Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BaQevhJyohyuDqGzXcCD-taKXX0.cer
File:                     BaQevhJyohyuDqGzXcCD-taKXX0.cer (raw, json)
Hash identifier:          EZ1DxJgKYMePxuKDE9I+ysyiQktgG9pyrcrbUdzIAzU=
Subject key identifier:   05:A4:1E:BE:12:72:A2:1C:AE:0E:A1:B3:5D:C0:83:FA:D6:8A:5D:7D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194214417B676D57B41AD18160907948DCF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4b/95602e-9eb3-418b-bc00-167831613145/1/BaQevhJyohyuDqGzXcCD-taKXX0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4b/95602e-9eb3-418b-bc00-167831613145/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:18 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 59622
                          IP: 151.252.32.0/21
                          IP: 2a01:aa40::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:17:b6:76:d5:7b:41:ad:18:16:09:07:94:8d:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05a41ebe1272a21cae0ea1b35dc083fad68a5d7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a7:77:27:ac:ea:0e:e7:83:25:ec:92:20:af:
                    6a:17:02:76:68:20:a5:d1:52:ff:76:41:9c:1a:1a:
                    bc:53:40:6b:e2:70:71:64:75:c6:b1:35:f4:ae:c6:
                    9a:ef:90:7b:15:53:4f:81:aa:0e:0b:6e:6d:ce:fe:
                    b1:46:4c:3d:ed:0d:af:9f:4e:85:01:f1:5f:86:71:
                    69:9c:5d:ca:30:d4:47:e4:43:ba:55:d3:1a:74:b7:
                    09:5d:60:ac:6f:ba:e0:b0:eb:fe:d7:bf:70:02:4e:
                    e7:6b:0a:9e:d0:c8:53:87:e4:b2:3e:9c:76:56:eb:
                    1f:44:4e:10:7a:7f:9c:43:f4:f0:5c:fc:14:66:4f:
                    9b:8f:45:2b:43:a0:ce:f7:ae:a4:e5:69:6e:5a:90:
                    05:63:67:c7:33:ac:e6:e5:75:c1:98:af:e1:1d:68:
                    b3:91:47:61:b0:00:37:ed:d7:4b:f2:e1:7b:14:dc:
                    7d:09:ef:ad:cf:42:0a:e6:e3:97:fb:1a:34:bc:e3:
                    fc:32:47:35:22:74:84:08:8c:41:8e:df:a5:f1:4e:
                    0e:c9:25:9f:c3:7d:1c:03:14:b4:b8:a8:05:70:61:
                    df:0e:00:b9:07:d8:b4:8f:b9:e7:7d:41:45:66:4e:
                    af:45:50:bb:e9:39:28:5c:ad:85:87:7f:37:95:40:
                    79:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A4:1E:BE:12:72:A2:1C:AE:0E:A1:B3:5D:C0:83:FA:D6:8A:5D:7D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/95602e-9eb3-418b-bc00-167831613145/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/95602e-9eb3-418b-bc00-167831613145/1/BaQevhJyohyuDqGzXcCD-taKXX0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.252.32.0/21
                IPv6:
                  2a01:aa40::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  59622

    Signature Algorithm: sha256WithRSAEncryption
         8e:6b:b5:60:25:b5:9f:bc:25:fd:65:9f:c0:4a:c9:7a:8f:a1:
         ef:2b:d9:ae:2b:1f:ba:14:f1:4e:bf:ed:57:b8:09:ac:ad:5d:
         7f:6a:c1:a4:9a:4e:ab:02:79:9c:c2:90:dd:79:eb:0b:46:76:
         cb:35:e8:c1:cb:34:99:74:7f:8c:64:6d:16:fb:1c:bb:6c:e2:
         ca:aa:7e:79:ff:74:63:fc:55:af:8e:89:38:43:8c:8d:0e:86:
         e8:4f:25:86:5a:53:81:8d:11:b8:a6:0f:cb:07:e4:8d:cf:1c:
         66:b8:4a:10:d4:1f:b0:69:37:a7:1a:a3:9d:65:91:42:9e:fc:
         f5:82:b6:43:07:5c:6b:bd:28:0d:f3:11:7c:9f:26:0f:f5:75:
         d7:07:42:49:3a:65:a8:79:f4:35:d9:ed:8f:85:1c:3c:57:ef:
         49:e5:04:07:a2:ea:a8:dd:a5:3e:e3:c4:b0:b4:cc:e4:46:de:
         a5:c9:00:2c:98:a9:53:3a:f2:0e:9b:65:12:94:34:63:ce:17:
         a2:4b:2d:8d:ad:84:6b:2a:74:ce:d7:08:2a:0a:42:f0:7d:36:
         8d:fc:c1:c0:a5:17:81:35:a4:78:c7:a0:d6:ac:2f:74:6a:d8:
         71:fb:bd:4e:94:cc:6d:f9:29:af:95:98:84:b3:53:70:27:66:
         5c:d0:b2:d4
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQhRBe2dtV7Qa0YFgkHlI3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWE0MWViZTEyNzJhMjFjYWUwZWExYjM1ZGMwODNmYWQ2OGE1ZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKd3J6zqDueDJeySIK9qFwJ2aCCl
0VL/dkGcGhq8U0Br4nBxZHXGsTX0rsaa75B7FVNPgaoOC25tzv6xRkw97Q2vn06F
AfFfhnFpnF3KMNRH5EO6VdMadLcJXWCsb7rgsOv+179wAk7nawqe0MhTh+SyPpx2
VusfRE4Qen+cQ/TwXPwUZk+bj0UrQ6DO966k5WluWpAFY2fHM6zm5XXBmK/hHWiz
kUdhsAA37ddL8uF7FNx9Ce+tz0IK5uOX+xo0vOP8Mkc1InSECIxBjt+l8U4OySWf
w30cAxS0uKgFcGHfDgC5B9i0j7nnfUFFZk6vRVC76TkoXK2Fh383lUB5ZQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFAWkHr4ScqIcrg6hs13Ag/rWil19MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRiLzk1NjAy
ZS05ZWIzLTQxOGItYmMwMC0xNjc4MzE2MTMxNDUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGIvOTU2MDJl
LTllYjMtNDE4Yi1iYzAwLTE2NzgzMTYxMzE0NS8xL0JhUWV2aEp5b2h5dURxR3pY
Y0NELXRhS1hYMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQDl/wgMA0EAgACMAcDBQAqAapAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDo5jANBgkqhkiG9w0BAQsFAAOCAQEAjmu1YCW1n7wl
/WWfwErJeo+h7yvZrisfuhTxTr/tV7gJrK1df2rBpJpOqwJ5nMKQ3XnrC0Z2yzXo
wcs0mXR/jGRtFvscu2ziyqp+ef90Y/xVr46JOEOMjQ6G6E8lhlpTgY0RuKYPywfk
jc8cZrhKENQfsGk3pxqjnWWRQp789YK2Qwdca70oDfMRfJ8mD/V11wdCSTplqHn0
Ndntj4UcPFfvSeUEB6LqqN2lPuPEsLTM5EbepckALJipUzryDptlEpQ0Y84Xokst
ja2Eayp0ztcIKgpC8H02jfzBwKUXgTWkeMeg1qwvdGrYcfu9TpTMbfkpr5WYhLNT
cCdmXNCy1A==
-----END CERTIFICATE-----