Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cnMJ8RA0fMYbjCe7-_EKa_tAg1g.cer
File:                     cnMJ8RA0fMYbjCe7-_EKa_tAg1g.cer (raw, json)
Hash identifier:          flv5FZdA+ljXlLDc7fKCB8TT8RRNyYHNdn5CoH4Bx2c=
Subject key identifier:   72:73:09:F1:10:34:7C:C6:1B:8C:27:BB:FB:F1:0A:6B:FB:40:83:58
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942444FC2C91C9C7A3C90E71E520712534
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/cnMJ8RA0fMYbjCe7-_EKa_tAg1g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:48:08 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 199351
                          IP: 2001:67c:1394::/48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:fc:2c:91:c9:c7:a3:c9:0e:71:e5:20:71:25:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=727309f110347cc61b8c27bbfbf10a6bfb408358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9a:df:73:36:11:65:a9:00:9a:ae:4a:fd:75:
                    74:da:16:10:57:11:49:11:6f:42:de:5f:51:c2:8e:
                    26:44:3e:49:e3:53:56:57:8c:06:c0:3e:f2:e7:b5:
                    fb:d4:02:19:15:1c:aa:bd:77:a4:fa:65:9e:6f:b6:
                    69:f2:4e:38:b4:ac:c7:e0:74:98:5f:02:d3:19:04:
                    6d:c5:5f:79:8f:37:86:67:cb:4a:9b:73:e0:f4:dc:
                    c4:01:1a:95:46:f0:0f:81:df:db:89:80:c8:33:9f:
                    01:8a:28:a6:c3:61:ba:c2:19:ac:4c:8f:5d:70:50:
                    89:a0:47:5e:40:6a:ba:32:59:b4:58:ef:b9:bd:92:
                    3a:de:ea:4c:56:98:61:32:a6:5d:3a:b3:42:9e:7a:
                    2d:b1:f1:00:16:a8:bf:cb:0e:84:f9:54:4b:54:12:
                    3a:b9:e2:da:f6:34:8a:e1:20:ed:2c:b3:c8:44:98:
                    dd:9e:62:71:70:82:8a:e6:c8:23:5b:18:71:ac:ba:
                    75:f7:e9:1d:70:59:08:af:75:8c:3e:e0:4f:0e:e8:
                    ce:28:92:f4:5f:7f:03:83:49:ea:f1:9a:6a:2a:a9:
                    2a:da:25:7a:af:b3:0b:6c:14:39:75:36:cb:41:27:
                    24:4f:bd:3b:2a:aa:71:9d:5d:9c:b8:54:16:87:a0:
                    69:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:73:09:F1:10:34:7C:C6:1B:8C:27:BB:FB:F1:0A:6B:FB:40:83:58
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/cnMJ8RA0fMYbjCe7-_EKa_tAg1g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1394::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199351

    Signature Algorithm: sha256WithRSAEncryption
         79:9b:d9:fc:e9:f4:9e:1f:91:2b:ee:2e:d1:a7:b3:5b:e4:e4:
         2a:19:bc:6d:f9:c4:23:e7:77:a6:d1:40:a8:94:85:29:0b:38:
         1f:96:75:42:30:33:20:23:24:95:3c:71:0a:87:80:c1:d1:d9:
         26:1c:c5:5c:ad:cf:d5:96:4b:cb:1f:2b:2d:b0:56:e3:62:51:
         66:a5:b7:93:d1:92:81:7a:3b:ed:01:ab:ac:17:41:90:46:90:
         61:37:23:53:5e:9c:8c:5f:9a:b2:1f:af:ad:11:28:6e:c5:27:
         75:5d:27:30:fd:fd:4a:f6:5a:d6:0e:4f:a1:e8:9d:d6:ff:f1:
         d4:2b:df:d6:ce:e9:28:2b:b0:b4:dd:07:d2:ab:db:d7:07:20:
         13:d2:9c:fe:53:c5:9f:63:4c:f8:34:72:31:78:f0:01:82:5e:
         2c:65:0a:70:a5:e2:c6:29:d4:e5:7c:bb:e6:0d:1d:95:e0:b1:
         d9:a8:b3:cc:6e:16:98:21:14:f6:9b:1f:55:4f:cc:f7:44:ff:
         88:8c:7c:ba:94:c4:e7:2d:b1:17:26:2e:8b:8d:eb:cc:37:4c:
         be:86:af:34:90:a7:41:f9:a7:b2:51:a9:9a:e0:9b:42:a1:81:
         8b:e5:ed:59:d8:6b:cf:82:d1:b6:d6:61:ad:04:6d:40:88:40:
         e9:12:4d:8f
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQkRPwskcnHo8kOceUgcSU0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjczMDlmMTEwMzQ3Y2M2MWI4YzI3YmJmYmYxMGE2YmZiNDA4MzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArprfczYRZakAmq5K/XV02hYQVxFJ
EW9C3l9Rwo4mRD5J41NWV4wGwD7y57X71AIZFRyqvXek+mWeb7Zp8k44tKzH4HSY
XwLTGQRtxV95jzeGZ8tKm3Pg9NzEARqVRvAPgd/biYDIM58Biiimw2G6whmsTI9d
cFCJoEdeQGq6Mlm0WO+5vZI63upMVphhMqZdOrNCnnotsfEAFqi/yw6E+VRLVBI6
ueLa9jSK4SDtLLPIRJjdnmJxcIKK5sgjWxhxrLp19+kdcFkIr3WMPuBPDujOKJL0
X38Dg0nq8ZpqKqkq2iV6r7MLbBQ5dTbLQSckT707KqpxnV2cuFQWh6Bp2QIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFHJzCfEQNHzGG4wnu/vxCmv7QINYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM0LzAwODkw
OS03MmVhLTQ3OTEtYTViZi1mMjMzNDZiY2MyMTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQvMDA4OTA5
LTcyZWEtNDc5MS1hNWJmLWYyMzM0NmJjYzIxNy8xL2NuTUo4UkEwZk1ZYmpDZTct
X0VLYV90QWcxZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBOUMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMKtzANBgkqhkiG9w0BAQsFAAOCAQEAeZvZ/On0nh+RK+4u0aezW+TkKhm8
bfnEI+d3ptFAqJSFKQs4H5Z1QjAzICMklTxxCoeAwdHZJhzFXK3P1ZZLyx8rLbBW
42JRZqW3k9GSgXo77QGrrBdBkEaQYTcjU16cjF+ash+vrREobsUndV0nMP39SvZa
1g5Poeid1v/x1Cvf1s7pKCuwtN0H0qvb1wcgE9Kc/lPFn2NM+DRyMXjwAYJeLGUK
cKXixinU5Xy75g0dleCx2aizzG4WmCEU9psfVU/M90T/iIx8upTE5y2xFyYui43r
zDdMvoavNJCnQfmnslGpmuCbQqGBi+XtWdhrz4LRttZhrQRtQIhA6RJNjw==
-----END CERTIFICATE-----