Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/caJzmyDCWcXRs4jRRT9vF5nyj2w.cer
File:                     caJzmyDCWcXRs4jRRT9vF5nyj2w.cer (raw, json)
Hash identifier:          sYLcmWawotaKeIV0eqL/bV0KfM0egu33KWY/+Gn4xEc=
Subject key identifier:   71:A2:73:9B:20:C2:59:C5:D1:B3:88:D1:45:3F:6F:17:99:F2:8F:6C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FDABD6362A22DBE9C1A73B737FD39F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ad/499df3-bd4f-4e40-8f82-a3855505ea2e/1/caJzmyDCWcXRs4jRRT9vF5nyj2w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ad/499df3-bd4f-4e40-8f82-a3855505ea2e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:49:29 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214321
                          IP: 84.54.13.0/24
                          IP: 176.98.41.0/24
                          IP: 193.31.116.0/24
                          IP: 213.226.119.0/24
                          IP: 2a01:e480::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ab:d6:36:2a:22:db:e9:c1:a7:3b:73:7f:d3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71a2739b20c259c5d1b388d1453f6f1799f28f6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3a:e1:d2:50:1f:d7:4f:18:b1:b6:80:24:38:
                    b2:c3:0c:98:4b:bb:87:c3:be:f2:3d:75:0b:9a:0a:
                    9d:5f:86:f4:bb:ca:1e:31:53:3f:b5:8d:ce:6e:59:
                    72:e6:5e:3a:e6:9a:ba:cc:b0:4e:0f:7b:8b:05:e5:
                    06:d6:ea:ac:67:3b:64:37:bb:58:06:ac:2c:34:3f:
                    e3:ac:2a:2f:db:ed:44:01:43:07:ff:2c:ef:7f:9e:
                    21:e9:a8:2b:b4:a8:35:e2:05:b6:71:48:ba:db:b5:
                    1d:88:dc:c3:f6:3b:44:db:50:b6:80:61:bf:83:f6:
                    96:cb:46:b7:1a:9d:69:18:92:b3:3f:57:d6:e3:f8:
                    1b:b2:48:77:79:ad:3f:7c:19:76:55:a7:45:b5:4c:
                    db:5a:81:47:11:a2:12:dd:8f:b1:5c:4d:fc:3f:43:
                    2e:83:f9:37:e9:20:6a:f2:86:85:95:45:70:90:ea:
                    b1:ea:52:b1:48:54:4c:d3:0f:ce:d7:ac:00:22:cf:
                    2b:c4:eb:f0:49:30:e1:a7:f6:19:97:fe:46:bb:92:
                    60:90:77:69:25:c4:00:78:ec:11:c1:d5:ed:aa:1f:
                    fb:18:5f:4d:d7:c3:0e:37:5b:30:52:c3:43:b0:ca:
                    80:eb:7a:26:18:a1:f3:e8:0e:2f:7d:4f:18:21:e9:
                    00:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:A2:73:9B:20:C2:59:C5:D1:B3:88:D1:45:3F:6F:17:99:F2:8F:6C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/499df3-bd4f-4e40-8f82-a3855505ea2e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/499df3-bd4f-4e40-8f82-a3855505ea2e/1/caJzmyDCWcXRs4jRRT9vF5nyj2w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.13.0/24
