Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tOxsCl6-xYF9kbkeeaa8YTLrnSw.cer
File:                     tOxsCl6-xYF9kbkeeaa8YTLrnSw.cer (raw, json)
Hash identifier:          HZw9ehhJhg7P8foc8Z3zZzmYSVZmAGWcM+Bqav/U+kE=
Subject key identifier:   B4:EC:6C:0A:5E:BE:C5:81:7D:91:B9:1E:79:A6:BC:61:32:EB:9D:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C9C6E8217D0475538E600E9C72CAE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/44/20974d-6403-4107-a75b-13fb7a5130ca/1/tOxsCl6-xYF9kbkeeaa8YTLrnSw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/44/20974d-6403-4107-a75b-13fb7a5130ca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:48:16 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 201364
                          IP: 185.77.1.0 -- 185.77.2.255
                          IP: 2a05:5ec0::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9c:6e:82:17:d0:47:55:38:e6:00:e9:c7:2c:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4ec6c0a5ebec5817d91b91e79a6bc6132eb9d2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e1:46:b9:9b:30:59:e5:f6:43:60:a4:be:f2:
                    60:61:ec:b0:34:35:ba:5b:b1:0e:54:38:9a:9d:9c:
                    4d:7e:0e:80:d5:e0:99:35:20:aa:4f:e7:a7:1e:05:
                    54:3f:73:65:24:db:64:bf:62:57:64:d0:4b:b4:57:
                    2c:76:b8:ff:af:17:2d:a1:ab:9e:2a:24:db:ef:84:
                    0b:5f:24:b4:4e:cb:17:52:22:b0:16:54:df:ea:cf:
                    32:49:50:96:52:2c:4d:5c:46:a3:c6:65:a0:32:44:
                    44:60:b6:c2:3a:c2:2a:01:92:76:cb:ec:20:02:e5:
                    ca:fa:04:62:21:2d:47:bc:66:b1:5f:0c:77:c0:be:
                    27:02:68:6d:a5:f2:79:de:a4:12:3d:22:be:4a:24:
                    e3:74:4a:05:a9:c0:9a:55:1d:3a:24:a7:a6:a4:6c:
                    30:55:49:cb:cc:77:8c:d7:4a:c4:cf:00:2f:60:ba:
                    90:26:13:25:15:02:9d:c4:92:c4:02:f0:3f:aa:0b:
                    07:dd:c8:50:8c:30:b5:9a:14:d6:9e:2d:6b:6b:b0:
                    fc:bf:a7:51:4f:26:3a:96:cb:53:67:82:73:7c:a7:
                    67:11:87:32:e5:e8:6a:e2:31:d7:28:01:0b:31:b8:
                    7e:ca:0c:d8:97:74:21:60:7b:dc:d6:e1:ee:b6:bd:
                    b4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:EC:6C:0A:5E:BE:C5:81:7D:91:B9:1E:79:A6:BC:61:32:EB:9D:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/20974d-6403-4107-a75b-13fb7a5130ca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/20974d-6403-4107-a75b-13fb7a5130ca/1/tOxsCl6-xYF9kbkeeaa8YTLrnSw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.1.0-185.77.2.255
                IPv6:
                  2a05:5ec0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201364

    Signature Algorithm: sha256WithRSAEncryption
         51:b7:21:9c:a8:90:d6:f8:7f:df:00:0d:39:6b:54:5c:1b:cd:
         e0:27:b3:46:cf:48:37:7e:01:f4:57:2e:4b:9e:ce:a5:de:38:
         fd:14:77:00:10:60:53:e7:0d:f3:0c:1c:d6:18:fb:4d:46:a7:
         d0:60:99:05:6b:98:f5:00:91:af:28:f8:b5:59:d8:49:5e:17:
         ca:0d:a3:29:5d:a2:c3:88:0c:22:a4:1a:06:ff:40:52:1a:d9:
         82:3d:45:ae:2c:4d:9b:a7:8c:c7:66:38:6c:41:6d:0e:10:5b:
         51:e5:a8:b4:a8:8d:68:b1:86:79:9b:42:75:49:43:44:9f:44:
         58:49:a3:43:30:7a:7e:ab:78:03:2e:1e:19:c4:e2:b7:85:c3:
         30:47:a6:15:77:96:6d:14:f1:d1:1a:dd:06:66:23:cd:21:93:
         df:f9:99:40:8e:71:93:25:2d:bb:2c:8c:a6:25:4f:ec:c1:d5:
         1c:20:7a:9b:11:9f:51:6d:42:0e:78:c8:19:c6:aa:81:4c:1d:
         1d:2f:f2:a3:7d:c6:e8:f2:1e:64:16:87:6f:2a:74:53:fe:87:
         cf:21:1d:b0:db:89:0e:5d:cf:d9:68:66:83:88:7c:9b:be:3f:
         a3:64:2d:40:9b:78:6a:c3:57:af:ac:80:89:82:e6:10:8d:2c:
         0b:51:e6:12
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgISAZQfjJxughfQR1U45gDpxyyuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGVjNmMwYTVlYmVjNTgxN2Q5MWI5MWU3OWE2YmM2MTMyZWI5ZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquFGuZswWeX2Q2CkvvJgYeywNDW6
W7EOVDianZxNfg6A1eCZNSCqT+enHgVUP3NlJNtkv2JXZNBLtFcsdrj/rxctoaue
KiTb74QLXyS0TssXUiKwFlTf6s8ySVCWUixNXEajxmWgMkREYLbCOsIqAZJ2y+wg
AuXK+gRiIS1HvGaxXwx3wL4nAmhtpfJ53qQSPSK+SiTjdEoFqcCaVR06JKempGww
VUnLzHeM10rEzwAvYLqQJhMlFQKdxJLEAvA/qgsH3chQjDC1mhTWni1ra7D8v6dR
TyY6lstTZ4JzfKdnEYcy5ehq4jHXKAELMbh+ygzYl3QhYHvc1uHutr20/wIDAQAB
o4ICtzCCArMwHQYDVR0OBBYEFLTsbApevsWBfZG5HnmmvGEy650sMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ0LzIwOTc0
ZC02NDAzLTQxMDctYTc1Yi0xM2ZiN2E1MTMwY2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMjA5NzRk
LTY0MDMtNDEwNy1hNzViLTEzZmI3YTUxMzBjYS8xL3RPeHNDbDYteFlGOWtia2Vl
YWE4WVRMcm5Tdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUF
BwEHAQH/BCcwJTAUBAIAATAOMAwDBAC5TQEDBAC5TQIwDQQCAAIwBwMFAyoFXsAw
GgYIKwYBBQUHAQgBAf8ECzAJoAcwBQIDAxKUMA0GCSqGSIb3DQEBCwUAA4IBAQBR
tyGcqJDW+H/fAA05a1RcG83gJ7NGz0g3fgH0Vy5Lns6l3jj9FHcAEGBT5w3zDBzW
GPtNRqfQYJkFa5j1AJGvKPi1WdhJXhfKDaMpXaLDiAwipBoG/0BSGtmCPUWuLE2b
p4zHZjhsQW0OEFtR5ai0qI1osYZ5m0J1SUNEn0RYSaNDMHp+q3gDLh4ZxOK3hcMw
R6YVd5ZtFPHRGt0GZiPNIZPf+ZlAjnGTJS27LIymJU/swdUcIHqbEZ9RbUIOeMgZ
xqqBTB0dL/Kjfcbo8h5kFodvKnRT/ofPIR2w24kOXc/ZaGaDiHybvj+jZC1Am3hq
w1evrICJguYQjSwLUeYS
-----END CERTIFICATE-----