Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-jB4ISMOe6gaTUcaWR546nWcaTQ.cer
File:                     1-jB4ISMOe6gaTUcaWR546nWcaTQ.cer (raw, json)
Hash identifier:          Ge4lh/T1wmAvPvmrbxaRla4iK+nJ8t7+cTXXEJhn9BM=
Subject key identifier:   FA:30:78:21:23:0E:7B:A8:1A:4D:47:1A:59:1E:78:EA:75:9C:69:34
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5B63608147F73DE49E7693F6C9427
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/910f67-1ffc-41c4-a2ea-f1e65f97c89a/1/1-jB4ISMOe6gaTUcaWR546nWcaTQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/910f67-1ffc-41c4-a2ea-f1e65f97c89a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 203034
                          IP: 185.147.20.0/22
                          IP: 2a07:5480::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b6:36:08:14:7f:73:de:49:e7:69:3f:6c:94:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa307821230e7ba81a4d471a591e78ea759c6934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9e:c3:49:47:ef:17:93:b3:72:25:d2:ce:01:
                    73:93:ca:49:82:e5:84:a3:27:89:26:a4:a5:f6:0b:
                    66:c2:09:b4:24:b9:35:1b:26:72:84:44:d4:30:b8:
                    f6:dc:f9:c6:de:5a:c9:b6:ea:15:a5:40:c8:18:9f:
                    0f:e8:aa:b6:37:e5:1d:d9:db:d3:20:c7:82:ce:ff:
                    f5:30:8c:12:e1:76:64:0b:4c:25:68:f0:74:b3:40:
                    f2:07:50:36:cb:fa:fc:f6:b8:91:e7:87:d0:fa:8c:
                    c3:df:e8:a0:52:a6:13:2a:66:2c:f0:c5:2e:ea:13:
                    2f:be:32:ca:09:8d:bf:fe:2e:de:77:07:88:1c:d1:
                    54:21:20:2e:1c:be:35:fc:d3:23:1f:fe:99:60:19:
                    1f:ed:34:76:d5:0d:1d:0c:fe:d0:e2:b7:f6:c1:87:
                    ff:eb:b9:06:ab:d6:0e:c8:0d:3b:e0:d8:9c:25:38:
                    a2:bb:c3:1a:22:2e:5d:5f:15:dd:61:c7:1e:1b:72:
                    4e:87:0e:8d:1c:e0:41:e9:ed:5f:6d:d3:4b:ae:0b:
                    27:95:ae:74:26:f4:5c:13:88:92:37:4e:73:a9:43:
                    a9:57:2b:7d:8d:d0:77:78:e3:d9:b3:13:e5:3f:ff:
                    bd:d9:11:fe:4a:cf:e2:7b:6b:08:91:76:6a:98:4d:
                    25:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:30:78:21:23:0E:7B:A8:1A:4D:47:1A:59:1E:78:EA:75:9C:69:34
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/910f67-1ffc-41c4-a2ea-f1e65f97c89a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/910f67-1ffc-41c4-a2ea-f1e65f97c89a/1/1-jB4ISMOe6gaTUcaWR546nWcaTQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.20.0/22
                IPv6:
                  2a07:5480::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203034

    Signature Algorithm: sha256WithRSAEncryption
         9b:1e:76:9f:4e:46:64:58:d3:3c:f9:30:30:26:aa:2e:96:e1:
         b6:26:e6:28:5c:d7:8e:31:79:a7:9e:7d:bc:ab:d6:d5:fc:94:
         eb:6a:31:41:4e:8c:c4:f8:13:f7:a7:6c:53:8f:b9:7e:d6:6c:
         5c:96:1e:e2:07:82:74:2e:01:a3:1f:31:35:39:c2:1a:9d:1c:
         ac:27:b2:ee:3f:21:89:a5:5f:47:62:37:25:4c:bd:ed:cf:6a:
         22:e1:76:55:4a:34:c4:66:0a:f0:b9:1c:cc:b2:52:a6:84:bc:
         54:ec:19:ed:1b:11:72:39:e0:5d:09:e9:26:9b:0e:99:13:30:
         e5:4e:dc:33:8c:c7:80:a8:4f:28:29:ec:af:49:25:6a:81:b5:
         29:2e:ca:63:48:51:16:76:8f:40:7c:af:ad:58:c1:26:3e:8b:
         24:cf:5c:74:4c:d1:e7:e0:8b:1a:94:27:dc:24:e7:d8:d9:be:
         22:73:71:a0:ca:71:68:d0:f5:f6:84:c5:0f:46:97:13:cb:ed:
         5f:0a:10:16:fa:08:a4:78:5a:77:30:63:b7:78:42:ee:a3:5a:
         1e:3c:83:15:34:68:dd:a4:23:d9:7c:9d:03:16:51:d3:c6:f0:
         82:ca:9f:b7:6d:b7:43:e5:b6:7c:68:d1:a2:a0:77:f2:9b:e4:
         f9:e8:7c:8c
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZQg1bY2CBR/c95J52k/bJQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTMwNzgyMTIzMGU3YmE4MWE0ZDQ3MWE1OTFlNzhlYTc1OWM2OTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ7DSUfvF5OzciXSzgFzk8pJguWE
oyeJJqSl9gtmwgm0JLk1GyZyhETUMLj23PnG3lrJtuoVpUDIGJ8P6Kq2N+Ud2dvT
IMeCzv/1MIwS4XZkC0wlaPB0s0DyB1A2y/r89riR54fQ+ozD3+igUqYTKmYs8MUu
6hMvvjLKCY2//i7edweIHNFUISAuHL41/NMjH/6ZYBkf7TR21Q0dDP7Q4rf2wYf/
67kGq9YOyA074NicJTiiu8MaIi5dXxXdYcceG3JOhw6NHOBB6e1fbdNLrgsnla50
JvRcE4iSN05zqUOpVyt9jdB3eOPZsxPlP/+92RH+Ss/ie2sIkXZqmE0lhQIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFPoweCEjDnuoGk1HGlkeeOp1nGk0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlLzkxMGY2
Ny0xZmZjLTQxYzQtYTJlYS1mMWU2NWY5N2M4OWEvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvOTEwZjY3
LTFmZmMtNDFjNC1hMmVhLWYxZTY1Zjk3Yzg5YS8xLzEtakI0SVNNT2U2Z2FUVWNh
V1I1NDZuV2NhVFEubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEF
BQcBBwEB/wQfMB0wDAQCAAEwBgMEArmTFDANBAIAAjAHAwUDKgdUgDAaBggrBgEF
BQcBCAEB/wQLMAmgBzAFAgMDGRowDQYJKoZIhvcNAQELBQADggEBAJsedp9ORmRY
0zz5MDAmqi6W4bYm5ihc144xeaeefbyr1tX8lOtqMUFOjMT4E/enbFOPuX7WbFyW
HuIHgnQuAaMfMTU5whqdHKwnsu4/IYmlX0diNyVMve3PaiLhdlVKNMRmCvC5HMyy
UqaEvFTsGe0bEXI54F0J6SabDpkTMOVO3DOMx4CoTygp7K9JJWqBtSkuymNIURZ2
j0B8r61YwSY+iyTPXHRM0efgixqUJ9wk59jZviJzcaDKcWjQ9faExQ9GlxPL7V8K
EBb6CKR4WncwY7d4Qu6jWh48gxU0aN2kI9l8nQMWUdPG8ILKn7dtt0Pltnxo0aKg
d/Kb5PnofIw=
-----END CERTIFICATE-----