Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/z6loMZ1yqYp1lAAzi3D9xniRLeY.cer
File:                     z6loMZ1yqYp1lAAzi3D9xniRLeY.cer (raw, json)
Hash identifier:          Yshixn5aK4P/GXoqCThZcuBjAGVVrVcbfAihH2etJZ4=
Subject key identifier:   CF:A9:68:31:9D:72:A9:8A:75:94:00:33:8B:70:FD:C6:78:91:2D:E6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D638A9A06E8AEA70FD3B82E0942902
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/45/dc616f-de9b-478e-8539-8ce51018e2e6/1/z6loMZ1yqYp1lAAzi3D9xniRLeY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/45/dc616f-de9b-478e-8539-8ce51018e2e6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 41887
                          IP: 62.204.64.0/19
                          IP: 94.228.128.0/20
                          IP: 178.22.80.0/21
                          IP: 185.63.164.0/22
                          IP: 195.144.2.0/24
                          IP: 2a00:d00::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:38:a9:a0:6e:8a:ea:70:fd:3b:82:e0:94:29:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfa968319d72a98a759400338b70fdc678912de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:91:f7:7e:b0:85:18:80:cf:14:d4:f0:1f:f5:
                    9a:74:a2:5a:ef:b0:dd:c8:b8:c4:3c:21:17:ba:e8:
                    a2:8a:df:1c:81:8d:cf:b8:d6:eb:f4:1b:7e:ea:a0:
                    40:af:c3:07:1e:ea:b6:8c:6f:56:3f:25:3d:56:59:
                    db:9e:99:40:6a:90:a6:55:5b:40:e7:df:76:31:74:
                    1c:38:c2:4d:66:2d:b3:da:ed:e6:db:d8:ad:2e:82:
                    bc:cf:a1:06:7a:ce:4a:ca:52:16:cd:2d:84:82:73:
                    0c:04:3f:dd:16:de:40:9e:0e:bf:7d:29:cb:71:22:
                    11:de:98:67:78:d0:69:af:47:5f:65:d1:f6:6e:20:
                    f3:6f:6b:23:bb:89:8d:76:3d:b8:7e:b8:2c:5c:bb:
                    7d:e2:7e:66:05:14:14:96:9b:22:82:fe:f3:0d:57:
                    9e:0f:a9:23:b6:e9:10:c2:6e:1f:8a:f2:e5:6a:21:
                    f6:50:02:93:e5:c6:72:f3:6a:2f:e2:9a:03:a8:1a:
                    e3:5c:1f:0a:ca:28:50:75:e6:ad:ec:7f:c1:84:4f:
                    c5:e3:cd:67:77:8f:21:e1:17:83:72:40:c8:39:c8:
                    ee:fa:4a:e5:d0:ae:5d:98:ca:f9:8f:b9:6b:cf:05:
                    cc:ca:d2:12:af:f6:46:df:f7:c9:77:6e:63:1f:7e:
                    52:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A9:68:31:9D:72:A9:8A:75:94:00:33:8B:70:FD:C6:78:91:2D:E6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dc616f-de9b-478e-8539-8ce51018e2e6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dc616f-de9b-478e-8539-8ce51018e2e6/1/z6loMZ1yqYp1lAAzi3D9xniRLeY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.64.0/19
