Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0hpZQHIrIHsp2Vpsgb4NK_TUEMw.cer
File:                     0hpZQHIrIHsp2Vpsgb4NK_TUEMw.cer (raw, json)
Hash identifier:          5YWBWgh9QuAfJXcfj4ohv0k+UMAOAPEldxE+60VlXTE=
Subject key identifier:   D2:1A:59:40:72:2B:20:7B:29:D9:5A:6C:81:BE:0D:2B:F4:D4:10:CC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B474B5E1657DB031A967C248482FD6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/0hpZQHIrIHsp2Vpsgb4NK_TUEMw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:48:45 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215867
                          IP: 195.211.125.0/24
                          IP: 2a13:4280::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:74:b5:e1:65:7d:b0:31:a9:67:c2:48:48:2f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d21a5940722b207b29d95a6c81be0d2bf4d410cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:54:f9:96:39:43:1b:ac:97:3e:5a:e2:22:15:
                    f6:75:2f:bd:d8:99:9c:fc:67:9f:0a:96:86:26:17:
                    51:fe:14:aa:ed:86:80:21:20:56:fd:92:10:51:81:
                    db:23:99:27:9a:6c:9d:2c:20:0b:3c:de:03:aa:37:
                    8a:c2:b8:ca:5c:17:3f:0a:14:85:3e:2e:2f:e5:3e:
                    14:2e:1e:a0:c5:b6:0d:85:2c:67:ba:f7:68:ef:0e:
                    39:2e:07:bd:21:cb:ed:c0:1e:48:f1:6e:dc:30:26:
                    88:64:58:ac:3c:32:8e:5e:d1:c7:fc:60:d8:32:de:
                    0c:9f:8c:bd:a8:e7:aa:66:b7:20:f8:39:09:35:9b:
                    cb:02:53:50:ca:76:2f:5e:32:18:28:3d:5c:f6:88:
                    dc:fa:11:5b:69:c5:f9:3e:72:7e:27:e3:7f:2d:be:
                    09:32:bc:01:2f:45:8a:58:3a:1f:85:0c:87:90:5d:
                    95:39:9a:1e:dc:1e:6f:55:ab:34:a5:17:b5:3f:79:
                    e3:af:bf:d4:16:e8:75:d8:8e:31:c0:e2:24:17:68:
                    cd:f1:03:61:09:62:a5:0a:6f:b8:8f:8e:d2:66:42:
                    28:ee:07:12:f4:a4:a9:13:fc:6f:18:16:8e:da:de:
                    bf:8f:24:9c:74:7e:ce:4b:b3:f4:56:1c:4f:32:b8:
                    60:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:1A:59:40:72:2B:20:7B:29:D9:5A:6C:81:BE:0D:2B:F4:D4:10:CC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/0hpZQHIrIHsp2Vpsgb4NK_TUEMw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.125.0/24
                IPv6:
                  2a13:4280::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215867

    Signature Algorithm: sha256WithRSAEncryption
         26:4e:00:cf:28:d0:1e:d7:72:dc:c4:2a:46:47:0f:c9:c9:14:
         c1:18:c4:ea:35:7f:f4:34:8e:ce:b8:ae:5e:23:e4:e8:91:2b:
         2a:c1:18:0c:7a:86:9f:a7:ee:2c:94:25:c7:99:84:5f:d2:bf:
         91:a1:af:c4:8f:87:63:ca:91:b5:91:b5:b6:51:c5:fd:41:b6:
         60:18:f8:a6:a3:d3:7c:0a:48:7b:86:02:ad:3a:bb:cb:da:2c:
         f4:d9:0a:ee:45:f3:8d:5b:1c:28:d9:43:3d:86:c6:53:8c:17:
         ea:3e:14:ae:79:39:a5:56:f8:7f:51:dd:97:98:56:f7:4c:f1:
         94:64:79:55:87:41:70:06:3f:f6:91:74:0b:77:79:84:13:b5:
         5e:94:50:cb:a8:2d:a4:47:cd:5f:c5:c4:61:34:71:c8:88:51:
         c7:04:ac:ee:f3:8a:a4:7f:23:0a:5a:ab:97:3d:e5:f1:0d:8d:
         16:59:2b:2e:12:91:28:a6:bb:57:2c:c2:54:ee:f0:cb:fd:0d:
         7e:e0:dd:03:67:b1:d0:50:40:30:f2:f7:da:6c:ce:f0:e6:2e:
         7b:04:dc:2e:60:c0:4c:84:27:b0:97:b9:db:04:2e:16:7c:c2:
         c6:dd:79:cf:5c:eb:7c:ab:05:10:b0:41:b3:29:e5:f9:4c:d7:
         88:11:ff:fe
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQntHS14WV9sDGpZ8JISC/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjFhNTk0MDcyMmIyMDdiMjlkOTVhNmM4MWJlMGQyYmY0ZDQxMGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1T5ljlDG6yXPlriIhX2dS+92Jmc
/GefCpaGJhdR/hSq7YaAISBW/ZIQUYHbI5knmmydLCALPN4DqjeKwrjKXBc/ChSF
Pi4v5T4ULh6gxbYNhSxnuvdo7w45Lge9IcvtwB5I8W7cMCaIZFisPDKOXtHH/GDY
Mt4Mn4y9qOeqZrcg+DkJNZvLAlNQynYvXjIYKD1c9ojc+hFbacX5PnJ+J+N/Lb4J
MrwBL0WKWDofhQyHkF2VOZoe3B5vVas0pRe1P3njr7/UFuh12I4xwOIkF2jN8QNh
CWKlCm+4j47SZkIo7gcS9KSpE/xvGBaO2t6/jyScdH7OS7P0VhxPMrhgAQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFNIaWUByKyB7KdlabIG+DSv01BDMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ4LzU2NDMz
YS0wYTcwLTRlYWUtOWY5ZC04Y2ZiZGI3OTkyODQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDgvNTY0MzNh
LTBhNzAtNGVhZS05ZjlkLThjZmJkYjc5OTI4NC8xLzBocFpRSElySUhzcDJWcHNn
YjROS19UVUVNdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAw9N9MA0EAgACMAcDBQMqE0KAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNLOzANBgkqhkiG9w0BAQsFAAOCAQEAJk4AzyjQHtdy
3MQqRkcPyckUwRjE6jV/9DSOzriuXiPk6JErKsEYDHqGn6fuLJQlx5mEX9K/kaGv
xI+HY8qRtZG1tlHF/UG2YBj4pqPTfApIe4YCrTq7y9os9NkK7kXzjVscKNlDPYbG
U4wX6j4Urnk5pVb4f1Hdl5hW90zxlGR5VYdBcAY/9pF0C3d5hBO1XpRQy6gtpEfN
X8XEYTRxyIhRxwSs7vOKpH8jClqrlz3l8Q2NFlkrLhKRKKa7VyzCVO7wy/0NfuDd
A2ex0FBAMPL32mzO8OYuewTcLmDATIQnsJe52wQuFnzCxt15z1zrfKsFELBBsynl
+UzXiBH//g==
-----END CERTIFICATE-----