Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41oFbIJClx0akLC_qYsbepMFKIQ.cer
File:                     41oFbIJClx0akLC_qYsbepMFKIQ.cer (raw, json)
Hash identifier:          Ceao0NJt43d8U3plk7rXb9BiwKvCTCF1U51NQ0uZZAo=
Subject key identifier:   E3:5A:05:6C:82:42:97:1D:1A:90:B0:BF:A9:8B:1B:7A:93:05:28:84
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C36E496EDD0A64F83D45E60A03A6B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/41oFbIJClx0akLC_qYsbepMFKIQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:50 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 57672
                          IP: 192.146.137.0/24
                          IP: 2001:67c:26b4::/48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:36:e4:96:ed:d0:a6:4f:83:d4:5e:60:a0:3a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e35a056c8242971d1a90b0bfa98b1b7a93052884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:59:91:c7:5d:d8:68:1d:77:89:ba:47:83:19:
                    7a:73:e9:20:ba:a1:68:61:44:9b:68:b5:47:9b:d7:
                    75:d9:b6:fb:9e:01:da:79:ae:37:c1:46:03:05:95:
                    0b:7c:78:74:ae:68:03:97:1b:0c:77:d2:0a:f6:4c:
                    c1:00:43:72:9d:ac:42:5f:52:a6:c8:0f:59:52:28:
                    d8:8d:73:ab:f2:85:76:db:32:9d:5c:17:b8:f1:38:
                    9a:33:4f:c4:a4:2b:55:47:ab:a5:75:5a:c2:76:f7:
                    d3:c1:82:87:ab:74:af:bf:4b:8b:71:02:ed:dc:d9:
                    35:69:fa:46:4a:c1:7e:19:58:4a:0f:1c:84:25:3f:
                    64:92:65:b0:06:cc:ba:09:15:15:4f:dc:31:86:2c:
                    8e:f8:e7:9d:f0:03:a0:e1:9e:6b:f0:7e:68:92:bc:
                    e2:82:5f:c0:f0:02:c2:eb:d7:59:12:1e:2a:c5:b9:
                    f6:cb:4a:9a:99:8f:e7:ba:68:79:95:65:16:28:38:
                    db:15:78:dd:88:f9:79:fd:b9:9a:d8:7f:7a:3e:ff:
                    41:17:61:85:82:60:c4:66:78:62:81:6f:1a:40:f0:
                    f5:1b:11:60:58:4a:7a:28:b6:42:1f:f9:f8:96:7d:
                    c2:3e:50:76:c1:7f:91:07:98:b8:f3:d8:13:45:e9:
                    c5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:5A:05:6C:82:42:97:1D:1A:90:B0:BF:A9:8B:1B:7A:93:05:28:84
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/41oFbIJClx0akLC_qYsbepMFKIQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.146.137.0/24
                IPv6:
                  2001:67c:26b4::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57672

    Signature Algorithm: sha256WithRSAEncryption
         92:51:8c:fc:ce:94:1a:40:00:d2:03:cb:3d:6b:f5:eb:81:7a:
         76:df:d1:79:3a:ac:55:3e:87:44:a5:75:96:13:f1:49:c4:7c:
         3d:40:6f:7f:6d:28:83:4e:a4:8c:db:bd:bc:cd:78:2b:c5:0d:
         47:15:80:33:b9:1c:1a:04:ca:ab:98:d4:03:a2:68:f7:08:b4:
         65:77:85:ee:a2:fb:39:65:3b:5f:67:84:65:a0:49:8e:50:97:
         57:ac:f5:88:f5:e1:5f:9e:a7:df:9e:64:41:9b:c8:ee:6a:9e:
         89:5d:33:43:49:0a:f7:1f:5f:6a:21:05:c6:7b:39:d8:49:6e:
         84:62:08:93:7c:60:34:f3:84:14:2c:76:d6:1a:d5:1c:c7:cb:
         5a:d3:4c:cb:d7:d3:c2:9e:7c:87:6d:1c:c7:17:0a:d8:a9:de:
         e1:09:85:16:9b:3d:cd:31:a8:f9:c3:97:03:c4:98:10:39:ee:
         ff:0e:b9:79:8a:d6:d3:11:08:0d:6d:ec:bd:a6:6e:b3:0e:96:
         2f:25:48:ea:54:f3:42:fb:56:c6:b5:54:2b:d0:1c:97:6e:bd:
         a8:8d:a0:35:54:f4:71:35:49:5b:1a:64:a5:33:e4:66:46:37:
         9b:9c:a1:0c:f1:5f:85:6b:aa:0f:3c:d2:53:df:73:fe:28:1f:
         8f:4e:98:27
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgISAZQfjDbklu3Qpk+D1F5goDprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzVhMDU2YzgyNDI5NzFkMWE5MGIwYmZhOThiMWI3YTkzMDUyODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1mRx13YaB13ibpHgxl6c+kguqFo
YUSbaLVHm9d12bb7ngHaea43wUYDBZULfHh0rmgDlxsMd9IK9kzBAENynaxCX1Km
yA9ZUijYjXOr8oV22zKdXBe48TiaM0/EpCtVR6uldVrCdvfTwYKHq3Svv0uLcQLt
3Nk1afpGSsF+GVhKDxyEJT9kkmWwBsy6CRUVT9wxhiyO+Oed8AOg4Z5r8H5okrzi
gl/A8ALC69dZEh4qxbn2y0qamY/numh5lWUWKDjbFXjdiPl5/bma2H96Pv9BF2GF
gmDEZnhigW8aQPD1GxFgWEp6KLZCH/n4ln3CPlB2wX+RB5i489gTRenFnwIDAQAB
o4ICsTCCAq0wHQYDVR0OBBYEFONaBWyCQpcdGpCwv6mLG3qTBSiEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE3LzhjZDNi
YS05ZDcyLTQzNGYtOGY4Mi1hYWI0YmQ4ZmNlOWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcvOGNkM2Jh
LTlkNzItNDM0Zi04ZjgyLWFhYjRiZDhmY2U5ZC8xLzQxb0ZiSUpDbHgwYWtMQ19x
WXNiZXBNRktJUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAwJKJMA8EAgACMAkDBwAgAQZ8JrQwGgYIKwYB
BQUHAQgBAf8ECzAJoAcwBQIDAOFIMA0GCSqGSIb3DQEBCwUAA4IBAQCSUYz8zpQa
QADSA8s9a/XrgXp239F5OqxVPodEpXWWE/FJxHw9QG9/bSiDTqSM2728zXgrxQ1H
FYAzuRwaBMqrmNQDomj3CLRld4Xuovs5ZTtfZ4RloEmOUJdXrPWI9eFfnqffnmRB
m8juap6JXTNDSQr3H19qIQXGeznYSW6EYgiTfGA084QULHbWGtUcx8ta00zL19PC
nnyHbRzHFwrYqd7hCYUWmz3NMaj5w5cDxJgQOe7/Drl5itbTEQgNbey9pm6zDpYv
JUjqVPNC+1bGtVQr0ByXbr2ojaA1VPRxNUlbGmSlM+RmRjebnKEM8V+Fa6oPPNJT
33P+KB+PTpgn
-----END CERTIFICATE-----