                  94.228.128.0/20
                  178.22.80.0/21
                  185.63.164.0/22
                  195.144.2.0/24
                IPv6:
                  2a00:d00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41887

    Signature Algorithm: sha256WithRSAEncryption
         57:1a:fe:e8:4d:68:7b:f9:24:61:17:6d:71:df:2f:9a:21:53:
         1d:2d:fb:f9:e4:1d:6a:b6:fc:0c:57:0f:49:8f:da:29:0f:88:
         67:cc:ba:f0:60:34:75:b3:79:3f:13:c2:01:d7:8b:15:cb:12:
         f4:09:f8:d4:8e:3b:e6:97:ef:5c:eb:46:ce:f6:02:18:f9:26:
         41:c5:52:af:1f:0d:18:22:92:e6:0a:75:4a:a6:45:92:8a:e1:
         2a:57:80:b3:09:00:3f:01:95:28:bb:d3:7d:c7:9b:6c:c5:d7:
         71:88:8a:f6:b2:b2:58:14:51:4a:7e:63:91:a7:f7:8c:aa:6e:
         85:3f:d2:4c:01:09:0b:a9:19:a6:10:f8:ca:f4:2a:5e:9b:29:
         8e:76:3a:69:d2:e9:36:3f:3e:b3:29:f1:4e:ef:47:a7:86:94:
         4a:fc:0d:2b:8e:21:1f:1b:3d:a3:33:05:0a:12:fc:10:f5:15:
         44:45:0f:cd:2e:81:18:95:27:bb:9f:ac:a9:e7:c1:be:ff:7e:
         3c:49:27:6e:ac:30:1a:22:a9:17:f6:ca:7f:2c:3e:06:70:d3:
         14:ff:6d:1b:3a:94:b6:30:8b:20:a9:3f:ea:49:c4:24:a1:78:
         dc:df:8c:f9:a0:bf:e5:26:3d:ce:07:61:ec:45:84:40:0a:89:
         02:7b:a4:d1
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgISAZQg1jipoG6K6nD9O4LglCkCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmE5NjgzMTlkNzJhOThhNzU5NDAwMzM4YjcwZmRjNjc4OTEyZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZH3frCFGIDPFNTwH/WadKJa77Dd
yLjEPCEXuuiiit8cgY3PuNbr9Bt+6qBAr8MHHuq2jG9WPyU9VlnbnplAapCmVVtA
5992MXQcOMJNZi2z2u3m29itLoK8z6EGes5KylIWzS2EgnMMBD/dFt5Ang6/fSnL
cSIR3phneNBpr0dfZdH2biDzb2sju4mNdj24frgsXLt94n5mBRQUlpsigv7zDVee
D6kjtukQwm4fivLlaiH2UAKT5cZy82ov4poDqBrjXB8KyihQdeat7H/BhE/F481n
d48h4ReDckDIOcju+krl0K5dmMr5j7lrzwXMytISr/ZG3/fJd25jH35SWQIDAQAB
o4ICxzCCAsMwHQYDVR0OBBYEFM+paDGdcqmKdZQAM4tw/cZ4kS3mMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ1L2RjNjE2
Zi1kZTliLTQ3OGUtODUzOS04Y2U1MTAxOGUyZTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvZGM2MTZm
LWRlOWItNDc4ZS04NTM5LThjZTUxMDE4ZTJlNi8xL3o2bG9NWjF5cVlwMWxBQXpp
M0Q5eG5pUkxlWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEYGCCsGAQUF
BwEHAQH/BDcwNTAkBAIAATAeAwQFPsxAAwQEXuSAAwQDshZQAwQCuT+kAwQAw5AC
MA0EAgACMAcDBQMqAA0AMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCjnzANBgkq
hkiG9w0BAQsFAAOCAQEAVxr+6E1oe/kkYRdtcd8vmiFTHS37+eQdarb8DFcPSY/a
KQ+IZ8y68GA0dbN5PxPCAdeLFcsS9An41I475pfvXOtGzvYCGPkmQcVSrx8NGCKS
5gp1SqZFkorhKleAswkAPwGVKLvTfcebbMXXcYiK9rKyWBRRSn5jkaf3jKpuhT/S
TAEJC6kZphD4yvQqXpspjnY6adLpNj8+synxTu9Hp4aUSvwNK44hHxs9ozMFChL8
EPUVREUPzS6BGJUnu5+sqefBvv9+PEknbqwwGiKpF/bKfyw+BnDTFP9tGzqUtjCL
IKk/6knEJKF43N+M+aC/5SY9zgdh7EWEQAqJAnuk0Q==
-----END CERTIFICATE-----