Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vmFEtFm84Tnyc0pE-9tGyYEymys.cer
File:                     vmFEtFm84Tnyc0pE-9tGyYEymys.cer (raw, json)
Hash identifier:          Yrs+BWyFLhJJTYPwUJ58MMoiIu+fZLuBdHok5hUrhvY=
Subject key identifier:   BE:61:44:B4:59:BC:E1:39:F2:73:4A:44:FB:DB:46:C9:81:32:9B:2B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266C43AA2C84E3F708075246D96A8BDB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/3b84bd-133b-43d9-b9cf-17efa57b39d7/1/vmFEtFm84Tnyc0pE-9tGyYEymys.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/3b84bd-133b-43d9-b9cf-17efa57b39d7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:50:16 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 29007
                          IP: 46.182.96.0/21
                          IP: 78.154.64.0/19
                          IP: 185.9.124.0/22
                          IP: 217.28.144.0/20
                          IP: 2a00:c100::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:43:aa:2c:84:e3:f7:08:07:52:46:d9:6a:8b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be6144b459bce139f2734a44fbdb46c981329b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:95:d7:7d:42:2c:6f:62:0a:99:dc:92:08:d1:
                    10:da:25:5c:6a:9b:4e:28:22:53:76:ef:58:72:25:
                    fb:4a:ce:ff:16:d9:8d:13:50:d6:22:db:5f:55:b2:
                    5e:3a:e2:33:d4:6d:fb:d6:73:0f:6d:79:28:70:65:
                    eb:12:fa:7d:f2:70:73:22:17:25:9e:94:3e:cc:98:
                    21:d3:c2:01:0c:a3:9d:3c:57:31:74:20:0f:aa:d5:
                    a9:c8:cb:a3:34:49:15:c6:a9:27:ac:9d:94:fe:bc:
                    eb:5c:48:96:48:cd:c5:4c:7b:a9:d8:9b:f8:16:e0:
                    c1:81:17:9a:ab:0d:61:e5:dc:78:3e:96:56:ee:3c:
                    fc:4a:19:ec:b9:a3:33:9d:98:b8:d8:6d:3a:ff:a7:
                    54:ab:29:e0:f5:d9:5a:f0:e3:e9:c5:63:f5:d3:07:
                    ee:98:df:77:df:ec:98:53:c8:9c:50:a4:16:d6:b6:
                    52:21:86:e0:54:5e:fc:a0:49:3e:f1:20:85:02:47:
                    5e:f8:bc:74:5b:17:0a:20:ac:ce:1b:ac:bc:28:24:
                    a4:e6:88:35:c7:f0:7a:74:42:ec:84:ab:5e:fb:af:
                    24:c7:9b:e9:42:26:40:d5:f0:64:4c:8b:71:3b:fa:
                    a0:26:a0:1f:5d:ab:3b:ee:89:5c:f2:72:cc:4e:b2:
                    f2:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:61:44:B4:59:BC:E1:39:F2:73:4A:44:FB:DB:46:C9:81:32:9B:2B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/3b84bd-133b-43d9-b9cf-17efa57b39d7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/3b84bd-133b-43d9-b9cf-17efa57b39d7/1/vmFEtFm84Tnyc0pE-9tGyYEymys.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.96.0/21