                  176.98.41.0/24
                  193.31.116.0/24
                  213.226.119.0/24
                IPv6:
                  2a01:e480::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214321

    Signature Algorithm: sha256WithRSAEncryption
         44:37:1d:32:3d:22:ac:50:56:12:f2:87:6a:8f:38:e4:9d:11:
         e9:ca:7f:09:d1:95:0b:c3:54:09:96:1d:07:31:17:92:8e:81:
         66:81:20:4b:0d:90:9b:62:b7:10:d4:da:f3:e6:22:22:87:44:
         90:24:8d:9e:68:51:2e:4e:b0:78:ec:3e:76:b7:87:fe:43:e3:
         7c:93:be:78:2a:5c:2f:e2:29:94:03:2b:61:a6:ef:b2:fa:a0:
         90:85:6a:87:45:96:96:3d:ec:c5:17:2e:e6:f6:cc:0e:0b:b1:
         88:13:2e:36:78:4c:67:5b:87:e7:8b:87:b4:d8:1f:a2:d2:53:
         f3:88:ee:dd:a4:1b:b7:75:6e:bb:45:26:83:ff:82:2d:bf:25:
         fa:23:45:49:30:7d:6d:1d:a8:b5:10:24:30:58:53:70:81:c0:
         d9:9a:c8:b8:38:74:4c:76:5c:c1:9b:bc:57:f2:5f:4e:ac:b2:
         06:f0:aa:03:8f:2e:74:2a:03:8d:bb:8d:3d:99:53:ba:a0:26:
         0f:af:f5:63:d1:b9:37:e5:75:f6:d8:37:a2:cc:da:46:30:ca:
         17:57:9c:33:49:d2:1e:8e:69:c4:99:f1:bd:1e:88:ff:da:0a:
         e6:b4:a0:62:18:8e:85:38:3b:e5:ba:24:da:12:3e:8f:7c:23:
         b0:ae:f2:d8
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAZQl/avWNioi2+nBpztzf9OfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWEyNzM5YjIwYzI1OWM1ZDFiMzg4ZDE0NTNmNmYxNzk5ZjI4ZjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjrh0lAf108YsbaAJDiywwyYS7uH
w77yPXULmgqdX4b0u8oeMVM/tY3Oblly5l465pq6zLBOD3uLBeUG1uqsZztkN7tY
BqwsND/jrCov2+1EAUMH/yzvf54h6agrtKg14gW2cUi627UdiNzD9jtE21C2gGG/
g/aWy0a3Gp1pGJKzP1fW4/gbskh3ea0/fBl2VadFtUzbWoFHEaIS3Y+xXE38P0Mu
g/k36SBq8oaFlUVwkOqx6lKxSFRM0w/O16wAIs8rxOvwSTDhp/YZl/5Gu5JgkHdp
JcQAeOwRwdXtqh/7GF9N18MON1swUsNDsMqA63omGKHz6A4vfU8YIekAPwIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFHGic5sgwlnF0bOI0UU/bxeZ8o9sMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FkLzQ5OWRm
My1iZDRmLTRlNDAtOGY4Mi1hMzg1NTUwNWVhMmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWQvNDk5ZGYz
LWJkNGYtNGU0MC04ZjgyLWEzODU1NTA1ZWEyZS8xL2NhSnpteURDV2NYUnM0alJS
VDl2RjVueWoydy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAGCCsGAQUF
BwEHAQH/BDEwLzAeBAIAATAYAwQAVDYNAwQAsGIpAwQAwR90AwQA1eJ3MA0EAgAC
MAcDBQMqAeSAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwNFMTANBgkqhkiG9w0B
AQsFAAOCAQEARDcdMj0irFBWEvKHao845J0R6cp/CdGVC8NUCZYdBzEXko6BZoEg
Sw2Qm2K3ENTa8+YiIodEkCSNnmhRLk6weOw+dreH/kPjfJO+eCpcL+IplAMrYabv
svqgkIVqh0WWlj3sxRcu5vbMDguxiBMuNnhMZ1uH54uHtNgfotJT84ju3aQbt3Vu
u0Umg/+CLb8l+iNFSTB9bR2otRAkMFhTcIHA2ZrIuDh0THZcwZu8V/JfTqyyBvCq
A48udCoDjbuNPZlTuqAmD6/1Y9G5N+V19tg3oszaRjDKF1ecM0nSHo5pxJnxvR6I
/9oK5rSgYhiOhTg75bok2hI+j3wjsK7y2A==
-----END CERTIFICATE-----