Certificate

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.cer
File:                     41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.cer (raw, json)
Hash identifier:          oKnKtEghdovRpzQ1IWL1h3sDPLwWS4WEuNxeWJ7tIE0=
Subject key identifier:   41:C6:B5:56:7A:DB:76:46:22:2A:1B:9F:1A:A7:03:8F:0C:2D:4B:4B
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       59D20F3574C5E7D51E143D0580B3B21DD7427F21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 11 Dec 2024 21:58:47 +0000
Certificate not after:    Wed 10 Dec 2025 22:03:47 +0000
Subordinate resources:    IP: 2a14:7580:b000::/36
                          IP: 2a14:7584:2000::/36
                          IP: 2a14:7585::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:d2:0f:35:74:c5:e7:d5:1e:14:3d:05:80:b3:b2:1d:d7:42:7f:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Dec 11 21:58:47 2024 GMT
            Not After : Dec 10 22:03:47 2025 GMT
        Subject: CN=41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:96:6c:51:e9:30:df:75:c3:c3:a1:2e:3b:d2:
                    ea:d1:56:82:bc:41:77:24:5b:ee:40:51:93:a8:ce:
                    58:8e:09:bf:84:0f:70:ec:80:a5:58:29:8e:fc:85:
                    ec:80:91:1e:6a:3c:d8:2e:4c:8e:ee:0d:55:cf:6d:
                    8f:af:5f:4e:7f:36:92:ef:f4:9a:c5:8a:19:4b:b0:
                    3c:fa:c1:3a:fe:b5:fa:ff:ff:ac:b7:5a:6a:5e:5a:
                    c2:85:7c:24:a3:ec:03:30:ff:ca:6f:b5:81:97:8f:
                    e2:d2:69:ae:ea:27:75:b5:2b:56:46:4a:d4:da:fc:
                    73:0e:c6:2f:0e:15:24:9b:58:21:8c:d3:15:a2:0f:
                    52:e6:e0:f6:49:09:f2:94:ce:c6:b0:3c:19:4b:24:
                    b5:5f:a9:00:08:db:7e:2a:ed:36:e1:e7:98:0a:fc:
                    a2:48:9f:88:93:10:c2:52:16:a7:33:07:85:bc:b6:
                    1a:c8:e9:26:73:d4:bc:cd:f5:39:a5:03:e3:5d:b6:
                    70:d9:52:50:67:74:86:a9:9c:ed:c1:94:f7:4a:79:
                    2c:f6:97:ed:3a:56:06:09:dc:fc:b0:61:09:58:64:
                    38:5c:04:9d:5b:d9:05:23:4c:75:7c:e6:10:a0:05:
                    00:5d:d5:81:4b:8e:97:a0:d6:fa:dc:31:c1:e3:af:
                    9e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                41:C6:B5:56:7A:DB:76:46:22:2A:1B:9F:1A:A7:03:8F:0C:2D:4B:4B
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:b000::/36
                  2a14:7584:2000::/36
                  2a14:7585::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:16:0e:a0:c9:a2:5b:2c:87:f3:d0:51:8a:09:9b:47:ad:76:
         02:c7:4e:1e:a5:89:ea:1a:49:7e:2a:ce:c3:c5:a8:95:83:68:
         ac:ad:0e:1f:09:a0:ce:cb:d0:60:7b:82:eb:26:41:66:da:26:
         13:fa:3a:1b:d1:12:1d:b5:f8:f1:51:e6:73:57:82:fb:5c:37:
