Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jagkvGMczuGumdcQOv0tx08eKcQ.cer
File:                     jagkvGMczuGumdcQOv0tx08eKcQ.cer (raw, json)
Hash identifier:          UFkweQZygxvQKYQsGg3hlW8FI99DFBRY0aqqdnjhdRg=
Subject key identifier:   8D:A8:24:BC:63:1C:CE:E1:AE:99:D7:10:3A:FD:2D:C7:4F:1E:29:C4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B224C5231DFBD7943F340CA12F3B15
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/jagkvGMczuGumdcQOv0tx08eKcQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:30 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 204437
                          IP: 82.130.64.0/18
                          IP: 129.132.0.0/16
                          IP: 192.33.87.0 -- 192.33.110.255
                          IP: 2001:67c:10ec::/48
                          IP: 2001:67c:2e40::/48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:24:c5:23:1d:fb:d7:94:3f:34:0c:a1:2f:3b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8da824bc631ccee1ae99d7103afd2dc74f1e29c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a1:92:e6:b2:26:44:7c:ba:69:fb:d5:58:6b:
                    ed:91:7d:41:8b:b9:55:ce:89:ae:b9:0d:5e:d3:9a:
                    a0:1f:cf:57:56:ea:89:6b:e8:b9:5b:61:40:96:b4:
                    c3:c0:ee:ed:ff:a3:b6:10:d5:9b:41:c0:23:4c:dc:
                    ac:a3:59:15:ea:41:f7:84:6c:b1:59:ae:ad:ac:ae:
                    11:70:8e:71:3a:f6:1b:f6:05:21:2a:fb:66:88:f7:
                    73:d7:a7:19:c3:f4:7a:af:9b:23:db:e6:40:f4:3c:
                    71:b1:fb:f4:99:f3:b2:40:c0:41:ce:1e:32:e8:b8:
                    d5:03:fa:96:c4:93:f0:7c:08:80:ba:ca:56:39:d2:
                    10:29:33:b7:53:78:a3:1e:ea:07:09:7e:07:d4:49:
                    4e:2d:11:9c:bf:de:e3:86:0a:0c:b4:15:eb:ce:c2:
                    24:1f:cc:3d:24:42:7e:a4:71:07:7b:5e:b6:f7:d4:
                    ea:8a:89:01:fc:88:be:4b:e2:94:e3:7d:77:78:23:
                    56:ef:aa:25:a9:ad:ee:1e:1d:df:29:ea:c7:36:d0:
                    12:79:31:fc:33:b5:38:72:ee:2a:a7:79:ee:d9:6f:
                    15:a5:17:e0:f8:3a:41:04:de:4b:b2:fe:23:07:44:
                    fe:b3:e6:a0:e1:48:d9:84:2e:5c:63:f5:c8:a0:11:
                    df:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A8:24:BC:63:1C:CE:E1:AE:99:D7:10:3A:FD:2D:C7:4F:1E:29:C4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/jagkvGMczuGumdcQOv0tx08eKcQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.130.64.0/18
                  129.132.0.0/16
                  192.33.87.0-192.33.110.255
                IPv6:
                  2001:67c:10ec::/48
                  2001:67c:2e40::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204437

    Signature Algorithm: sha256WithRSAEncryption
         5c:ee:17:a8:72:cc:06:27:94:e6:26:a8:87:a4:72:17:02:d9:
         61:d9:ed:62:30:60:e2:e9:c3:bf:ae:14:16:cb:27:2e:aa:3b:
         20:e8:22:15:17:4d:4b:b8:52:5b:90:5e:b2:70:cc:ab:56:0c:
         10:69:4e:f3:69:39:96:3b:e1:fa:16:be:a7:08:b5:22:87:65:
         9f:ab:20:a2:47:99:4b:86:9d:fb:2f:1d:6f:be:00:84:7f:fb:
         c7:41:89:d0:79:d5:1a:f3:a0:ab:93:af:95:77:73:9b:9f:58:
         77:b0:52:33:b7:c0:31:d7:57:f2:6a:8e:64:d1:39:8b:8f:0c:
         1a:bc:4a:ab:e4:b3:c3:1a:b3:21:b2:ed:b2:cb:16:6d:20:24:
         a9:e3:6c:64:82:ff:85:64:26:cb:a3:f2:5b:6c:1d:f7:0c:ac:
         fc:29:84:47:f7:09:32:3d:6f:00:b4:9b:2f:a0:f0:90:0a:e7:
         28:c8:d0:12:f1:43:d7:39:98:7e:21:bd:a4:1a:5d:ab:5e:01:
         a0:5a:e8:1f:4b:64:24:c5:62:fb:dd:35:62:89:35:62:25:73:
         69:48:46:0c:8e:ef:93:1e:b8:93:3f:96:4e:28:9f:0b:e3:16:
         08:de:e4:4b:9a:88:c8:9d:fc:70:94:2a:b0:82:da:f3:cc:46:
         ba:cf:cf:3d
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAZQhsiTFIx3715Q/NAyhLzsVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGE4MjRiYzYzMWNjZWUxYWU5OWQ3MTAzYWZkMmRjNzRmMWUyOWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqGS5rImRHy6afvVWGvtkX1Bi7lV
zomuuQ1e05qgH89XVuqJa+i5W2FAlrTDwO7t/6O2ENWbQcAjTNyso1kV6kH3hGyx
Wa6trK4RcI5xOvYb9gUhKvtmiPdz16cZw/R6r5sj2+ZA9Dxxsfv0mfOyQMBBzh4y
6LjVA/qWxJPwfAiAuspWOdIQKTO3U3ijHuoHCX4H1ElOLRGcv97jhgoMtBXrzsIk
H8w9JEJ+pHEHe16299TqiokB/Ii+S+KU4313eCNW76olqa3uHh3fKerHNtASeTH8
M7U4cu4qp3nu2W8VpRfg+DpBBN5Lsv4jB0T+s+ag4UjZhC5cY/XIoBHfnwIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFI2oJLxjHM7hrpnXEDr9LcdPHinEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FjLzFjYWE3
OS1iOGM0LTRkMDgtOWJiZS0zODZjMWY4YjA2NDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMvMWNhYTc5
LWI4YzQtNGQwOC05YmJlLTM4NmMxZjhiMDY0MC8xL2phZ2t2R01jenVHdW1kY1FP
djB0eDA4ZUtjUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEwGCCsGAQUF
BwEHAQH/BD0wOzAfBAIAATAZAwQGUoJAAwMAgYQwDAMEAMAhVwMEAMAhbjAYBAIA
AjASAwcAIAEGfBDsAwcAIAEGfC5AMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMe
lTANBgkqhkiG9w0BAQsFAAOCAQEAXO4XqHLMBieU5iaoh6RyFwLZYdntYjBg4unD
v64UFssnLqo7IOgiFRdNS7hSW5BesnDMq1YMEGlO82k5ljvh+ha+pwi1Iodln6sg
okeZS4ad+y8db74AhH/7x0GJ0HnVGvOgq5OvlXdzm59Yd7BSM7fAMddX8mqOZNE5
i48MGrxKq+SzwxqzIbLtsssWbSAkqeNsZIL/hWQmy6PyW2wd9wys/CmER/cJMj1v
ALSbL6DwkArnKMjQEvFD1zmYfiG9pBpdq14BoFroH0tkJMVi+901Yok1YiVzaUhG
DI7vkx64kz+WTiifC+MWCN7kS5qIyJ38cJQqsILa88xGus/PPQ==
-----END CERTIFICATE-----