Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_m1KNjQMPa2HoDkh0PiP9lFiiXo.cer
File:                     _m1KNjQMPa2HoDkh0PiP9lFiiXo.cer (raw, json)
Hash identifier:          oyT0u1hGiZ8E/Pe5DGzEwpRIRdF9IqG7Yz/Em9RSGZA=
Subject key identifier:   FE:6D:4A:36:34:0C:3D:AD:87:A0:39:21:D0:F8:8F:F6:51:62:89:7A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FBFB242A52362DCEC47B308C6C642B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a3/b70490-fcae-48ec-9249-beba754add57/1/_m1KNjQMPa2HoDkh0PiP9lFiiXo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a3/b70490-fcae-48ec-9249-beba754add57/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:46 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 204727
                          AS: 209288
                          IP: 91.202.210.0/24
                          IP: 151.248.16.0/22
                          IP: 185.112.73.0/24
                          IP: 212.18.105.0/24
                          IP: 2a05:ccc0::/29
                          IP: 2a10:c080::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:fb:24:2a:52:36:2d:ce:c4:7b:30:8c:6c:64:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe6d4a36340c3dad87a03921d0f88ff65162897a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:20:12:6c:84:a9:0a:52:15:62:34:26:43:de:
                    7c:3e:45:ab:56:46:fd:d0:1c:e0:37:28:f1:e1:5f:
                    15:f2:f4:6b:c9:86:1d:17:ab:9a:de:5a:27:8b:0a:
                    86:15:48:52:ee:5a:b8:7c:11:4d:3a:9b:d3:fb:7a:
                    e6:03:ca:d0:a3:9c:db:43:12:ce:6f:b1:98:e4:c0:
                    d8:ae:41:c4:a1:84:65:95:63:41:71:00:ae:59:a4:
                    35:56:6a:d7:96:6c:d0:87:7b:a1:ce:90:ca:64:c4:
                    9f:00:6b:8f:39:2a:15:7d:a1:fa:ad:d9:53:46:e2:
                    dc:83:ac:ed:a0:a2:6e:f0:b8:1d:39:03:81:8b:69:
                    47:50:fb:d6:89:70:2e:04:69:cd:2e:5a:fc:0d:15:
                    ab:8c:e3:60:9f:47:20:54:78:35:83:72:27:bb:8e:
                    ae:36:64:fc:17:dd:9f:d3:51:74:6c:42:c9:c0:a1:
                    73:ef:57:4c:f9:d1:62:0c:19:a5:dc:48:79:41:3c:
                    83:2a:02:08:92:35:56:f4:25:cc:3f:cf:3e:5d:a0:
                    36:7e:5b:05:e4:83:c0:6b:ac:9b:4b:fe:85:e8:f7:
                    e7:d3:f1:8e:e9:a0:c4:e8:ed:e9:41:ee:c0:41:b5:
                    fe:07:f6:3a:29:cf:13:df:0c:53:b3:d4:a7:4a:42:
                    5a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:6D:4A:36:34:0C:3D:AD:87:A0:39:21:D0:F8:8F:F6:51:62:89:7A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b70490-fcae-48ec-9249-beba754add57/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b70490-fcae-48ec-9249-beba754add57/1/_m1KNjQMPa2HoDkh0PiP9lFiiXo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.210.0/24
