Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DRhTK6ov2GWDomO7H7zLyA1A2ZA.cer
File:                     DRhTK6ov2GWDomO7H7zLyA1A2ZA.cer (raw, json)
Hash identifier:          OgDJFa2TozFhg8OqosrjyQWs0Nh5sG3uwucyhrPYULg=
Subject key identifier:   0D:18:53:2B:AA:2F:D8:65:83:A2:63:BB:1F:BC:CB:C8:0D:40:D9:90
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B57BE1656211B19AF2EA093D222DC2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/DRhTK6ov2GWDomO7H7zLyA1A2ZA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:49:52 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 207628
                          IP: 176.119.207.0/24
                          IP: 2a05:ed40::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:7b:e1:65:62:11:b1:9a:f2:ea:09:3d:22:2d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d18532baa2fd86583a263bb1fbccbc80d40d990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5a:e2:5e:4b:90:8a:8e:f9:e8:3f:f7:42:5f:
                    be:07:29:b9:7a:f3:a5:af:4a:0d:fe:4e:92:f7:0e:
                    01:1f:86:d5:db:84:da:ec:e6:01:a6:43:0f:b9:83:
                    51:d6:a7:76:8f:85:a2:be:90:10:56:18:54:b5:d8:
                    ae:cf:e0:9b:74:65:dc:9b:17:66:44:92:de:6c:8d:
                    17:e2:7a:68:a3:9a:a7:6a:64:db:ab:02:ac:05:28:
                    20:9d:26:a4:4f:c7:cd:a2:cd:19:47:db:b0:e5:06:
                    f7:7d:ad:bd:85:b5:ee:7d:90:f5:f3:45:99:df:80:
                    01:aa:a1:1c:b0:11:39:a3:77:cc:f6:af:76:73:ac:
                    41:01:02:ab:4b:8e:1d:5f:f2:bf:e1:03:14:73:50:
                    49:c6:6a:3d:d0:2e:4e:f6:56:70:b2:a2:d7:7d:b7:
                    51:32:28:23:ac:fc:9f:93:43:68:c3:6d:5a:50:fe:
                    2a:4c:b1:e5:1c:96:db:f0:c6:f0:40:0a:ca:5e:50:
                    7e:b7:e0:9a:67:0c:bc:8d:b7:10:b7:ee:7d:2c:84:
                    0c:5c:db:30:cf:be:d9:c4:89:54:a6:29:8a:15:d4:
                    47:c4:50:3c:88:5e:76:e1:09:8e:83:36:3f:e5:8a:
                    84:7e:16:f3:95:f2:ba:92:59:99:8c:dd:f2:a9:ca:
                    c4:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:18:53:2B:AA:2F:D8:65:83:A2:63:BB:1F:BC:CB:C8:0D:40:D9:90
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/DRhTK6ov2GWDomO7H7zLyA1A2ZA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.207.0/24
                IPv6:
                  2a05:ed40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207628

    Signature Algorithm: sha256WithRSAEncryption
         85:a4:0e:55:00:27:33:38:98:09:7b:4b:07:5f:d9:2f:df:8e:
         35:78:ea:ac:20:07:e7:ba:9e:9d:06:61:dc:41:6c:ea:84:ec:
         33:fb:ab:75:74:49:a0:47:42:d0:f9:61:68:98:8a:e9:30:e1:
         71:b6:f9:db:28:16:9d:39:4d:43:00:6b:12:54:fb:41:93:d8:
         76:6f:ff:10:51:a7:c2:0d:cd:ce:ab:e4:e4:59:0f:1b:b3:85:
         8a:09:92:33:08:57:ce:0f:20:26:be:7d:97:7a:e1:33:98:de:
         b5:24:ad:a0:e3:3e:58:c1:1c:ea:f1:ca:9d:3c:1e:5f:36:9d:
         3d:fd:a8:98:b0:64:49:c6:87:5d:13:cc:3b:d0:ce:33:16:bb:
         aa:25:fd:4b:8c:5d:0b:f5:b3:cb:8c:35:cb:d0:f1:1b:51:0d:
         83:9d:93:f6:b2:f7:48:7e:ee:ee:a3:50:83:d9:94:74:52:f1:
         77:e0:c6:bf:df:ce:df:22:3b:38:20:4a:3a:a2:0f:a7:c4:0f:
         7c:34:a6:94:04:6e:6e:b1:70:35:fa:32:bc:cf:29:ce:27:22:
         cb:94:fc:f2:06:41:10:40:40:c5:35:da:37:11:fc:2a:6d:01:
         e6:8a:ed:50:1c:9e:5b:48:f9:fc:fb:18:21:8f:8c:5c:30:08:
         5e:24:cc:66
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQntXvhZWIRsZry6gk9Ii3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDE4NTMyYmFhMmZkODY1ODNhMjYzYmIxZmJjY2JjODBkNDBkOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFriXkuQio756D/3Ql++Bym5evOl
r0oN/k6S9w4BH4bV24Ta7OYBpkMPuYNR1qd2j4WivpAQVhhUtdiuz+CbdGXcmxdm
RJLebI0X4npoo5qnamTbqwKsBSggnSakT8fNos0ZR9uw5Qb3fa29hbXufZD180WZ
34ABqqEcsBE5o3fM9q92c6xBAQKrS44dX/K/4QMUc1BJxmo90C5O9lZwsqLXfbdR
MigjrPyfk0Now21aUP4qTLHlHJbb8MbwQArKXlB+t+CaZwy8jbcQt+59LIQMXNsw
z77ZxIlUpimKFdRHxFA8iF524QmOgzY/5YqEfhbzlfK6klmZjN3yqcrEtwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFA0YUyuqL9hlg6Jjux+8y8gNQNmQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNmL2I4YjVi
ZC04YWRmLTQzZWYtOGFiZC0yYjNhMTU5Y2EyZWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2YvYjhiNWJk
LThhZGYtNDNlZi04YWJkLTJiM2ExNTljYTJlZi8xL0RSaFRLNm92MkdXRG9tTzdI
N3pMeUExQTJaQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAsHfPMA0EAgACMAcDBQMqBe1AMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMrDDANBgkqhkiG9w0BAQsFAAOCAQEAhaQOVQAnMziY
CXtLB1/ZL9+ONXjqrCAH57qenQZh3EFs6oTsM/urdXRJoEdC0PlhaJiK6TDhcbb5
2ygWnTlNQwBrElT7QZPYdm//EFGnwg3Nzqvk5FkPG7OFigmSMwhXzg8gJr59l3rh
M5jetSStoOM+WMEc6vHKnTweXzadPf2omLBkScaHXRPMO9DOMxa7qiX9S4xdC/Wz
y4w1y9DxG1ENg52T9rL3SH7u7qNQg9mUdFLxd+DGv9/O3yI7OCBKOqIPp8QPfDSm
lARubrFwNfoyvM8pziciy5T88gZBEEBAxTXaNxH8Km0B5ortUByeW0j5/PsYIY+M
XDAIXiTMZg==
-----END CERTIFICATE-----