Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CR2q09J9vPlNMAb7-6fh3dXSnxY.cer
File:                     CR2q09J9vPlNMAb7-6fh3dXSnxY.cer (raw, json)
Hash identifier:          sNrPuguK0vWGxIo+/UI55RWr5fF3jh7pa5frisQOEpc=
Subject key identifier:   09:1D:AA:D3:D2:7D:BC:F9:4D:30:06:FB:FB:A7:E1:DD:D5:D2:9F:16
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B5885744F6D4B093B5CB351B5EF304
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/84/a86f77-fae6-4fe2-ba4b-eb37e776ddd2/1/CR2q09J9vPlNMAb7-6fh3dXSnxY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/84/a86f77-fae6-4fe2-ba4b-eb37e776ddd2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:49:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 216186
                          IP: 91.238.238.0/24
                          IP: 2a10:be40::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:88:57:44:f6:d4:b0:93:b5:cb:35:1b:5e:f3:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=091daad3d27dbcf94d3006fbfba7e1ddd5d29f16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:32:f5:80:e5:7e:52:64:61:7d:e5:0c:80:9f:
                    aa:23:0b:15:39:aa:1f:c1:a1:c8:68:fd:08:36:9c:
                    95:13:d1:93:1c:1d:ad:ee:a8:4c:33:a9:fb:5b:dd:
                    db:04:22:5d:a1:73:0b:36:64:f9:35:e6:19:f2:de:
                    c4:96:7d:a5:a3:16:46:1c:b2:82:0e:da:de:cf:95:
                    d4:0a:bd:85:6d:a3:a6:3c:d2:4b:5a:60:29:a6:1d:
                    3e:09:7b:fe:0d:74:d6:a0:96:56:ea:a7:ab:a9:99:
                    90:54:1d:b8:34:4e:49:fe:0c:fa:26:77:5a:e6:7f:
                    a9:31:34:3e:a9:fe:62:63:95:39:6e:5f:ea:4c:ac:
                    f9:21:6a:a8:cf:62:ea:18:5e:ed:36:50:23:90:be:
                    e9:92:be:e6:58:c4:a6:89:b3:be:b9:05:04:fa:2c:
                    78:00:57:e6:31:99:d9:46:89:3a:8d:c4:a2:a6:74:
                    7a:df:e9:26:bf:c4:43:71:f6:6e:24:a8:d7:d0:e6:
                    3f:6c:64:ca:f6:ed:b2:d5:59:0d:96:f5:f7:0e:a5:
                    c4:9d:65:44:8a:5f:f5:c8:09:8a:b1:4c:1f:a5:7a:
                    65:67:9d:e0:ee:ea:65:79:ca:c4:29:d6:a3:c3:ec:
                    fa:89:ce:62:c8:65:66:c9:4e:55:95:95:66:dc:fe:
                    3f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1D:AA:D3:D2:7D:BC:F9:4D:30:06:FB:FB:A7:E1:DD:D5:D2:9F:16
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/a86f77-fae6-4fe2-ba4b-eb37e776ddd2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/a86f77-fae6-4fe2-ba4b-eb37e776ddd2/1/CR2q09J9vPlNMAb7-6fh3dXSnxY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.238.0/24
                IPv6:
                  2a10:be40::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216186

    Signature Algorithm: sha256WithRSAEncryption
         ac:5c:f3:28:2c:22:20:f0:0a:35:b5:53:a9:c5:39:21:af:d1:
         3e:f4:57:c0:54:84:80:95:f6:8b:a8:2b:fa:58:2e:36:d9:2c:
         2f:07:ff:85:a9:fb:bc:48:69:bb:39:4d:89:56:38:da:0f:25:
         42:ba:9e:97:ec:92:b1:23:5c:ca:bc:1f:22:35:cb:dd:db:8b:
         5f:ce:a8:5b:1c:11:42:15:2f:21:50:94:e3:48:87:2c:0c:f6:
         fa:0d:50:80:b2:ab:55:20:47:e2:67:fd:82:f3:12:ed:65:6e:
         62:1e:be:38:f5:87:22:dc:d0:e3:0a:64:f9:ec:8f:ee:42:ea:
         b6:f8:ac:0e:8b:48:c8:e1:cf:83:b7:ba:9b:99:ea:ea:74:9d:
         84:3d:21:94:51:5b:25:16:6b:5a:8a:19:b7:e8:74:9c:02:cd:
         d2:49:81:12:73:23:ab:90:cf:2e:b3:7c:b4:be:85:4e:91:a3:
         d5:30:fd:21:68:bb:79:14:77:c3:e0:c7:de:fa:38:65:4a:87:
         72:da:61:1a:13:84:dc:96:11:35:50:ff:bf:db:9a:23:ee:b1:
         4c:16:59:f7:cd:c4:7e:d9:53:c2:ec:7f:58:e1:c4:5e:31:c8:
         dc:23:01:a3:5d:65:d2:97:15:ae:c4:8e:df:20:78:09:d1:9d:
         de:82:c9:1a
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQntYhXRPbUsJO1yzUbXvMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTFkYWFkM2QyN2RiY2Y5NGQzMDA2ZmJmYmE3ZTFkZGQ1ZDI5ZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjL1gOV+UmRhfeUMgJ+qIwsVOaof
waHIaP0INpyVE9GTHB2t7qhMM6n7W93bBCJdoXMLNmT5NeYZ8t7Eln2loxZGHLKC
Dtrez5XUCr2FbaOmPNJLWmApph0+CXv+DXTWoJZW6qerqZmQVB24NE5J/gz6Jnda
5n+pMTQ+qf5iY5U5bl/qTKz5IWqoz2LqGF7tNlAjkL7pkr7mWMSmibO+uQUE+ix4
AFfmMZnZRok6jcSipnR63+kmv8RDcfZuJKjX0OY/bGTK9u2y1VkNlvX3DqXEnWVE
il/1yAmKsUwfpXplZ53g7uplecrEKdajw+z6ic5iyGVmyU5VlZVm3P4/vwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFAkdqtPSfbz5TTAG+/un4d3V0p8WMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg0L2E4NmY3
Ny1mYWU2LTRmZTItYmE0Yi1lYjM3ZTc3NmRkZDIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODQvYTg2Zjc3
LWZhZTYtNGZlMi1iYTRiLWViMzdlNzc2ZGRkMi8xL0NSMnEwOUo5dlBsTk1BYjct
NmZoM2RYU254WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAW+7uMA0EAgACMAcDBQAqEL5AMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNMejANBgkqhkiG9w0BAQsFAAOCAQEArFzzKCwiIPAK
NbVTqcU5Ia/RPvRXwFSEgJX2i6gr+lguNtksLwf/han7vEhpuzlNiVY42g8lQrqe
l+ySsSNcyrwfIjXL3duLX86oWxwRQhUvIVCU40iHLAz2+g1QgLKrVSBH4mf9gvMS
7WVuYh6+OPWHItzQ4wpk+eyP7kLqtvisDotIyOHPg7e6m5nq6nSdhD0hlFFbJRZr
WooZt+h0nALN0kmBEnMjq5DPLrN8tL6FTpGj1TD9IWi7eRR3w+DH3vo4ZUqHctph
GhOE3JYRNVD/v9uaI+6xTBZZ983EftlTwux/WOHEXjHI3CMBo11l0pcVrsSO3yB4
CdGd3oLJGg==
-----END CERTIFICATE-----