Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
File:                     kdDHjDCaPpncmrdPLNwEhIWedTA.cer (raw, json)
Hash identifier:          W9Ve0iWHlbdDHvtXJVvbemDHfxzB87BHAgiHPfqCMFk=
Subject key identifier:   91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942067E8DE10E54F68FB9B675207CAEC48
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 207959
                          IP: 45.135.192.0/22
                          IP: 45.142.180.0/22
                          IP: 45.153.32.0/22
                          IP: 87.237.52.0/22
                          IP: 92.246.84.0/22
                          IP: 146.19.169.0/24
                          IP: 195.62.32.0/23
                          IP: 195.62.46.0/23
                          IP: 2a0d:c2c0::/29
                          IP: 2a10:ca80::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e8:de:10:e5:4f:68:fb:9b:67:52:07:ca:ec:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:26:ed:54:ea:30:14:86:8d:d5:ba:08:89:3d:
                    7b:17:3a:ef:57:ab:1c:74:05:46:c7:84:b2:6b:f9:
                    dc:a1:dc:56:ab:a8:a6:62:a4:36:2e:b8:8b:5d:39:
                    dc:46:c7:88:d6:50:10:98:f1:1f:0a:51:94:2c:b2:
                    b9:4c:8e:83:8d:09:43:bf:9a:a5:84:a9:fb:bb:51:
                    21:ea:76:25:11:80:71:7d:f5:57:41:db:66:2b:bf:
                    36:fc:1e:ac:56:0e:c5:58:2c:89:82:a2:f3:24:41:
                    d9:4e:da:98:3a:df:6a:da:c5:f4:bd:cf:32:7e:cc:
                    39:37:33:4a:4a:76:1e:d6:33:aa:2f:32:27:e0:5c:
                    4d:9f:8c:b1:a5:47:16:96:f7:04:f6:44:ef:02:f3:
                    05:24:bc:79:fa:03:85:96:20:36:c8:ac:b7:b6:57:
                    de:93:24:c3:b4:08:3d:b9:74:17:e6:36:8c:ef:8f:
                    47:48:1c:83:6a:d6:a8:13:e0:e2:c1:88:f3:58:b6:
                    a1:e5:53:14:f5:e8:1f:96:14:24:00:f4:fd:a4:5f:
                    97:af:6e:f7:8e:46:60:df:29:dd:b1:ca:ea:da:22:
                    5b:e5:34:ae:a2:e4:ce:03:73:02:4e:a6:e0:18:ab:
                    df:47:67:d3:df:3a:8f:2e:1f:16:f9:82:f4:ff:1b:
                    29:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.192.0/22
                  45.142.180.0/22
                  45.153.32.0/22
                  87.237.52.0/22
                  92.246.84.0/22
                  146.19.169.0/24
                  195.62.32.0/23
                  195.62.46.0/23
                IPv6:
                  2a0d:c2c0::/29
                  2a10:ca80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207959

    Signature Algorithm: sha256WithRSAEncryption
         8b:23:81:6e:80:9b:12:02:44:3b:b6:37:5d:aa:b5:8d:58:47:
         cf:b1:e3:18:63:dd:21:31:e5:2b:07:a2:a5:15:2e:10:2b:51:
         f1:f5:67:a5:bc:d2:b1:8b:ee:fb:ed:7d:4e:a7:7e:f7:4a:83:
         2b:7f:a8:d2:30:21:71:4e:94:a2:e9:73:26:06:3a:8c:da:02:
         64:cc:1c:ba:75:8f:b0:e5:2f:07:c3:8d:54:56:71:57:f1:a7:
         40:d8:61:eb:94:ac:1b:23:7c:42:19:70:0f:cf:07:1a:33:0f:
         13:75:60:62:20:a8:a8:42:cd:33:79:9a:88:03:51:f3:8b:77:
         25:94:65:b9:33:fe:53:2c:e6:89:5e:63:7c:c4:d2:8e:df:56:
         07:7c:d3:7a:f8:47:d9:94:23:d6:0c:eb:d3:a2:7a:f8:07:4f:
         89:39:20:d1:9a:b1:f1:e1:fa:44:e2:ea:01:01:83:11:8e:7d:
         be:aa:47:18:bb:9b:92:8c:b9:19:ec:de:f2:91:f8:24:d5:34:
         7f:58:a2:81:6b:06:5f:7a:a0:4c:1f:84:55:78:31:67:a7:0a:
         a2:09:8b:9f:50:d6:89:18:c6:86:4a:10:29:ad:20:63:d6:0e:
         28:ec:4c:e2:84:07:18:45:26:64:c0:e9:da:3e:46:dd:fc:0d:
         2d:e5:2e:c5
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgISAZQgZ+jeEOVPaPubZ1IHyuxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQwYzc4YzMwOWEzZTk5ZGM5YWI3NGYyY2RjMDQ4NDg1OWU3NTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ybtVOowFIaN1boIiT17FzrvV6sc
dAVGx4Sya/ncodxWq6imYqQ2LriLXTncRseI1lAQmPEfClGULLK5TI6DjQlDv5ql
hKn7u1Eh6nYlEYBxffVXQdtmK782/B6sVg7FWCyJgqLzJEHZTtqYOt9q2sX0vc8y
fsw5NzNKSnYe1jOqLzIn4FxNn4yxpUcWlvcE9kTvAvMFJLx5+gOFliA2yKy3tlfe
kyTDtAg9uXQX5jaM749HSByDataoE+DiwYjzWLah5VMU9egflhQkAPT9pF+Xr273
jkZg3yndscrq2iJb5TSuouTOA3MCTqbgGKvfR2fT3zqPLh8W+YL0/xspMwIDAQAB
o4IC4DCCAtwwHQYDVR0OBBYEFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM5LzI5M2Ey
Zi0zOTk3LTQ5N2YtOWVmMS00ODUyYzhmZjhhZjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkvMjkzYTJm
LTM5OTctNDk3Zi05ZWYxLTQ4NTJjOGZmOGFmMi8xL2tkREhqRENhUHBuY21yZFBM
TndFaElXZWRUQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF8GCCsGAQUF
BwEHAQH/BFAwTjA2BAIAATAwAwQCLYfAAwQCLY60AwQCLZkgAwQCV+00AwQCXPZU
AwQAkhOpAwQBwz4gAwQBwz4uMBQEAgACMA4DBQMqDcLAAwUDKhDKgDAaBggrBgEF
BQcBCAEB/wQLMAmgBzAFAgMDLFcwDQYJKoZIhvcNAQELBQADggEBAIsjgW6AmxIC
RDu2N12qtY1YR8+x4xhj3SEx5SsHoqUVLhArUfH1Z6W80rGL7vvtfU6nfvdKgyt/
qNIwIXFOlKLpcyYGOozaAmTMHLp1j7DlLwfDjVRWcVfxp0DYYeuUrBsjfEIZcA/P
BxozDxN1YGIgqKhCzTN5mogDUfOLdyWUZbkz/lMs5oleY3zE0o7fVgd803r4R9mU
I9YM69OievgHT4k5INGasfHh+kTi6gEBgxGOfb6qRxi7m5KMuRns3vKR+CTVNH9Y
ooFrBl96oEwfhFV4MWenCqIJi59Q1okYxoZKECmtIGPWDijsTOKEBxhFJmTA6do+
Rt38DS3lLsU=
-----END CERTIFICATE-----