         fc:de:83:f4:53:fb:50:14:0e:cf:98:26:12:4e:e6:0f:2e:ef:
         a9:8c:3c:1d:58:ff:6c:4c:6e:ff:78:5d:3b:00:f5:39:68:48:
         93:65:78:6d:e7:43:e6:77:9e:48:bb:ba:10:14:47:8c:1d:09:
         c0:de:1e:c2:4b:d3:fa:23:c1:9b:dd:26:38:a0:e4:57:59:fc:
         a3:5d:97:95:38:f2:48:62:ba:a8:10:04:97:c0:09:92:9a:5e:
         eb:1a:83:1c:54:7f:c8:e7:2c:f5:88:e4:04:9d:a7:4c:3d:2f:
         2d:62:c1:07:8b:0a:7b:cd:1d:b3:35:b7:af:33:75:e4:9c:cd:
         9f:c9:53:09:f2:74:9c:a8:ed:89:fe:c9:3d:dc:d3:23:f4:6b:
         c7:ff:fe:04:b9:76:d5:7b:54:95:cb:12:36:bc:40:23:2c:16:
         c0:cd:15:c3:d3:c3:ce:b4:90:28:7d:39:ec:2a:da:4a:ca:b2:
         93:23:9a:5d
-----BEGIN CERTIFICATE-----
MIIF6DCCBNCgAwIBAgIUWdIPNXTF59UeFD0FgLOyHddCfyEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNDEyMTEyMTU4NDdaFw0yNTEyMTAyMjAzNDdaMDMxMTAvBgNV
BAMTKDQxQzZCNTU2N0FEQjc2NDYyMjJBMUI5RjFBQTcwMzhGMEMyRDRCNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUlmxR6TDfdcPDoS470urRVoK8
QXckW+5AUZOozliOCb+ED3DsgKVYKY78heyAkR5qPNguTI7uDVXPbY+vX05/NpLv
9JrFihlLsDz6wTr+tfr//6y3WmpeWsKFfCSj7AMw/8pvtYGXj+LSaa7qJ3W1K1ZG
StTa/HMOxi8OFSSbWCGM0xWiD1Lm4PZJCfKUzsawPBlLJLVfqQAI234q7Tbh55gK
/KJIn4iTEMJSFqczB4W8thrI6SZz1LzN9TmlA+NdtnDZUlBndIapnO3BlPdKeSz2
l+06VgYJ3PywYQlYZDhcBJ1b2QUjTHV85hCgBQBd1YFLjpeg1vrcMcHjr55xAgMB
AAGjggLyMIIC7jAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRBxrVWett2RiIq
G58apwOPDC1LSzAfBgNVHSMEGDAWgBSoPUhlLzst909r+bqoqcF0zP03cjAOBgNV
HQ8BAf8EBAMCAQYwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC9BODNENDg2NTJGM0IyREY3NEY2QkY5QkFB
OEE5QzE3NENDRkQzNzcyLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKG
SHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUQxSVpT
ODdMZmRQYV9tNnFLbkJkTXo5TjNJLmNlcjCCAT8GCCsGAQUFBwELBIIBMTCCAS0w
XwYIKwYBBQUHMAWGU3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvMjJjZjhiYTctY2IwMi00MThiLWJlMDQtNGQ5ZjNhMDdlOTUwLzEv
MIGLBggrBgEFBQcwCoZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS8yMmNmOGJhNy1jYjAyLTQxOGItYmUwNC00ZDlmM2EwN2U5NTAv
MS80MUM2QjU1NjdBREI3NjQ2MjIyQTFCOUYxQUE3MDM4RjBDMkQ0QjRCLm1mdDA8
BggrBgEFBQcwDYYwaHR0cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3Rp
ZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUH
AQcBAf8EITAfMB0EAgACMBcDBgQqFHWAsAMGBCoUdYQgAwUAKhR1hTANBgkqhkiG
9w0BAQsFAAOCAQEALBYOoMmiWyyH89BRigmbR612AsdOHqWJ6hpJfirOw8WolYNo
rK0OHwmgzsvQYHuC6yZBZtomE/o6G9ESHbX48VHmc1eC+1w3/N6D9FP7UBQOz5gm
Ek7mDy7vqYw8HVj/bExu/3hdOwD1OWhIk2V4bedD5neeSLu6EBRHjB0JwN4ewkvT
+iPBm90mOKDkV1n8o12XlTjySGK6qBAEl8AJkppe6xqDHFR/yOcs9YjkBJ2nTD0v
LWLBB4sKe80dszW3rzN15JzNn8lTCfJ0nKjtif7JPdzTI/Rrx//+BLl21XtUlcsS
NrxAIywWwM0Vw9PDzrSQKH057CraSsqykyOaXQ==
-----END CERTIFICATE-----