Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DUHQpubfLhjCVnMjaNbnaCiTExA.cer
File:                     DUHQpubfLhjCVnMjaNbnaCiTExA.cer (raw, json)
Hash identifier:          s/VEo0EBrHaHSouDAeB+WUGZY8SO2jjwPMxadt+zOXw=
Subject key identifier:   0D:41:D0:A6:E6:DF:2E:18:C2:56:73:23:68:D6:E7:68:28:93:13:10
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194236A22DDCBF1DEFC819613AEA4821816
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:49:05 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 51546
                          IP: 88.218.20.0/22
                          IP: 185.127.228.0/22
                          IP: 185.176.96.0/22
                          IP: 185.181.44.0/22
                          IP: 2a03:9920::/32
                          IP: 2a09:9680::/29
                          IP: 2a0a:f80::/29
                          IP: 2a0a:c080::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:22:dd:cb:f1:de:fc:81:96:13:ae:a4:82:18:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d41d0a6e6df2e18c256732368d6e76828931310
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:10:e9:49:a4:1c:fa:93:67:16:d0:51:6d:ae:
                    13:df:10:d0:3b:38:0c:3c:0b:12:20:ad:01:20:a3:
                    50:de:e9:4a:32:22:05:16:16:dd:26:3f:12:af:56:
                    38:d6:17:d8:06:02:8c:b3:eb:c2:c3:07:71:4f:11:
                    a7:bc:11:4e:33:c0:fb:d4:10:d8:a8:66:28:60:e6:
                    03:57:1c:a4:54:7b:c6:5c:72:88:c2:c0:ca:fa:82:
                    02:bb:f8:b6:08:f2:cb:e7:61:92:85:da:a8:5d:2b:
                    78:b9:f4:9d:a9:5c:64:ce:c8:6f:2f:ce:40:73:3a:
                    ec:74:2f:72:12:48:ad:74:bd:f0:4b:a0:2a:be:f3:
                    75:31:05:65:93:43:fc:b8:36:ea:8e:a7:89:ee:3c:
                    2b:8e:7d:ca:05:68:33:ec:55:13:9b:87:ef:a9:c6:
                    d5:3d:0c:40:4a:25:7d:fb:9a:45:a9:56:96:f8:c4:
                    8c:55:7a:b8:11:2d:8e:fa:62:91:b1:e5:ac:59:70:
                    28:fb:cc:5b:6f:e9:f6:7c:25:ea:8d:9e:a9:68:c3:
                    ed:7c:79:18:e3:aa:6e:8f:16:08:e7:fc:4a:e4:55:
                    96:e5:14:f5:d6:ae:a2:cc:f9:23:0c:b8:94:c4:d6:
                    f4:33:2f:c7:ef:e9:9c:7a:ca:fb:e9:12:6b:72:42:
                    0a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:41:D0:A6:E6:DF:2E:18:C2:56:73:23:68:D6:E7:68:28:93:13:10
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.20.0/22
                  185.127.228.0/22
                  185.176.96.0/22
                  185.181.44.0/22
                IPv6:
                  2a03:9920::/32
                  2a09:9680::/29
