Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/EHl-tfmqmr5SAIzn8hq0Sv3uoNA.cer
File:                     EHl-tfmqmr5SAIzn8hq0Sv3uoNA.cer (raw, json)
Hash identifier:          chshkVSZlAQfxAEug1pM4mO7JF5haDkLVNGRHeIJESM=
Subject key identifier:   10:79:7E:B5:F9:AA:9A:BE:52:00:8C:E7:F2:1A:B4:4A:FD:EE:A0:D0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D9F51872B4DF94565267ED3C7E3340
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ae/f5c8a3-e5ca-41ae-af8a-8db708347438/1/EHl-tfmqmr5SAIzn8hq0Sv3uoNA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ae/f5c8a3-e5ca-41ae-af8a-8db708347438/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:50:05 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 52064
                          IP: 46.174.72.0/21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f5:18:72:b4:df:94:56:52:67:ed:3c:7e:33:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10797eb5f9aa9abe52008ce7f21ab44afdeea0d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:dd:85:a8:5c:fb:58:fe:80:e8:2b:d6:65:30:
                    c7:66:f8:f2:f4:53:32:ae:40:7e:86:8b:0e:e5:7d:
                    ef:5b:6c:c3:74:6d:25:b8:f6:0c:44:62:46:3c:e8:
                    fa:e9:84:5e:80:da:6a:0a:d3:13:37:ec:17:c4:ef:
                    04:3c:ba:d9:10:fd:a2:4b:7b:58:9c:24:8c:44:7f:
                    6d:7e:e8:52:bc:98:60:c4:68:eb:8f:cb:49:22:24:
                    9e:1b:83:67:11:dc:af:66:6a:38:df:44:be:8a:bb:
                    87:7c:44:bd:23:60:a7:ad:33:2a:eb:c9:ce:3b:f5:
                    b3:7d:27:cc:86:ad:42:d8:bc:b8:91:4e:e8:2b:89:
                    47:1e:d1:53:ce:b5:79:13:5f:25:4d:2e:22:b4:ad:
                    c8:4d:92:5b:8d:22:eb:ad:16:e4:9f:cb:1f:bf:f0:
                    cb:57:68:10:ae:60:da:62:80:ab:be:f9:61:94:60:
                    9c:69:6d:66:2d:91:16:16:28:6c:2d:4c:56:48:7d:
                    f1:ae:25:91:52:0f:27:05:84:cf:9c:03:60:dc:ac:
                    5a:da:0f:c3:cb:fa:a1:ea:47:13:29:99:4b:40:2b:
                    80:2a:03:0a:84:13:12:d3:28:c3:88:cf:47:0d:2f:
                    db:90:6c:24:14:03:82:6d:a8:c2:d8:a8:49:87:2b:
                    da:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:79:7E:B5:F9:AA:9A:BE:52:00:8C:E7:F2:1A:B4:4A:FD:EE:A0:D0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/f5c8a3-e5ca-41ae-af8a-8db708347438/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/f5c8a3-e5ca-41ae-af8a-8db708347438/1/EHl-tfmqmr5SAIzn8hq0Sv3uoNA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.72.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  52064

    Signature Algorithm: sha256WithRSAEncryption
         7f:3d:00:d2:9e:db:d9:db:65:48:c2:ea:3a:75:a8:0f:2d:a4:
         86:46:7f:38:a5:a0:5a:97:ff:7b:97:41:46:07:d7:49:4f:49:
         14:cc:d7:fa:c4:e2:73:05:f7:b9:07:d3:db:9f:16:8e:c5:f2:
         f1:3f:7b:e5:54:02:93:b5:6a:54:bb:71:21:d7:6d:33:d1:62:
         90:24:f0:9f:5a:fc:fd:da:54:39:12:86:0f:58:ba:77:5f:2e:
         15:de:9d:bf:ea:32:89:22:5d:21:5a:6d:73:ea:e9:b7:ee:79:
         2a:aa:48:44:06:20:c4:62:5d:79:4e:49:7c:27:f0:18:c9:3c:
         9c:4c:48:f1:b3:32:fe:6d:3e:66:b5:b5:e5:83:23:93:4d:e9:
         3b:a7:fb:ae:d3:14:8a:7d:d6:b2:ea:ff:1e:fd:58:6c:a1:8a:
         e5:bd:ed:7a:23:16:dc:6c:fb:ec:f6:05:c4:b8:61:31:5a:82:
         64:58:ad:e9:37:0e:a2:55:d3:c9:fe:7c:8e:f4:ea:43:20:b5:
         25:57:49:f8:b4:04:4f:dc:c6:78:22:e9:6a:11:c1:9c:49:60:
         96:94:94:61:3a:5a:c2:df:c2:9e:cd:cd:c9:cc:66:2c:d5:b3:
         f9:3e:42:a2:30:e6:cc:7f:34:5a:42:55:3f:2c:40:aa:26:60:
         fd:9d:6b:2c
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQm2fUYcrTflFZSZ+08fjNAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDc5N2ViNWY5YWE5YWJlNTIwMDhjZTdmMjFhYjQ0YWZkZWVhMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst2FqFz7WP6A6CvWZTDHZvjy9FMy
rkB+hosO5X3vW2zDdG0luPYMRGJGPOj66YRegNpqCtMTN+wXxO8EPLrZEP2iS3tY
nCSMRH9tfuhSvJhgxGjrj8tJIiSeG4NnEdyvZmo430S+iruHfES9I2CnrTMq68nO
O/WzfSfMhq1C2Ly4kU7oK4lHHtFTzrV5E18lTS4itK3ITZJbjSLrrRbkn8sfv/DL
V2gQrmDaYoCrvvlhlGCcaW1mLZEWFihsLUxWSH3xriWRUg8nBYTPnANg3Kxa2g/D
y/qh6kcTKZlLQCuAKgMKhBMS0yjDiM9HDS/bkGwkFAOCbajC2KhJhyvaBwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBB5frX5qpq+UgCM5/IatEr97qDQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FlL2Y1Yzhh
My1lNWNhLTQxYWUtYWY4YS04ZGI3MDgzNDc0MzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWUvZjVjOGEz
LWU1Y2EtNDFhZS1hZjhhLThkYjcwODM0NzQzOC8xL0VIbC10Zm1xbXI1U0FJem44
aHEwU3YzdW9OQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDLq5IMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDLYDANBgkqhkiG9w0BAQsFAAOCAQEAfz0A0p7b2dtlSMLqOnWoDy2khkZ/OKWg
Wpf/e5dBRgfXSU9JFMzX+sTicwX3uQfT258WjsXy8T975VQCk7VqVLtxIddtM9Fi
kCTwn1r8/dpUORKGD1i6d18uFd6dv+oyiSJdIVptc+rpt+55KqpIRAYgxGJdeU5J
fCfwGMk8nExI8bMy/m0+ZrW15YMjk03pO6f7rtMUin3Wsur/Hv1YbKGK5b3teiMW
3Gz77PYFxLhhMVqCZFit6TcOolXTyf58jvTqQyC1JVdJ+LQET9zGeCLpahHBnElg
lpSUYTpawt/Cns3NycxmLNWz+T5CojDmzH80WkJVPyxAqiZg/Z1rLA==
-----END CERTIFICATE-----