Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qTS43sEoG8VDF8f-0OmsvHuXysc.cer
File:                     qTS43sEoG8VDF8f-0OmsvHuXysc.cer (raw, json)
Hash identifier:          K5PDmuNa40H4xpqOg5KKuJ7dl1Pwy0VH8c1akvlWfp0=
Subject key identifier:   A9:34:B8:DE:C1:28:1B:C5:43:17:C7:FE:D0:E9:AC:BC:7B:97:CA:C7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221FB700F8A2576A3A7B93234A0E558C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/qTS43sEoG8VDF8f-0OmsvHuXysc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:11 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 57761
                          IP: 185.27.216.0/22
                          IP: 2a00:8ac0::/32
                          IP: 2a04:3c40::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b7:00:f8:a2:57:6a:3a:7b:93:23:4a:0e:55:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a934b8dec1281bc54317c7fed0e9acbc7b97cac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e7:a3:28:e0:69:98:b9:0a:9b:bd:ad:79:f4:
                    99:4b:b8:f9:6d:c9:e9:9c:cd:06:c2:dd:72:30:34:
                    f2:a3:9b:c9:e3:85:b1:83:63:4e:7e:6b:5d:4a:80:
                    9e:d9:96:85:df:aa:89:3f:8a:49:f6:99:d9:c2:cd:
                    02:47:7d:26:1c:dc:af:71:da:ae:a9:8f:bd:b2:ee:
                    88:64:ab:c0:ec:4d:4c:a5:79:43:c8:ce:51:d7:9c:
                    1d:4e:54:46:9b:15:e5:4b:c9:77:00:4e:d0:38:ac:
                    25:34:b2:f5:20:8c:f2:83:af:f1:2e:2a:78:b1:b9:
                    cf:40:07:f8:9c:f6:2f:9b:31:02:fa:19:61:fa:bd:
                    b6:86:51:d9:b6:4c:b5:7a:2f:50:ef:6f:d0:a0:b0:
                    c0:6e:92:a1:81:0e:39:96:d4:9d:91:42:cc:fd:b4:
                    f5:20:b7:87:f5:55:24:18:06:18:c5:02:84:92:f8:
                    28:83:6a:ce:20:bf:12:9e:ce:47:6f:f5:ab:a7:e4:
                    37:5f:b1:bc:16:09:95:f4:4a:e4:25:e9:11:e7:81:
                    f4:3e:4b:be:b3:a0:08:55:29:18:cc:ea:01:9e:21:
                    69:8d:be:16:bc:34:bc:9e:0f:13:54:a3:0c:63:56:
                    3d:71:1d:17:53:be:c3:4b:f4:d2:2a:b8:c4:ad:2b:
                    bd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:34:B8:DE:C1:28:1B:C5:43:17:C7:FE:D0:E9:AC:BC:7B:97:CA:C7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/qTS43sEoG8VDF8f-0OmsvHuXysc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.216.0/22
                IPv6:
                  2a00:8ac0::/32
                  2a04:3c40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57761

    Signature Algorithm: sha256WithRSAEncryption
         17:56:25:d8:56:43:00:52:95:62:97:e8:ef:a3:92:33:47:8e:
         19:bf:b1:59:14:90:17:fd:72:49:ac:b9:a1:b0:e5:2f:70:44:
         29:5b:31:25:e4:99:74:e4:98:24:8b:2d:cf:01:a3:1b:33:98:
         0b:98:fb:b9:8b:ae:ad:0c:af:3b:a6:47:da:19:9c:3f:92:b7:
         ee:a4:56:dc:e7:d1:c9:39:55:b8:04:be:42:93:ac:2f:b8:39:
         bc:a0:0c:cc:07:a3:b8:58:0a:75:d2:78:0a:4c:23:1c:2e:64:
         d1:67:06:79:39:8b:68:ab:31:b5:d8:aa:a8:50:04:af:9a:46:
         6d:f6:c6:89:46:47:49:c1:14:28:8a:00:20:20:6c:33:81:f6:
         c3:45:ab:8f:f5:e9:b5:9e:85:1e:11:ce:8d:e8:cc:9d:90:82:
         5d:30:58:c7:4c:1c:f1:b7:ea:a4:40:94:94:bf:73:43:8d:04:
         b3:b2:f4:e3:bd:e0:58:27:2d:f8:e3:f1:25:c7:f0:d7:1f:7d:
         e2:a8:2a:68:e6:ef:c7:b6:49:31:4b:4b:9e:bd:73:83:19:eb:
         11:ab:07:b0:99:d3:a7:6f:0a:86:cb:8c:ca:10:45:d2:af:bc:
         b1:ae:85:bf:19:13:03:1b:6c:59:2e:28:95:fa:6b:0e:19:01:
         b7:1b:66:d2
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgISAZQiH7cA+KJXajp7kyNKDlWMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTM0YjhkZWMxMjgxYmM1NDMxN2M3ZmVkMGU5YWNiYzdiOTdjYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+ejKOBpmLkKm72tefSZS7j5bcnp
nM0Gwt1yMDTyo5vJ44Wxg2NOfmtdSoCe2ZaF36qJP4pJ9pnZws0CR30mHNyvcdqu
qY+9su6IZKvA7E1MpXlDyM5R15wdTlRGmxXlS8l3AE7QOKwlNLL1IIzyg6/xLip4
sbnPQAf4nPYvmzEC+hlh+r22hlHZtky1ei9Q72/QoLDAbpKhgQ45ltSdkULM/bT1
ILeH9VUkGAYYxQKEkvgog2rOIL8Sns5Hb/Wrp+Q3X7G8FgmV9ErkJekR54H0Pku+
s6AIVSkYzOoBniFpjb4WvDS8ng8TVKMMY1Y9cR0XU77DS/TSKrjErSu9KQIDAQAB
o4ICtjCCArIwHQYDVR0OBBYEFKk0uN7BKBvFQxfH/tDprLx7l8rHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA0Lzg3YjU2
Mi1jYjdkLTRhOTMtYmQ0My0yN2VlNDJkOTI1YWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDQvODdiNTYy
LWNiN2QtNGE5My1iZDQzLTI3ZWU0MmQ5MjVhZC8xL3FUUzQzc0VvRzhWREY4Zi0w
T21zdkh1WHlzYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDUGCCsGAQUF
BwEHAQH/BCYwJDAMBAIAATAGAwQCuRvYMBQEAgACMA4DBQAqAIrAAwUDKgQ8QDAa
BggrBgEFBQcBCAEB/wQLMAmgBzAFAgMA4aEwDQYJKoZIhvcNAQELBQADggEBABdW
JdhWQwBSlWKX6O+jkjNHjhm/sVkUkBf9ckmsuaGw5S9wRClbMSXkmXTkmCSLLc8B
oxszmAuY+7mLrq0MrzumR9oZnD+St+6kVtzn0ck5VbgEvkKTrC+4ObygDMwHo7hY
CnXSeApMIxwuZNFnBnk5i2irMbXYqqhQBK+aRm32xolGR0nBFCiKACAgbDOB9sNF
q4/16bWehR4Rzo3ozJ2Qgl0wWMdMHPG36qRAlJS/c0ONBLOy9OO94FgnLfjj8SXH
8NcffeKoKmjm78e2STFLS569c4MZ6xGrB7CZ06dvCobLjMoQRdKvvLGuhb8ZEwMb
bFkuKJX6aw4ZAbcbZtI=
-----END CERTIFICATE-----