Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WtDEH96ZZRsTKQb_BgK0e1YHpb4.cer
File:                     WtDEH96ZZRsTKQb_BgK0e1YHpb4.cer (raw, json)
Hash identifier:          DU2CK3ECsvN0dU+4zLWOhQ7aVfdBDpu9x4gSdnHN0tk=
Subject key identifier:   5A:D0:C4:1F:DE:99:65:1B:13:29:06:FF:06:02:B4:7B:56:07:A5:BE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B5591EF6B8BC414D0E5DCF76BB865A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9d/1bc0cb-dfa4-4151-a61b-335a7e4384b1/1/WtDEH96ZZRsTKQb_BgK0e1YHpb4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9d/1bc0cb-dfa4-4151-a61b-335a7e4384b1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:49:43 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 199919
                          IP: 45.153.96.0/22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:59:1e:f6:b8:bc:41:4d:0e:5d:cf:76:bb:86:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ad0c41fde99651b132906ff0602b47b5607a5be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:da:8b:29:54:c2:4a:ee:ef:04:ab:94:e9:98:
                    ce:b4:5c:36:a7:a9:e4:db:4c:cc:7c:76:90:15:21:
                    b7:ca:69:30:c7:48:db:77:af:16:ec:a9:3b:fe:a4:
                    1c:7d:6a:e5:8d:04:52:02:ae:48:2b:fa:f1:6b:5f:
                    79:48:58:d0:7e:21:45:03:cc:a3:b6:23:43:da:24:
                    c7:0f:bb:69:45:ac:7c:aa:11:44:9d:c6:be:be:3a:
                    5e:e3:08:9b:c4:34:54:6d:81:53:b7:8e:33:c1:7c:
                    0f:a2:13:e3:79:66:1c:bb:e2:4a:90:a1:05:27:44:
                    7e:fc:c4:bd:8c:0f:53:0c:a9:a4:d1:92:15:3d:04:
                    0d:4c:d7:41:8a:aa:5c:fb:56:3f:1c:42:97:1a:58:
                    0f:23:1d:a3:7a:1f:33:65:fd:f0:50:20:cb:e4:96:
                    e6:d1:69:d0:b6:3c:b0:0d:11:d6:f7:38:4f:9e:ff:
                    89:0a:10:ac:36:50:8c:4e:2b:91:00:17:d2:c0:ef:
                    60:c4:ca:5b:56:17:87:f8:08:5e:e2:b8:87:16:d8:
                    77:d1:7d:de:2c:30:c1:48:d4:b6:ba:a1:b7:35:ff:
                    4f:5c:c2:35:86:2e:1b:00:24:2d:3a:24:f5:d6:d5:
                    88:24:78:8a:ae:38:ce:31:af:9d:16:1d:93:74:a7:
                    3c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:D0:C4:1F:DE:99:65:1B:13:29:06:FF:06:02:B4:7B:56:07:A5:BE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/1bc0cb-dfa4-4151-a61b-335a7e4384b1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/1bc0cb-dfa4-4151-a61b-335a7e4384b1/1/WtDEH96ZZRsTKQb_BgK0e1YHpb4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.96.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199919

    Signature Algorithm: sha256WithRSAEncryption
         aa:45:02:58:f0:b3:b3:3d:24:40:12:d4:aa:85:2c:10:12:08:
         81:88:0f:4b:42:88:ee:2c:50:32:30:6c:f2:b0:9a:de:78:49:
         24:5e:cd:b0:80:0a:7b:48:d4:f5:5f:a5:54:f9:50:46:89:ff:
         9a:f1:c7:b4:6e:85:3d:5d:ee:5f:6f:2b:93:63:03:fe:8b:8e:
         8b:90:9e:08:c0:36:47:3a:52:54:59:b5:8e:6c:04:be:56:88:
         62:7b:0a:61:68:3a:33:5e:9b:e4:33:e0:0b:43:69:db:14:9d:
         83:5c:28:0b:f6:a0:68:31:f8:ec:f5:b0:73:47:70:cb:48:5b:
         ef:80:91:0a:e5:b6:04:cf:e5:48:e2:4f:9a:4b:0a:06:52:9b:
         a0:d4:78:7c:81:4f:bb:1c:f1:25:d4:78:8a:34:0f:d4:1b:7f:
         fe:a7:f5:af:f7:79:d6:00:fb:f7:3a:ae:73:a8:64:16:8d:d4:
         e1:a2:95:d2:9d:6a:6d:1d:ba:70:30:b5:2e:49:af:04:f0:62:
         4f:81:a9:98:38:bc:f0:da:64:5e:7e:1f:5f:87:62:90:d3:d0:
         2b:5c:85:d2:ef:fd:c3:3d:6f:26:60:3d:23:58:65:27:25:07:
         89:5f:9c:a2:0e:1a:90:fc:57:23:26:ae:28:ec:f6:9e:23:52:
         cb:c5:17:44
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQntVke9ri8QU0OXc92u4ZaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWQwYzQxZmRlOTk2NTFiMTMyOTA2ZmYwNjAyYjQ3YjU2MDdhNWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9qLKVTCSu7vBKuU6ZjOtFw2p6nk
20zMfHaQFSG3ymkwx0jbd68W7Kk7/qQcfWrljQRSAq5IK/rxa195SFjQfiFFA8yj
tiND2iTHD7tpRax8qhFEnca+vjpe4wibxDRUbYFTt44zwXwPohPjeWYcu+JKkKEF
J0R+/MS9jA9TDKmk0ZIVPQQNTNdBiqpc+1Y/HEKXGlgPIx2jeh8zZf3wUCDL5Jbm
0WnQtjywDRHW9zhPnv+JChCsNlCMTiuRABfSwO9gxMpbVheH+Ahe4riHFth30X3e
LDDBSNS2uqG3Nf9PXMI1hi4bACQtOiT11tWIJHiKrjjOMa+dFh2TdKc8LQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFFrQxB/emWUbEykG/wYCtHtWB6W+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlkLzFiYzBj
Yi1kZmE0LTQxNTEtYTYxYi0zMzVhN2U0Mzg0YjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvMWJjMGNi
LWRmYTQtNDE1MS1hNjFiLTMzNWE3ZTQzODRiMS8xL1d0REVIOTZaWlJzVEtRYl9C
Z0swZTFZSHBiNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLZlgMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMM7zANBgkqhkiG9w0BAQsFAAOCAQEAqkUCWPCzsz0kQBLUqoUsEBIIgYgPS0KI
7ixQMjBs8rCa3nhJJF7NsIAKe0jU9V+lVPlQRon/mvHHtG6FPV3uX28rk2MD/ouO
i5CeCMA2RzpSVFm1jmwEvlaIYnsKYWg6M16b5DPgC0Np2xSdg1woC/agaDH47PWw
c0dwy0hb74CRCuW2BM/lSOJPmksKBlKboNR4fIFPuxzxJdR4ijQP1Bt//qf1r/d5
1gD79zquc6hkFo3U4aKV0p1qbR26cDC1LkmvBPBiT4GpmDi88NpkXn4fX4dikNPQ
K1yF0u/9wz1vJmA9I1hlJyUHiV+cog4akPxXIyauKOz2niNSy8UXRA==
-----END CERTIFICATE-----