Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/agTKSpZhYxxOxhWjptFdIgMNz0k.cer
File:                     agTKSpZhYxxOxhWjptFdIgMNz0k.cer (raw, json)
Hash identifier:          KSAnQUlRJjWa4xq5twnURXNJqfa11/5DAA3s/ZtsLNI=
Subject key identifier:   6A:04:CA:4A:96:61:63:1C:4E:C6:15:A3:A6:D1:5D:22:03:0D:CF:49
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194206847BB6B27CC36D25D6F1F4093EF3A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/38/fa4e69-575e-46eb-b9c3-8113da67ef75/1/agTKSpZhYxxOxhWjptFdIgMNz0k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/38/fa4e69-575e-46eb-b9c3-8113da67ef75/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:12 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 59586
                          IP: 91.240.252.0/23
                          IP: 185.148.140.0/22
                          IP: 2001:67c:1ba4::/48
                          IP: 2a07:6000::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:47:bb:6b:27:cc:36:d2:5d:6f:1f:40:93:ef:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a04ca4a9661631c4ec615a3a6d15d22030dcf49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:05:4e:21:b4:f6:17:27:43:1b:6e:c8:1e:48:
                    51:e4:65:60:80:97:a4:7f:32:39:66:bf:f0:59:cc:
                    01:0f:0e:71:24:09:25:af:00:ef:17:cc:99:8c:17:
                    49:1c:e7:c5:33:fb:6e:a4:90:4c:10:91:55:ac:bd:
                    64:01:ca:7c:0a:12:b9:7d:cc:97:d0:79:fc:f8:b9:
                    2c:04:b4:6e:29:20:4e:13:98:44:52:e1:bf:fd:89:
                    2a:88:b7:53:b0:82:5d:3a:d0:e0:04:c7:71:e6:08:
                    1c:d0:2d:e4:51:b9:1e:93:fb:9c:4e:65:bb:04:1b:
                    64:61:8f:15:95:1d:14:80:16:e1:63:9c:e3:f9:cc:
                    42:b1:ee:86:b1:96:34:8a:b1:2c:6e:98:5d:0a:38:
                    56:ef:4b:cf:12:24:87:16:cc:84:6f:9e:b3:9b:e6:
                    4c:fd:41:f1:4d:59:a5:98:75:8b:f7:57:fb:b8:ad:
                    0c:ef:c7:2c:2b:26:68:d8:19:51:95:18:06:01:68:
                    53:00:45:02:5c:f3:ff:7d:87:5b:5f:69:e6:a6:95:
                    d9:c5:5f:d5:ce:96:9d:ab:da:45:60:b3:29:68:bd:
                    ae:70:1b:e2:c6:b0:c4:4f:8f:59:91:6f:87:ea:f9:
                    22:37:02:94:f9:70:98:3e:68:4b:eb:10:88:33:90:
                    e8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:04:CA:4A:96:61:63:1C:4E:C6:15:A3:A6:D1:5D:22:03:0D:CF:49
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/fa4e69-575e-46eb-b9c3-8113da67ef75/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/fa4e69-575e-46eb-b9c3-8113da67ef75/1/agTKSpZhYxxOxhWjptFdIgMNz0k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.252.0/23
                  185.148.140.0/22
                IPv6:
                  2001:67c:1ba4::/48
                  2a07:6000::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  59586

    Signature Algorithm: sha256WithRSAEncryption
         25:56:9f:47:90:3a:48:6d:58:b7:87:59:3a:e9:d6:3f:b1:82:
         10:03:21:42:2c:28:98:b1:61:49:1e:93:72:66:41:36:95:b3:
         37:6c:c2:71:0f:4a:c8:dc:01:55:5b:da:f8:8a:bd:6c:f5:45:
         9c:b2:47:38:09:1b:7c:bd:d4:62:94:c7:18:29:47:33:75:41:
         c1:59:1b:0d:0a:8c:9d:7b:d6:7b:d3:b3:85:b6:c1:15:52:3a:
         22:fe:f0:8d:74:00:aa:57:c3:7c:ee:bd:fe:d7:25:f5:c5:f1:
         85:bf:eb:48:2a:28:83:82:e1:bf:40:11:86:bb:a9:9a:ef:91:
         2a:9e:24:bc:4e:1a:2e:f0:79:dc:e2:91:e4:19:f2:73:c6:39:
         24:85:da:52:7c:a9:52:be:a9:dc:e7:33:ff:58:af:d3:91:71:
         ab:83:e0:89:51:19:77:df:44:83:fe:49:b4:3b:b4:b8:ce:95:
         89:49:f5:66:d8:09:f4:e4:cc:f2:61:51:f8:c6:1b:75:82:c8:
         d8:7e:a6:cc:af:89:39:2f:7c:7a:dd:3f:59:c0:36:90:2a:0d:
         36:3c:ac:35:82:ff:c4:82:dd:ec:d7:ba:68:00:42:38:18:ae:
         b1:66:90:1c:bc:f2:c8:cb:0c:46:fa:7f:cd:89:dd:66:28:bc:
         de:e0:40:e7
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAZQgaEe7ayfMNtJdbx9Ak+86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTA0Y2E0YTk2NjE2MzFjNGVjNjE1YTNhNmQxNWQyMjAzMGRjZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwVOIbT2FydDG27IHkhR5GVggJek
fzI5Zr/wWcwBDw5xJAklrwDvF8yZjBdJHOfFM/tupJBMEJFVrL1kAcp8ChK5fcyX
0Hn8+LksBLRuKSBOE5hEUuG//YkqiLdTsIJdOtDgBMdx5ggc0C3kUbkek/ucTmW7
BBtkYY8VlR0UgBbhY5zj+cxCse6GsZY0irEsbphdCjhW70vPEiSHFsyEb56zm+ZM
/UHxTVmlmHWL91f7uK0M78csKyZo2BlRlRgGAWhTAEUCXPP/fYdbX2nmppXZxV/V
zpadq9pFYLMpaL2ucBvixrDET49ZkW+H6vkiNwKU+XCYPmhL6xCIM5DobQIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFGoEykqWYWMcTsYVo6bRXSIDDc9JMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM4L2ZhNGU2
OS01NzVlLTQ2ZWItYjljMy04MTEzZGE2N2VmNzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgvZmE0ZTY5
LTU3NWUtNDZlYi1iOWMzLTgxMTNkYTY3ZWY3NS8xL2FnVEtTcFpoWXh4T3hoV2pw
dEZkSWdNTnoway5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMD0GCCsGAQUF
BwEHAQH/BC4wLDASBAIAATAMAwQBW/D8AwQCuZSMMBYEAgACMBADBwAgAQZ8G6QD
BQMqB2AAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwDowjANBgkqhkiG9w0BAQsF
AAOCAQEAJVafR5A6SG1Yt4dZOunWP7GCEAMhQiwomLFhSR6TcmZBNpWzN2zCcQ9K
yNwBVVva+Iq9bPVFnLJHOAkbfL3UYpTHGClHM3VBwVkbDQqMnXvWe9OzhbbBFVI6
Iv7wjXQAqlfDfO69/tcl9cXxhb/rSCoog4Lhv0ARhrupmu+RKp4kvE4aLvB53OKR
5Bnyc8Y5JIXaUnypUr6p3Ocz/1iv05Fxq4PgiVEZd99Eg/5JtDu0uM6ViUn1ZtgJ
9OTM8mFR+MYbdYLI2H6mzK+JOS98et0/WcA2kCoNNjysNYL/xILd7Ne6aABCOBiu
sWaQHLzyyMsMRvp/zYndZii83uBA5w==
-----END CERTIFICATE-----