Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.cer
File:                     2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.cer (raw, json)
Hash identifier:          f1YuVIwDpUdtg/8E/C38x1sk+K0m/H1SkEYBJ2naarM=
Subject key identifier:   D8:18:2A:98:D6:EF:80:FF:B2:91:82:7D:A8:AC:CA:74:49:10:80:B4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B2DEE5F5C38A9EACAD207ABF68B744
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 201531
                          IP: 185.243.228.0/22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:de:e5:f5:c3:8a:9e:ac:ad:20:7a:bf:68:b7:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8182a98d6ef80ffb291827da8acca74491080b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cf:1c:13:53:f8:fa:97:c3:b8:1d:ae:f5:78:
                    51:28:6b:31:1b:11:d1:92:eb:e8:62:55:2c:7a:59:
                    d5:e7:df:54:c7:ef:bf:57:70:66:8c:3b:48:26:9b:
                    5f:3e:50:e3:dc:92:5c:39:42:a7:0a:43:34:cc:8c:
                    bc:3f:d8:69:d8:fe:aa:b2:b8:ef:11:09:34:ca:88:
                    b6:b2:e9:4d:ed:1a:8f:f9:d1:3a:d9:3f:d7:19:1f:
                    68:bf:ff:e1:d4:91:cd:d9:fa:48:24:94:31:8f:40:
                    73:ef:62:d8:87:04:a3:90:4a:00:d0:25:ac:6a:c7:
                    42:4b:23:e8:13:36:ce:68:7f:eb:b3:98:57:a8:1c:
                    7e:4c:d4:29:4b:5f:8a:6f:2d:ca:a4:a0:39:66:6b:
                    ee:c0:d4:25:67:ba:3f:e7:44:14:97:3f:f1:20:9f:
                    22:93:9a:f4:31:dd:2f:1d:0d:05:b1:71:23:d1:5b:
                    81:dd:e7:a5:dd:d2:52:81:83:a4:ba:84:97:bf:97:
                    b2:dc:50:85:00:0b:45:52:a5:ab:90:59:81:dd:be:
                    33:cd:09:6b:ef:e5:3b:99:3a:22:60:37:f1:f6:cd:
                    20:b0:ec:03:4e:50:aa:88:fc:ab:f6:e1:16:d7:a2:
                    2a:96:dc:27:b3:64:de:8e:9c:cb:7b:69:96:62:75:
                    b2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:18:2A:98:D6:EF:80:FF:B2:91:82:7D:A8:AC:CA:74:49:10:80:B4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.228.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201531

    Signature Algorithm: sha256WithRSAEncryption
         44:34:9d:bc:5d:ee:bc:04:0c:c1:ca:ce:eb:d1:dd:4f:6d:89:
         7b:78:17:d3:72:43:17:cd:94:0e:d1:50:93:1b:95:ac:58:54:
         1c:67:0f:2e:38:c7:57:60:c1:02:2b:f6:ca:c3:b6:c3:3a:3c:
         61:49:89:48:1e:00:ff:02:54:4f:bd:66:b2:c8:1a:4e:92:84:
         ef:64:a7:57:87:bf:41:c1:9d:df:f2:c2:46:86:e8:5a:77:14:
         68:2a:90:cc:f1:4f:84:9b:67:00:c9:b9:ac:20:bc:19:75:9d:
         ec:2c:44:83:4a:32:08:4f:a3:eb:d8:5d:77:a7:f6:31:a1:4a:
         09:bf:fb:3b:67:57:91:e9:7c:00:69:29:ae:54:2b:9e:e9:e2:
         d2:61:31:ab:92:90:1f:0c:98:ee:af:46:ed:51:1f:6e:b2:b0:
         b1:6a:9b:56:e9:78:e3:21:de:91:e9:4e:17:83:63:ab:6c:66:
         77:12:3e:b6:34:25:13:9e:ba:ba:07:29:ad:dc:4c:90:a6:34:
         c8:b2:c8:ac:bc:79:5e:86:80:2f:68:23:28:9f:31:4e:23:dd:
         c2:23:9d:36:e6:5a:da:03:ae:0c:a2:f7:d4:0b:d5:c7:b8:d3:
         97:95:b7:3d:ee:0a:90:70:c6:2e:89:87:d0:e4:fa:70:9d:a4:
         31:11:ba:23
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQkst7l9cOKnqytIHq/aLdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODE4MmE5OGQ2ZWY4MGZmYjI5MTgyN2RhOGFjY2E3NDQ5MTA4MGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc8cE1P4+pfDuB2u9XhRKGsxGxHR
kuvoYlUselnV599Ux++/V3BmjDtIJptfPlDj3JJcOUKnCkM0zIy8P9hp2P6qsrjv
EQk0yoi2sulN7RqP+dE62T/XGR9ov//h1JHN2fpIJJQxj0Bz72LYhwSjkEoA0CWs
asdCSyPoEzbOaH/rs5hXqBx+TNQpS1+Kby3KpKA5ZmvuwNQlZ7o/50QUlz/xIJ8i
k5r0Md0vHQ0FsXEj0VuB3eel3dJSgYOkuoSXv5ey3FCFAAtFUqWrkFmB3b4zzQlr
7+U7mToiYDfx9s0gsOwDTlCqiPyr9uEW16Iqltwns2TejpzLe2mWYnWyyQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFNgYKpjW74D/spGCfaisynRJEIC0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NjL2Q4NTIz
NS04MDhjLTRjMGEtOWM5Ny05YjM2MGUxYmEzMjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2MvZDg1MjM1
LTgwOGMtNGMwYS05Yzk3LTliMzYwZTFiYTMyMS8xLzJCZ3FtTmJ2Z1AteWtZSjlx
S3pLZEVrUWdMUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCufPkMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMTOzANBgkqhkiG9w0BAQsFAAOCAQEARDSdvF3uvAQMwcrO69HdT22Je3gX03JD
F82UDtFQkxuVrFhUHGcPLjjHV2DBAiv2ysO2wzo8YUmJSB4A/wJUT71mssgaTpKE
72SnV4e/QcGd3/LCRoboWncUaCqQzPFPhJtnAMm5rCC8GXWd7CxEg0oyCE+j69hd
d6f2MaFKCb/7O2dXkel8AGkprlQrnuni0mExq5KQHwyY7q9G7VEfbrKwsWqbVul4
4yHekelOF4Njq2xmdxI+tjQlE566ugcprdxMkKY0yLLIrLx5XoaAL2gjKJ8xTiPd
wiOdNuZa2gOuDKL31AvVx7jTl5W3Pe4KkHDGLomH0OT6cJ2kMRG6Iw==
-----END CERTIFICATE-----