                  151.248.16.0/22
                  185.112.73.0/24
                  212.18.105.0/24
                IPv6:
                  2a05:ccc0::/29
                  2a10:c080::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204727
                  209288

    Signature Algorithm: sha256WithRSAEncryption
         9f:d4:01:1d:5e:78:99:5e:66:a1:46:d6:5e:76:4b:cf:18:49:
         2c:ec:d8:d5:bf:da:1e:9a:56:c7:4f:29:f0:98:4c:75:97:49:
         47:31:21:dd:8e:0a:c3:c2:11:94:1c:ab:9a:cf:39:e0:56:67:
         29:71:b1:b7:14:a8:9c:92:a9:aa:d3:ab:6a:21:a5:7b:55:92:
         3c:f9:55:8c:37:5f:8d:68:03:f5:63:5b:ac:00:20:a1:e9:0c:
         03:34:a6:6f:f1:88:fe:6e:81:7a:38:7b:03:16:c8:2c:b0:ac:
         45:9f:8a:c0:25:61:84:25:31:56:77:5a:d4:d6:a5:96:3a:2b:
         e4:75:ac:0b:05:0c:01:fd:62:63:c2:7d:da:79:5c:83:70:99:
         ce:e2:38:84:aa:ed:70:30:9a:7d:1d:e5:fb:d8:5b:47:fe:55:
         8b:3e:90:38:c1:1c:ba:2c:c8:84:b8:02:3e:35:6a:62:a5:b3:
         87:38:ce:96:7d:d6:c6:de:06:15:d0:ff:c4:1f:ab:63:ef:da:
         ba:a9:3f:b9:7d:a4:0a:10:33:29:d2:8f:fc:60:12:ab:ff:04:
         f6:6a:f2:c3:9a:6d:9b:1a:dc:f2:0c:07:f7:ec:fd:18:ac:87:
         a2:ee:be:65:03:6c:d7:94:6b:47:7c:10:cc:36:c6:9e:a6:7c:
         5c:b5:c4:b1
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAZQi+/skKlI2Lc7EezCMbGQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTZkNGEzNjM0MGMzZGFkODdhMDM5MjFkMGY4OGZmNjUxNjI4OTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySASbISpClIVYjQmQ958PkWrVkb9
0BzgNyjx4V8V8vRryYYdF6ua3loniwqGFUhS7lq4fBFNOpvT+3rmA8rQo5zbQxLO
b7GY5MDYrkHEoYRllWNBcQCuWaQ1VmrXlmzQh3uhzpDKZMSfAGuPOSoVfaH6rdlT
RuLcg6ztoKJu8LgdOQOBi2lHUPvWiXAuBGnNLlr8DRWrjONgn0cgVHg1g3Inu46u
NmT8F92f01F0bELJwKFz71dM+dFiDBml3Eh5QTyDKgIIkjVW9CXMP88+XaA2flsF
5IPAa6ybS/6F6Pfn0/GO6aDE6O3pQe7AQbX+B/Y6Kc8T3wxTs9SnSkJaEwIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFP5tSjY0DD2th6A5IdD4j/ZRYol6MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EzL2I3MDQ5
MC1mY2FlLTQ4ZWMtOTI0OS1iZWJhNzU0YWRkNTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMvYjcwNDkw
LWZjYWUtNDhlYy05MjQ5LWJlYmE3NTRhZGQ1Ny8xL19tMUtOalFNUGEySG9Ea2gw
UGlQOWxGaWlYby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEcGCCsGAQUF
BwEHAQH/BDgwNjAeBAIAATAYAwQAW8rSAwQCl/gQAwQAuXBJAwQA1BJpMBQEAgAC
MA4DBQMqBczAAwUDKhDAgDAfBggrBgEFBQcBCAEB/wQQMA6gDDAKAgMDH7cCAwMx
iDANBgkqhkiG9w0BAQsFAAOCAQEAn9QBHV54mV5moUbWXnZLzxhJLOzY1b/aHppW
x08p8JhMdZdJRzEh3Y4Kw8IRlByrms854FZnKXGxtxSonJKpqtOraiGle1WSPPlV
jDdfjWgD9WNbrAAgoekMAzSmb/GI/m6Bejh7AxbILLCsRZ+KwCVhhCUxVnda1Nal
ljor5HWsCwUMAf1iY8J92nlcg3CZzuI4hKrtcDCafR3l+9hbR/5Viz6QOMEcuizI
hLgCPjVqYqWzhzjOln3Wxt4GFdD/xB+rY+/auqk/uX2kChAzKdKP/GASq/8E9mry
w5ptmxrc8gwH9+z9GKyHou6+ZQNs15RrR3wQzDbGnqZ8XLXEsQ==
-----END CERTIFICATE-----