:
                    b7:e9:3c:22:e6:c2:31:de:82:08:7e:1a:f5:f2:7b:
                    d6:38:22:2d:12:40:7c:e7:85:1d:3b:75:36:fd:ed:
                    84:b7:ce:f4:92:f0:fc:15:cf:96:f7:4e:dd:86:22:
                    75:60:ab:1e:22:0a:81:e0:63:91:36:62:b3:8d:d3:
                    15:21:cd:87:25:5c:24:ec:bf:a6:56:65:b6:19:08:
                    3a:d8:32:d3:11:de:f4:f9:8e:b2:9f:09:0e:4b:57:
                    eb:65:dd:0c:a8:5c:a3:6c:73:b3:ed:56:5a:2b:9d:
                    84:fb:35:75:34:4b:74:3f:17:fc:fb:b9:b2:86:79:
                    cb:1f:90:b9:46:7a:2b:2c:ba:04:98:0a:f8:e1:9a:
                    3a:35:5e:ec:37:49:51:b2:60:6a:4f:b8:59:d2:42:
                    bd:6e:9b:d1:09:d9:3a:cf:a9:3e:44:d8:68:71:dd:
                    60:62:13:1c:78:96:f3:5e:c9:2a:85:ea:50:dc:9e:
                    95:a4:c8:7e:74:59:85:ea:ce:43:a1:32:b2:4a:2f:
                    cf:66:ad:77:2a:35:c2:bc:3d:67:4c:eb:26:eb:ab:
                    f6:48:6e:fb:2f:b9:1d:95:76:3f:c3:bd:d7:0e:86:
                    78:da:74:1b:b9:a4:3c:08:ae:b7:14:a7:9b:fd:66:
                    87:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F9:15:AE:3E:22:16:BE:33:8F:63:34:53:2F:93:80:CF:D2:F4:0A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.222.0/23
                  194.56.96.0-194.56.123.255

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  21190
                  25090

    Signature Algorithm: sha256WithRSAEncryption
         42:aa:60:15:e1:e7:03:70:89:32:65:bd:ef:8a:09:47:be:9d:
         ea:49:b4:5c:b6:b0:54:30:51:c2:ad:e4:63:d2:bf:8f:39:23:
         ca:8c:a1:25:05:50:fe:b0:ac:72:7a:91:f0:b3:ab:5b:ca:a3:
         a5:94:70:92:e2:29:c6:f6:dc:ec:16:12:88:5e:09:24:73:7b:
         c2:1c:94:57:aa:46:71:7b:1b:22:e6:b1:f9:b0:0f:80:2d:b3:
         f9:e8:b3:53:6e:38:ff:50:dd:a6:aa:9e:a6:87:c4:01:60:b6:
         de:96:5c:0e:cf:5c:7c:b3:19:74:95:0b:44:35:63:35:fe:e0:
         d9:f5:62:b3:e8:a7:b6:60:c4:bc:50:76:e0:a2:11:98:ff:7b:
         90:28:bd:c6:f6:f8:db:f7:2b:7c:a9:c8:76:b4:c9:56:a1:0f:
         fc:e8:71:a4:d5:9a:c9:79:5a:97:cc:9d:ed:0e:df:be:4e:ba:
         19:71:c7:f7:da:16:78:e3:88:76:9d:9f:96:de:34:ad:04:4a:
         aa:57:37:8d:f9:66:65:75:5a:04:6a:ef:b3:9d:fe:cf:2a:2f:
         ed:33:eb:2e:45:89:94:5b:5b:4d:a5:93:d1:6a:ff:20:df:0c:
         95:f1:12:2e:10:a0:c4:b4:13:d4:0b:7a:8e:67:3d:02:a2:7b:
         e6:b1:ad:bb
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgISAZQfjC6abL6LQLO2MMW7U0ChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWY5MTVhZTNlMjIxNmJlMzM4ZjYzMzQ1MzJmOTM4MGNmZDJmNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigBsqLZ27HK2EbkVvjq36Twi5sIx
3oIIfhr18nvWOCItEkB854UdO3U2/e2Et870kvD8Fc+W907dhiJ1YKseIgqB4GOR
NmKzjdMVIc2HJVwk7L+mVmW2GQg62DLTEd70+Y6ynwkOS1frZd0MqFyjbHOz7VZa
K52E+zV1NEt0Pxf8+7myhnnLH5C5RnorLLoEmAr44Zo6NV7sN0lRsmBqT7hZ0kK9
bpvRCdk6z6k+RNhocd1gYhMceJbzXskqhepQ3J6VpMh+dFmF6s5DoTKySi/PZq13
KjXCvD1nTOsm66v2SG77L7kdlXY/w73XDoZ42nQbuaQ8CK63FKeb/WaHDQIDAQAB
o4ICsTCCAq0wHQYDVR0OBBYEFFn5Fa4+Iha+M49jNFMvk4DP0vQKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY2L2FhMjMx
MS1iMWNkLTRkMTgtYWViYi1hM2YyMzI0ZjZkOGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYvYWEyMzEx
LWIxY2QtNGQxOC1hZWJiLWEzZjIzMjRmNmQ4Yy8xL1dma1ZyajRpRnI0emoyTTBV
eS1UZ01fUzlBby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUF
BwEHAQH/BB4wHDAaBAIAATAUAwQBwQjeMAwDBAXCOGADBALCOHgwHQYIKwYBBQUH
AQgBAf8EDjAMoAowCAICUsYCAmICMA0GCSqGSIb3DQEBCwUAA4IBAQBCqmAV4ecD
cIkyZb3viglHvp3qSbRctrBUMFHCreRj0r+POSPKjKElBVD+sKxyepHws6tbyqOl
lHCS4inG9tzsFhKIXgkkc3vCHJRXqkZxexsi5rH5sA+ALbP56LNTbjj/UN2mqp6m
h8QBYLbellwOz1x8sxl0lQtENWM1/uDZ9WKz6Ke2YMS8UHbgohGY/3uQKL3G9vjb
9yt8qch2tMlWoQ/86HGk1ZrJeVqXzJ3tDt++TroZccf32hZ444h2nZ+W3jStBEqq
VzeN+WZldVoEau+znf7PKi/tM+suRYmUW1tNpZPRav8g3wyV8RIuEKDEtBPUC3qO
Zz0Convmsa27
-----END CERTIFICATE-----