Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
File:                     CNOlFWg-nduF0456s5wzrtrK9-8.cer (raw, json)
Hash identifier:          Z/jGLeAuK9ynAZU6uda4UMLzotP0xwhcrPZJH0ZGNxM=
Subject key identifier:   08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F035C8CD277E4572C0B5409742822
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:48:37 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 42229
                          AS: 60134
                          AS: 211653
                          IP: 185.1.90.0/24
                          IP: 185.1.242.0/24
                          IP: 193.30.129.0/24
                          IP: 213.232.248.0/24
                          IP: 2001:7f8:b2::/48
                          IP: 2001:7f8:12c::/48
                          IP: 2a0c:e40::/29
                          IP: 2a0c:5046::/31
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:03:5c:8c:d2:77:e4:57:2c:0b:54:09:74:28:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:5a:77:0f:22:f5:c4:1e:24:85:b6:4c:7e:cb:
                    c4:25:75:b3:f0:66:6a:71:28:84:15:81:bf:40:14:
                    ec:50:40:6f:97:45:fd:73:52:05:93:15:8c:bf:4a:
                    06:7a:5b:c8:9a:4d:25:ea:0b:38:bc:4f:3e:73:4c:
                    42:18:b3:29:f8:67:1a:bc:35:be:4c:b1:99:00:5b:
                    37:d4:96:a7:d7:16:d8:a7:70:df:3c:e4:bd:d0:87:
                    21:2f:5a:13:72:d6:68:e5:04:15:d7:d6:31:01:a1:
                    b4:fb:fb:cf:70:9a:cd:16:29:93:cd:3d:4b:d8:d3:
                    43:07:ec:73:00:54:b7:e6:87:1f:0c:38:44:5a:3e:
                    5e:2a:3c:ba:69:4b:43:2e:6b:fa:8f:09:af:02:c8:
                    d4:40:1b:f3:be:a5:ba:87:90:15:5a:4b:08:2a:7f:
                    9c:23:56:8f:e6:e2:b4:61:b9:9e:4e:fc:11:6f:0c:
                    15:48:fe:75:39:d0:bf:d3:51:e6:c3:e0:dd:dc:64:
                    77:62:21:d6:4d:b4:59:be:ef:24:7b:a6:8f:ad:91:
                    b4:ed:6e:8c:00:1d:0b:1c:20:35:ef:47:5d:c2:21:
                    e2:31:5d:2f:3e:5e:81:71:81:d2:8d:a0:d1:b2:33:
                    2a:dd:fd:8c:1e:90:92:63:c4:c7:27:96:b7:e1:86:
                    f0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.90.0/24
                  185.1.242.0/24
                  193.30.129.0/24
                  213.232.248.0/24
                IPv6:
                  2001:7f8:b2::/48
                  2001:7f8:12c::/48
                  2a0c:e40::/29
                  2a0c:5046::/31

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42229
                  60134
                  211653

    Signature Algorithm: sha256WithRSAEncryption
         17:ad:27:20:74:5d:70:46:bd:0b:26:d7:06:8a:35:2e:f7:e5:
         3d:95:f9:23:fb:15:eb:fc:45:76:f5:10:82:bb:14:71:f3:14:
         04:6d:50:c7:79:4e:e3:fc:98:4c:94:5d:e4:1d:17:1a:2a:af:
         05:c9:71:1c:51:bc:33:54:9b:58:be:01:3a:8c:ed:5c:a6:67:
         a3:4d:47:4b:96:12:74:9a:e9:2f:27:dc:54:22:8c:af:79:5c:
         5d:4f:c0:30:80:90:e5:a5:09:ee:9a:f3:7d:cc:21:a7:24:23:
         25:4b:63:3c:72:f3:22:84:64:83:8a:41:09:9f:75:52:2f:9b:
         77:7c:e4:57:bc:d0:41:f7:28:64:28:fb:26:15:46:f3:20:c3:
         b2:95:d0:ba:c0:02:4f:e6:39:8d:ac:71:64:61:b8:93:1b:7c:
         29:03:ab:f6:ab:9e:32:91:d9:94:cf:ee:90:8a:82:1f:49:03:
         85:83:b4:62:74:c7:d5:37:7a:72:ea:cb:14:c3:f8:14:3e:6e:
         6d:ae:35:59:0a:41:d6:31:83:b1:a6:4b:e0:00:cc:de:14:e8:
         d3:8a:58:cb:be:ef:41:fa:8d:b5:a7:e9:5f:f2:b5:1b:ec:20:
         ac:d5:81:a9:1f:27:ce:e7:3b:96:56:a1:fe:c4:1b:6b:ab:1b:
         44:10:a9:69
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgISAZQljwNcjNJ35FcsC1QJdCgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQzYTUxNTY4M2U5ZGRiODVkMzhlN2FiMzljMzNhZWRhY2FmN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilp3DyL1xB4khbZMfsvEJXWz8GZq
cSiEFYG/QBTsUEBvl0X9c1IFkxWMv0oGelvImk0l6gs4vE8+c0xCGLMp+GcavDW+
TLGZAFs31Jan1xbYp3DfPOS90IchL1oTctZo5QQV19YxAaG0+/vPcJrNFimTzT1L
2NNDB+xzAFS35ocfDDhEWj5eKjy6aUtDLmv6jwmvAsjUQBvzvqW6h5AVWksIKn+c
I1aP5uK0YbmeTvwRbwwVSP51OdC/01Hmw+Dd3GR3YiHWTbRZvu8ke6aPrZG07W6M
AB0LHCA170ddwiHiMV0vPl6BcYHSjaDRsjMq3f2MHpCSY8THJ5a34YbwCQIDAQAB
o4IC5DCCAuAwHQYDVR0OBBYEFAjTpRVoPp3bhdOOerOcM67ayvfvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E5LzY3Y2Zh
MC1hMzJiLTQwNjMtOTM3MC0wYjVjNWQ5NDQyNmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTkvNjdjZmEw
LWEzMmItNDA2My05MzcwLTBiNWM1ZDk0NDI2YS8xL0NOT2xGV2ctbmR1RjA0NTZz
NXd6cnRySzktOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFkGCCsGAQUF
BwEHAQH/BEowSDAeBAIAATAYAwQAuQFaAwQAuQHyAwQAwR6BAwQA1ej4MCYEAgAC
MCADBwAgAQf4ALIDBwAgAQf4ASwDBQMqDA5AAwUBKgxQRjAkBggrBgEFBQcBCAEB
/wQVMBOgETAPAgMApPUCAwDq5gIDAzrFMA0GCSqGSIb3DQEBCwUAA4IBAQAXrScg
dF1wRr0LJtcGijUu9+U9lfkj+xXr/EV29RCCuxRx8xQEbVDHeU7j/JhMlF3kHRca
Kq8FyXEcUbwzVJtYvgE6jO1cpmejTUdLlhJ0mukvJ9xUIoyveVxdT8AwgJDlpQnu
mvN9zCGnJCMlS2M8cvMihGSDikEJn3VSL5t3fORXvNBB9yhkKPsmFUbzIMOyldC6
wAJP5jmNrHFkYbiTG3wpA6v2q54ykdmUz+6QioIfSQOFg7RidMfVN3py6ssUw/gU
Pm5trjVZCkHWMYOxpkvgAMzeFOjTiljLvu9B+o21p+lf8rUb7CCs1YGpHyfO5zuW
VqH+xBtrqxtEEKlp
-----END CERTIFICATE-----