Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
File:                     hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer (raw, json)
Hash identifier:          eTZZ6nusMf/xAdbc/UkdSCQ6Oe+Pa/nw49GoH+/wcuk=
Subject key identifier:   85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01945FA7DE3609B17E44292C7A9D78BD4C9A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 13 Jan 2025 12:33:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 28761
                          IP: 195.3.244.0/22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:a7:de:36:09:b1:7e:44:29:2c:7a:9d:78:bd:4c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 13 12:33:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2f:06:b0:ee:1c:22:77:a2:05:ba:77:4f:ed:
                    f0:dd:4d:8b:39:66:7c:ae:b7:9e:97:35:40:b2:f7:
                    c8:80:ac:2c:fe:7d:e6:1b:ab:0d:44:64:9e:28:79:
                    95:b2:d7:b8:f6:3b:9e:78:f4:0d:a4:4c:49:f6:6d:
                    1b:c5:d5:d0:31:fd:e7:e2:ee:71:1c:17:e7:56:72:
                    45:b2:fe:04:76:0f:6f:f4:24:e3:bc:54:15:37:91:
                    48:72:49:32:9a:8f:9c:9c:4f:d3:11:b2:51:0b:33:
                    68:ed:08:8e:fd:bd:15:15:4d:a6:ba:39:f3:3f:c1:
                    33:52:8c:ab:29:fb:0c:b1:29:fd:b9:e0:47:fb:68:
                    34:f0:67:06:24:a9:2a:5e:08:96:76:09:fa:d4:82:
                    e3:21:61:4a:75:db:c3:fc:c9:52:8a:c5:ba:98:22:
                    6a:4a:f9:28:68:ff:c7:e6:93:4a:4d:66:5b:81:9e:
                    69:f0:40:74:8a:3c:a0:da:53:f6:98:f0:f9:98:6d:
                    98:f9:d9:7b:da:02:f6:6b:71:44:08:16:9c:96:25:
                    d2:8e:76:9b:39:4d:39:07:c6:a5:d0:08:73:e6:c6:
                    db:bd:a3:de:09:1f:85:27:2a:19:eb:75:3d:1a:e6:
                    66:2c:fa:ae:bc:aa:b2:2b:f2:e6:2a:1f:ed:11:5c:
                    6f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.3.244.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  28761

    Signature Algorithm: sha256WithRSAEncryption
         4f:0a:8d:cf:4a:8d:e5:a9:ae:3f:4e:40:57:95:4c:3c:2b:6f:
         0d:03:d1:60:23:d9:eb:76:d0:69:2e:bb:7c:e2:1d:2b:e7:8b:
         bc:61:b0:89:75:8b:76:bd:c3:a5:3a:ee:ac:6c:48:4e:05:e8:
         fc:0f:f9:65:40:78:e4:fd:ab:86:a1:ed:82:de:09:ae:a3:76:
         cb:17:f3:a1:ba:0e:7a:52:55:5e:b6:72:e6:43:d3:24:6e:8c:
         11:ff:98:53:2f:ca:75:ec:0c:94:0b:de:f3:fc:5b:64:1f:91:
         b3:7b:58:b2:23:69:6e:52:0e:76:08:2e:1b:e6:fd:3f:62:46:
         cb:8b:c9:f9:a9:04:30:63:d2:86:d9:c9:ce:11:37:28:f8:4c:
         9a:b0:6b:fd:af:bc:a0:71:76:c8:87:b1:61:ea:c9:61:3a:61:
         41:fa:e7:04:d3:3d:db:3e:12:05:50:66:e0:23:68:f0:ab:95:
         56:e7:37:f6:da:a4:85:28:62:65:25:13:fc:62:c5:74:7b:fd:
         ef:0c:1d:5a:95:59:93:c1:cd:62:ce:bb:61:6d:05:11:16:6b:
         0a:1b:b9:e5:25:9a:00:08:e4:52:7d:f1:44:cd:d7:3c:54:23:
         32:ad:a1:21:36:d5:5c:9a:cc:ea:5b:04:d5:86:37:49:1b:c3:
         c5:92:06:c0
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZRfp942CbF+RCksep14vUyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTEzMTIzMzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTJlY2U5YzlhMzI0ZDQ1YzM1Zjk1NTlmMzI5ZDg4NjlkYWI1M2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC8GsO4cIneiBbp3T+3w3U2LOWZ8
rreelzVAsvfIgKws/n3mG6sNRGSeKHmVste49jueePQNpExJ9m0bxdXQMf3n4u5x
HBfnVnJFsv4Edg9v9CTjvFQVN5FIckkymo+cnE/TEbJRCzNo7QiO/b0VFU2mujnz
P8EzUoyrKfsMsSn9ueBH+2g08GcGJKkqXgiWdgn61ILjIWFKddvD/MlSisW6mCJq
SvkoaP/H5pNKTWZbgZ5p8EB0ijyg2lP2mPD5mG2Y+dl72gL2a3FECBacliXSjnab
OU05B8al0Ahz5sbbvaPeCR+FJyoZ63U9GuZmLPquvKqyK/LmKh/tEVxvVQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM4L2QzY2Nl
Ni1iNDdiLTRkMDYtYTMwZi1lYjI0MTFkMjEyYWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgvZDNjY2U2
LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJhYi8xL2hTN09uSm95VFVYRFg1Vlo4
eW5ZaHAyclU3by5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwwP0MBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AnBZMA0GCSqGSIb3DQEBCwUAA4IBAQBPCo3PSo3lqa4/TkBXlUw8K28NA9FgI9nr
dtBpLrt84h0r54u8YbCJdYt2vcOlOu6sbEhOBej8D/llQHjk/auGoe2C3gmuo3bL
F/Ohug56UlVetnLmQ9MkbowR/5hTL8p17AyUC97z/FtkH5Gze1iyI2luUg52CC4b
5v0/YkbLi8n5qQQwY9KG2cnOETco+EyasGv9r7ygcXbIh7Fh6slhOmFB+ucE0z3b
PhIFUGbgI2jwq5VW5zf22qSFKGJlJRP8YsV0e/3vDB1alVmTwc1izrthbQURFmsK
G7nlJZoACORSffFEzdc8VCMyraEhNtVcmszqWwTVhjdJG8PFkgbA
-----END CERTIFICATE-----