Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
File:                     gz4OSAQRuciOkW3vkPw6kBAmOUo.cer (raw, json)
Hash identifier:          VSiRe6HVsSsw+a/N7CJpd1cXWxc2hj1UpKVK+Z2MNOE=
Subject key identifier:   83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228D6FD98B55A55B6B9CD73EB72C882B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:02 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 34173
                          IP: 185.7.72.0/22
                          IP: 193.105.43.0/24
                          IP: 195.64.164.0/23
                          IP: 2a03:1780::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:6f:d9:8b:55:a5:5b:6b:9c:d7:3e:b7:2c:88:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=833e0e480411b9c88e916def90fc3a901026394a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:68:9f:91:9c:25:79:a9:6b:e2:3b:85:b2:47:
                    02:cd:35:13:92:09:cb:ac:91:4d:45:51:27:ef:13:
                    66:b6:f5:dd:74:9d:54:5e:4f:b6:ae:9c:c1:ad:5f:
                    dd:ee:80:ba:a6:85:ac:5d:3f:f2:5f:9c:da:21:da:
                    5e:3c:36:94:4f:70:51:0b:99:29:fb:2f:f7:ef:f8:
                    83:56:a9:d9:cf:13:4d:b1:5d:ed:5d:54:16:be:9e:
                    df:91:5f:58:da:43:7a:7d:0c:fa:90:fe:37:86:46:
                    bc:e8:ca:40:41:aa:83:f1:39:d2:ce:07:1c:be:f9:
                    9a:f8:db:26:c0:be:6a:7b:cd:9c:8c:1e:1f:ee:a0:
                    32:cf:64:de:b3:f2:4d:c8:cf:a4:9b:86:ad:da:8e:
                    e9:a7:72:bd:5a:aa:7e:7a:ca:9c:28:b0:71:23:ee:
                    b5:64:e2:24:b0:70:13:5c:47:a6:be:8b:c5:62:90:
                    0d:12:4f:be:fb:06:5f:8a:c5:e6:ad:d3:02:85:1e:
                    f9:94:ed:23:51:29:88:03:f3:c2:2b:0c:74:79:cd:
                    38:85:db:94:22:34:2f:79:b0:04:5f:29:d6:78:f4:
                    b9:0a:c0:76:b0:80:a0:49:a8:a5:aa:a3:30:1a:71:
                    37:dc:53:4c:10:5e:12:b6:74:d5:63:e5:ac:b8:72:
                    56:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.72.0/22
                  193.105.43.0/24
                  195.64.164.0/23
                IPv6:
                  2a03:1780::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34173

    Signature Algorithm: sha256WithRSAEncryption
         a4:bd:1c:b2:93:64:7d:22:4d:eb:ad:06:37:ef:32:3c:6e:be:
         50:4c:0f:3c:bf:24:b0:21:97:e0:fa:e1:86:88:03:6c:bd:57:
         52:2d:38:f4:0d:7d:6a:31:9c:3d:1e:b5:1f:2d:7b:44:c7:99:
         fa:9c:a1:75:86:de:ed:5f:fb:95:4d:2f:ee:cf:61:f1:89:b0:
         74:fc:f8:5d:60:d2:91:af:46:61:eb:a1:37:81:7d:03:bc:cd:
         1e:c5:62:c1:83:62:56:fd:44:09:2f:13:83:62:49:ed:da:7f:
         e6:9d:5d:e0:c0:29:ed:e2:2c:5e:e2:ed:27:f9:78:e9:49:c2:
         34:4f:1b:c9:c3:bf:7c:d6:1e:45:07:b1:79:a2:cf:7b:57:e3:
         00:ca:c4:3c:b5:63:97:9f:a2:72:ae:8d:b2:92:19:4d:67:c2:
         e3:ce:7e:13:80:9d:f3:5f:a2:ee:6c:c9:1a:7d:4b:52:64:db:
         0e:ae:c0:ce:20:ef:d4:9d:40:0a:e4:05:49:f7:9b:32:71:b0:
         c0:5c:57:30:6f:68:da:a0:d9:a9:ef:b2:ec:99:15:ab:87:e5:
         3c:8a:55:ba:0f:fd:1b:f1:18:14:f6:80:2d:3b:f0:7c:65:1e:
         8a:31:b8:d9:14:d4:76:35:6b:e9:92:ad:d5:da:f6:83:6a:a9:
         fb:7c:50:28
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgISAZQijW/Zi1WlW2uc1z63LIgrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzNlMGU0ODA0MTFiOWM4OGU5MTZkZWY5MGZjM2E5MDEwMjYzOTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGifkZwlealr4juFskcCzTUTkgnL
rJFNRVEn7xNmtvXddJ1UXk+2rpzBrV/d7oC6poWsXT/yX5zaIdpePDaUT3BRC5kp
+y/37/iDVqnZzxNNsV3tXVQWvp7fkV9Y2kN6fQz6kP43hka86MpAQaqD8TnSzgcc
vvma+NsmwL5qe82cjB4f7qAyz2Tes/JNyM+km4at2o7pp3K9Wqp+esqcKLBxI+61
ZOIksHATXEemvovFYpANEk+++wZfisXmrdMChR75lO0jUSmIA/PCKwx0ec04hduU
IjQvebAEXynWePS5CsB2sICgSailqqMwGnE33FNMEF4StnTVY+WsuHJWxwIDAQAB
o4ICuzCCArcwHQYDVR0OBBYEFIM+DkgEEbnIjpFt75D8OpAQJjlKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI5L2E3ODJj
Yy0xZTA5LTQ0ODAtYTZkYy02YzIwZWJhZjMwYTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkvYTc4MmNj
LTFlMDktNDQ4MC1hNmRjLTZjMjBlYmFmMzBhOS8xL2d6NE9TQVFSdWNpT2tXM3Zr
UHc2a0JBbU9Vby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQCuQdIAwQAwWkrAwQBw0CkMA0EAgACMAcDBQAq
AxeAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCFfTANBgkqhkiG9w0BAQsFAAOC
AQEApL0cspNkfSJN660GN+8yPG6+UEwPPL8ksCGX4PrhhogDbL1XUi049A19ajGc
PR61Hy17RMeZ+pyhdYbe7V/7lU0v7s9h8YmwdPz4XWDSka9GYeuhN4F9A7zNHsVi
wYNiVv1ECS8Tg2JJ7dp/5p1d4MAp7eIsXuLtJ/l46UnCNE8bycO/fNYeRQexeaLP
e1fjAMrEPLVjl5+icq6NspIZTWfC485+E4Cd81+i7mzJGn1LUmTbDq7AziDv1J1A
CuQFSfebMnGwwFxXMG9o2qDZqe+y7JkVq4flPIpVug/9G/EYFPaALTvwfGUeijG4
2RTUdjVr6ZKt1dr2g2qp+3xQKA==
-----END CERTIFICATE-----