Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
File:                     mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer (raw, json)
Hash identifier:          Xwf3x35H0lOXq6S0u+5L7bS9wdXtVM+AN5tmsFoR3Vs=
Subject key identifier:   99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B589B570A1F49DA8827D5A6E8974D4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:49:56 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 210539
                          IP: 185.149.24.0/22
                          IP: 185.162.88.0/22
                          IP: 185.165.152.0/22
                          IP: 185.170.128.0/22
                          IP: 185.172.36.0/22
                          IP: 185.174.40.0/22
                          IP: 185.175.164.0/22
                          IP: 185.196.220.0/22
                          IP: 2a07:6440::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:89:b5:70:a1:f4:9d:a8:82:7d:5a:6e:89:74:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b0:6c:de:31:cb:25:f1:39:86:0f:31:9e:5c:
                    c6:a3:1b:8a:13:33:d9:de:fe:fc:51:3f:d6:64:b5:
                    fa:f4:fb:b2:05:37:df:16:ad:37:77:84:77:0d:dc:
                    bf:c8:73:37:2f:a4:4b:7b:f1:a0:a6:cc:c0:b6:26:
                    f0:b0:e0:79:a6:2f:a2:19:c0:25:d2:9e:a6:7f:63:
                    f2:6c:aa:6b:3f:8a:7e:45:c1:35:67:6a:41:e9:b4:
                    11:24:2b:b3:f1:0b:c7:cb:42:d7:54:ad:d6:22:21:
                    5f:80:43:4e:4b:da:66:68:5c:a6:ea:98:ad:00:2b:
                    c4:00:fa:85:11:85:f6:77:d0:c2:9a:ad:7b:6d:f8:
                    be:ce:27:08:9a:d5:e8:63:f0:9d:a1:d3:42:3a:77:
                    5f:29:45:f4:e4:05:f1:e4:a3:17:83:47:12:ad:87:
                    4b:80:7a:be:e7:0a:22:fa:39:9e:c0:1f:af:a0:32:
                    00:31:fd:4c:01:d2:ff:c4:06:b0:da:d9:bc:4a:49:
                    80:1b:51:01:e2:11:46:42:ae:7e:40:32:59:86:9c:
                    ea:0d:42:30:86:83:9b:60:cd:15:6c:59:37:b2:11:
                    83:ea:14:84:03:97:6f:5f:a8:0e:d9:e6:0e:74:b7:
                    09:2b:b8:8f:66:7d:77:28:a6:17:5f:25:c0:fa:cb:
                    8d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.24.0/22
                  185.162.88.0/22
                  185.165.152.0/22
                  185.170.128.0/22
                  185.172.36.0/22
                  185.174.40.0/22
                  185.175.164.0/22
                  185.196.220.0/22
                IPv6:
                  2a07:6440::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210539

    Signature Algorithm: sha256WithRSAEncryption
         ab:e0:b7:76:5c:de:5b:32:df:a9:4e:96:35:53:51:20:c5:aa:
         92:e4:c8:ba:02:64:5d:a6:41:57:15:ef:0f:a9:c4:62:49:7b:
         0a:d9:99:82:9b:fc:04:00:c3:4f:1d:b7:15:37:8a:49:f7:69:
         e5:de:49:8d:92:35:5f:78:01:e9:08:20:b0:72:5b:b1:55:82:
         05:5c:f8:1d:6e:36:b5:23:a7:3d:cf:00:d8:a9:db:37:01:04:
         5d:b7:df:2c:77:aa:24:ed:91:db:25:c0:6f:17:d0:d1:ad:d3:
         01:74:ed:36:c6:0d:80:cf:93:51:7e:05:89:aa:1c:75:05:22:
         c3:b7:7f:49:f4:76:09:fa:8f:0e:8c:59:5f:f6:20:7c:ef:d3:
         4f:26:4d:42:c0:06:30:d7:6d:ef:f0:4f:bf:9e:f2:17:6c:e0:
         8b:6c:dc:16:ba:04:cd:2c:ee:5b:4c:a0:84:20:23:ba:60:e4:
         73:de:d5:68:79:19:66:d9:6a:ad:5a:f7:d0:5a:73:f1:14:f0:
         c6:19:d7:ed:11:48:b4:34:11:86:b8:44:ca:92:cd:c0:15:d5:
         ae:5c:ee:6b:16:e1:ab:5e:7b:74:e8:ff:25:13:84:f4:cf:13:
         9b:7c:f5:d0:78:ae:8c:56:44:32:4c:99:86:5b:59:31:d7:07:
         3b:dc:be:24
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgISAZQntYm1cKH0naiCfVpuiXTUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWNlNTY5YTE0YzJkYjM3NzJmMjMxODdjZTY4ZTY1NDFlYzAwNDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLBs3jHLJfE5hg8xnlzGoxuKEzPZ
3v78UT/WZLX69PuyBTffFq03d4R3Ddy/yHM3L6RLe/GgpszAtibwsOB5pi+iGcAl
0p6mf2PybKprP4p+RcE1Z2pB6bQRJCuz8QvHy0LXVK3WIiFfgENOS9pmaFym6pit
ACvEAPqFEYX2d9DCmq17bfi+zicImtXoY/CdodNCOndfKUX05AXx5KMXg0cSrYdL
gHq+5woi+jmewB+voDIAMf1MAdL/xAaw2tm8SkmAG1EB4hFGQq5+QDJZhpzqDUIw
hoObYM0VbFk3shGD6hSEA5dvX6gO2eYOdLcJK7iPZn13KKYXXyXA+suNCwIDAQAB
o4IC2TCCAtUwHQYDVR0OBBYEFJnOVpoUwts3cvIxh85o5lQewASOMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YyL2NjNmU5
OS02ZTVmLTQwMWItOTEyZC0xMDk1NTQ0YzZjNTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvY2M2ZTk5
LTZlNWYtNDAxYi05MTJkLTEwOTU1NDRjNmM1MC8xL21jNVdtaFRDMnpkeThqR0h6
bWptVkI3QUJJNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFgGCCsGAQUF
BwEHAQH/BEkwRzA2BAIAATAwAwQCuZUYAwQCuaJYAwQCuaWYAwQCuaqAAwQCuawk
AwQCua4oAwQCua+kAwQCucTcMA0EAgACMAcDBQMqB2RAMBoGCCsGAQUFBwEIAQH/
BAswCaAHMAUCAwM2azANBgkqhkiG9w0BAQsFAAOCAQEAq+C3dlzeWzLfqU6WNVNR
IMWqkuTIugJkXaZBVxXvD6nEYkl7CtmZgpv8BADDTx23FTeKSfdp5d5JjZI1X3gB
6QggsHJbsVWCBVz4HW42tSOnPc8A2KnbNwEEXbffLHeqJO2R2yXAbxfQ0a3TAXTt
NsYNgM+TUX4FiaocdQUiw7d/SfR2CfqPDoxZX/YgfO/TTyZNQsAGMNdt7/BPv57y
F2zgi2zcFroEzSzuW0yghCAjumDkc97VaHkZZtlqrVr30Fpz8RTwxhnX7RFItDQR
hrhEypLNwBXVrlzuaxbhq157dOj/JROE9M8Tm3z10HiujFZEMkyZhltZMdcHO9y+
JA==
-----END CERTIFICATE-----