                  78.154.64.0/19
                  185.9.124.0/22
                  217.28.144.0/20
                IPv6:
                  2a00:c100::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  29007

    Signature Algorithm: sha256WithRSAEncryption
         89:1d:8e:9b:93:72:8a:97:69:62:09:da:f3:b8:fc:ad:7a:0d:
         6a:3c:17:fc:02:83:4f:89:db:d2:da:a3:73:d9:46:2d:17:af:
         a6:f4:e0:e1:b9:e2:73:01:17:af:0e:41:06:fd:74:da:14:99:
         00:91:d4:1e:c8:81:7e:07:74:11:2f:fe:ac:f2:8e:99:37:5e:
         ea:b1:ba:58:9b:ca:5d:cb:76:f0:0c:ed:49:ac:32:ab:70:bc:
         a3:84:9c:68:68:ef:21:e2:df:85:13:15:b2:e9:cb:50:02:f2:
         a6:17:58:01:00:d0:a3:c0:41:5d:d0:bd:16:17:54:33:9b:b1:
         8f:84:a1:ff:66:50:ec:4f:31:30:5b:2e:92:31:39:b6:0e:45:
         7b:f1:db:54:cc:aa:ae:cc:0c:33:84:83:44:4f:84:fa:b0:2f:
         1f:fb:0b:bf:18:c6:cf:e7:75:dd:58:88:4e:d5:59:5f:16:a9:
         29:17:55:7e:5b:5c:c6:4a:ec:6b:9b:7a:a7:2d:35:96:80:60:
         4d:57:25:e6:e8:ef:d1:0a:42:a9:bb:2b:32:f8:64:d6:3e:a2:
         19:a4:eb:96:20:cd:d2:11:d1:26:7f:d2:85:e1:eb:87:17:e6:
         d6:0d:56:e9:62:79:d7:c5:46:bd:23:bd:47:fc:49:06:ba:e4:
         7c:cf:98:a4
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgISAZQmbEOqLITj9wgHUkbZaovbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTYxNDRiNDU5YmNlMTM5ZjI3MzRhNDRmYmRiNDZjOTgxMzI5YjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZXXfUIsb2IKmdySCNEQ2iVcaptO
KCJTdu9YciX7Ss7/FtmNE1DWIttfVbJeOuIz1G371nMPbXkocGXrEvp98nBzIhcl
npQ+zJgh08IBDKOdPFcxdCAPqtWpyMujNEkVxqknrJ2U/rzrXEiWSM3FTHup2Jv4
FuDBgReaqw1h5dx4PpZW7jz8ShnsuaMznZi42G06/6dUqyng9dla8OPpxWP10wfu
mN933+yYU8icUKQW1rZSIYbgVF78oEk+8SCFAkde+Lx0WxcKIKzOG6y8KCSk5og1
x/B6dELshKte+68kx5vpQiZA1fBkTItxO/qgJqAfXas77olc8nLMTrLycwIDAQAB
o4ICwDCCArwwHQYDVR0OBBYEFL5hRLRZvOE58nNKRPvbRsmBMpsrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlLzNiODRi
ZC0xMzNiLTQzZDktYjljZi0xN2VmYTU3YjM5ZDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvM2I4NGJk
LTEzM2ItNDNkOS1iOWNmLTE3ZWZhNTdiMzlkNy8xL3ZtRkV0Rm04NFRueWMwcEUt
OXRHeVlFeW15cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAGCCsGAQUF
BwEHAQH/BDEwLzAeBAIAATAYAwQDLrZgAwQFTppAAwQCuQl8AwQE2RyQMA0EAgAC
MAcDBQAqAMEAMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQCAnFPMA0GCSqGSIb3DQEB
CwUAA4IBAQCJHY6bk3KKl2liCdrzuPyteg1qPBf8AoNPidvS2qNz2UYtF6+m9ODh
ueJzARevDkEG/XTaFJkAkdQeyIF+B3QRL/6s8o6ZN17qsbpYm8pdy3bwDO1JrDKr
cLyjhJxoaO8h4t+FExWy6ctQAvKmF1gBANCjwEFd0L0WF1Qzm7GPhKH/ZlDsTzEw
Wy6SMTm2DkV78dtUzKquzAwzhINET4T6sC8f+wu/GMbP53XdWIhO1VlfFqkpF1V+
W1zGSuxrm3qnLTWWgGBNVyXm6O/RCkKpuysy+GTWPqIZpOuWIM3SEdEmf9KF4euH
F+bWDVbpYnnXxUa9I71H/EkGuuR8z5ik
-----END CERTIFICATE-----