                  2a0a:f80::/29
                  2a0a:c080::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51546

    Signature Algorithm: sha256WithRSAEncryption
         2a:d2:89:88:73:52:a8:db:c6:ec:a1:af:f8:2c:dc:07:7b:cd:
         5d:3e:2c:4c:09:62:a5:0d:2f:bc:cc:fc:6a:39:4b:c7:65:83:
         af:31:10:78:6f:2e:ec:c6:fd:fd:fa:2c:a4:ae:bd:f5:98:fb:
         b6:f6:2a:78:44:3e:82:2f:8d:11:91:18:f8:0a:9a:16:15:b8:
         93:f2:19:b9:e4:b5:3b:c6:0e:6f:00:4e:a0:ca:b7:5e:cd:85:
         c4:84:72:8e:17:6a:de:ad:bc:68:64:52:4d:d4:83:35:72:b9:
         e3:01:4e:d9:5a:da:f9:ce:3e:ed:1e:bb:58:d1:50:f3:d3:14:
         c8:66:23:18:af:83:c4:58:cf:b7:d3:91:21:9e:41:0b:99:60:
         23:46:bd:6f:97:7e:a5:a5:f4:12:56:21:d4:e3:c3:fa:4f:08:
         4e:6b:9c:9d:e1:41:c3:5a:f5:f6:90:80:a8:0a:0e:24:d6:dc:
         eb:a3:65:fb:84:e5:ac:1d:88:c3:55:5c:d4:e3:18:83:9b:62:
         a4:6c:e8:ba:73:bb:b5:e6:c5:3c:39:5e:31:a5:63:ef:7f:f1:
         5a:9f:9c:cd:bf:17:cf:1a:8f:1d:77:48:0b:c1:40:6a:1c:b4:
         a6:ab:35:1a:4a:a3:76:a0:b4:2a:35:b9:7a:7e:ce:67:de:5f:
         be:e1:06:c8
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAZQjaiLdy/He/IGWE66kghgWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQxZDBhNmU2ZGYyZTE4YzI1NjczMjM2OGQ2ZTc2ODI4OTMxMzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBDpSaQc+pNnFtBRba4T3xDQOzgM
PAsSIK0BIKNQ3ulKMiIFFhbdJj8Sr1Y41hfYBgKMs+vCwwdxTxGnvBFOM8D71BDY
qGYoYOYDVxykVHvGXHKIwsDK+oICu/i2CPLL52GShdqoXSt4ufSdqVxkzshvL85A
czrsdC9yEkitdL3wS6AqvvN1MQVlk0P8uDbqjqeJ7jwrjn3KBWgz7FUTm4fvqcbV
PQxASiV9+5pFqVaW+MSMVXq4ES2O+mKRseWsWXAo+8xbb+n2fCXqjZ6paMPtfHkY
46pujxYI5/xK5FWW5RT11q6izPkjDLiUxNb0My/H7+mcesr76RJrckIKgQIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFA1B0Kbm3y4YwlZzI2jW52gokxMQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4Lzk4Mzdi
Mi0wZGYwLTRmNWEtODBkYi02MmI2NDBiMDJlMmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvOTgzN2Iy
LTBkZjAtNGY1YS04MGRiLTYyYjY0MGIwMmUyYi8xL0RVSFFwdWJmTGhqQ1ZuTWph
TmJuYUNpVEV4QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFUGCCsGAQUF
BwEHAQH/BEYwRDAeBAIAATAYAwQCWNoUAwQCuX/kAwQCubBgAwQCubUsMCIEAgAC
MBwDBQAqA5kgAwUDKgmWgAMFAyoKD4ADBQMqCsCAMBoGCCsGAQUFBwEIAQH/BAsw
CaAHMAUCAwDJWjANBgkqhkiG9w0BAQsFAAOCAQEAKtKJiHNSqNvG7KGv+CzcB3vN
XT4sTAlipQ0vvMz8ajlLx2WDrzEQeG8u7Mb9/fospK699Zj7tvYqeEQ+gi+NEZEY
+AqaFhW4k/IZueS1O8YObwBOoMq3Xs2FxIRyjhdq3q28aGRSTdSDNXK54wFO2Vra
+c4+7R67WNFQ89MUyGYjGK+DxFjPt9ORIZ5BC5lgI0a9b5d+paX0ElYh1OPD+k8I
TmucneFBw1r19pCAqAoOJNbc66Nl+4TlrB2Iw1Vc1OMYg5tipGzounO7tebFPDle
MaVj73/xWp+czb8XzxqPHXdIC8FAahy0pqs1GkqjdqC0KjW5en7OZ95fvuEGyA==
-----END CERTIFICATE-----