Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HnUQZ3HEKV49Ps-gTLl_YxYj5b8.cer
File:                     HnUQZ3HEKV49Ps-gTLl_YxYj5b8.cer (raw, json)
Hash identifier:          gcW25lLcsWK9/lXB7gtbayGSGXsy1Mm1N7M43sUsYrc=
Subject key identifier:   1E:75:10:67:71:C4:29:5E:3D:3E:CF:A0:4C:B9:7F:63:16:23:E5:BF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423695DBBD31F2318DA871761882A7073
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e4/94a0f2-c806-4b55-bbe7-a2fdb938ca2d/1/HnUQZ3HEKV49Ps-gTLl_YxYj5b8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e4/94a0f2-c806-4b55-bbe7-a2fdb938ca2d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:48:15 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 16130
                          IP: 62.84.64.0/19
                          IP: 185.114.252.0/22
                          IP: 2a02:4080::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:5d:bb:d3:1f:23:18:da:87:17:61:88:2a:70:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e75106771c4295e3d3ecfa04cb97f631623e5bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:eb:30:01:4c:73:7d:52:21:1b:4f:ad:b0:51:
                    94:df:70:e4:ea:35:8c:9d:b4:3c:07:3b:c1:10:9b:
                    8b:60:45:2c:a7:42:8b:67:de:80:36:b5:a0:f6:fb:
                    19:28:0e:45:84:1b:6c:d2:66:84:be:32:eb:2d:5a:
                    c6:4c:7e:49:a3:01:84:9a:34:02:04:d6:75:dc:ae:
                    69:ce:e3:82:5a:22:be:2b:0d:53:28:59:cb:bc:ff:
                    0c:6e:65:fe:cb:f2:f7:67:fb:80:f0:8c:df:64:7f:
                    90:e7:e7:93:0f:fe:6d:93:84:10:55:84:64:63:ad:
                    00:28:30:1b:a0:82:ef:91:ae:01:4e:f2:75:2d:43:
                    d9:59:21:bb:9d:ce:82:0d:17:a0:e4:37:4e:d1:c6:
                    45:1a:03:4a:01:12:c7:59:88:5c:5b:15:8f:8f:30:
                    98:0b:a9:13:f9:6c:c1:fe:9e:7a:2f:ae:96:0e:4a:
                    b4:70:35:e4:c1:42:bd:34:c3:65:05:a8:77:e3:c7:
                    e3:65:01:31:b0:09:3e:47:04:73:8d:59:d4:d4:23:
                    b1:6c:8b:e2:4f:48:bf:80:52:1f:84:f2:99:86:eb:
                    24:1f:66:50:63:9f:8c:7d:bd:84:a2:c9:3c:7d:56:
                    63:d0:50:77:62:89:67:29:4b:d2:de:45:f2:2f:4a:
                    a3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:75:10:67:71:C4:29:5E:3D:3E:CF:A0:4C:B9:7F:63:16:23:E5:BF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/94a0f2-c806-4b55-bbe7-a2fdb938ca2d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/94a0f2-c806-4b55-bbe7-a2fdb938ca2d/1/HnUQZ3HEKV49Ps-gTLl_YxYj5b8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.64.0/19
                  185.114.252.0/22
                IPv6:
                  2a02:4080::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  16130

    Signature Algorithm: sha256WithRSAEncryption
         70:60:10:1a:fc:f0:32:42:b2:1e:17:7a:df:1a:71:cd:f5:16:
         ef:0c:c6:dd:13:79:d1:0b:14:7b:2f:d8:df:03:6e:2c:89:93:
         e5:cb:be:15:19:0f:95:45:1a:57:7b:c9:25:d0:48:a5:8b:25:
         d2:aa:aa:52:46:45:29:c9:23:0a:5a:82:3e:21:2e:34:ba:8e:
         a3:b9:24:cf:82:7d:ed:94:07:98:76:30:de:8c:a0:b8:fe:5b:
         b2:a6:32:04:0a:20:82:52:bc:db:23:3d:a1:f9:6b:18:af:5e:
         03:61:9e:a5:b0:6a:ee:42:73:03:40:9d:5c:53:93:2d:65:68:
         b3:7f:32:55:42:6e:24:2b:a8:31:78:30:cd:a1:e7:08:ba:94:
         b3:ae:60:f4:0e:61:d7:e9:c5:db:24:14:43:86:cd:f9:1b:ea:
         40:b0:90:cb:8c:d5:61:e6:cb:3f:d3:c9:0c:26:77:6b:d8:63:
         a5:95:47:04:a7:6d:3b:6f:ab:94:1e:0f:bc:38:e4:aa:56:7b:
         8f:fc:ff:7d:ad:9b:e4:31:f1:4b:97:1e:32:7f:70:5b:6e:15:
         00:a4:6a:12:37:8b:46:42:5a:e4:b0:76:62:f4:8f:2b:e3:c2:
         8f:dc:4a:09:79:a9:2d:ae:25:b6:02:78:e7:51:76:8a:04:cb:
         a8:83:53:29
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAZQjaV270x8jGNqHF2GIKnBzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTc1MTA2NzcxYzQyOTVlM2QzZWNmYTA0Y2I5N2Y2MzE2MjNlNWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+swAUxzfVIhG0+tsFGU33Dk6jWM
nbQ8BzvBEJuLYEUsp0KLZ96ANrWg9vsZKA5FhBts0maEvjLrLVrGTH5JowGEmjQC
BNZ13K5pzuOCWiK+Kw1TKFnLvP8MbmX+y/L3Z/uA8IzfZH+Q5+eTD/5tk4QQVYRk
Y60AKDAboILvka4BTvJ1LUPZWSG7nc6CDReg5DdO0cZFGgNKARLHWYhcWxWPjzCY
C6kT+WzB/p56L66WDkq0cDXkwUK9NMNlBah348fjZQExsAk+RwRzjVnU1COxbIvi
T0i/gFIfhPKZhuskH2ZQY5+Mfb2Eosk8fVZj0FB3YolnKUvS3kXyL0qjpwIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFB51EGdxxClePT7PoEy5f2MWI+W/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U0Lzk0YTBm
Mi1jODA2LTRiNTUtYmJlNy1hMmZkYjkzOGNhMmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvOTRhMGYy
LWM4MDYtNGI1NS1iYmU3LWEyZmRiOTM4Y2EyZC8xL0huVVFaM0hFS1Y0OVBzLWdU
TGxfWXhZajViOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQFPlRAAwQCuXL8MA0EAgACMAcDBQAqAkCAMBkG
CCsGAQUFBwEIAQH/BAowCKAGMAQCAj8CMA0GCSqGSIb3DQEBCwUAA4IBAQBwYBAa
/PAyQrIeF3rfGnHN9RbvDMbdE3nRCxR7L9jfA24siZPly74VGQ+VRRpXe8kl0Eil
iyXSqqpSRkUpySMKWoI+IS40uo6juSTPgn3tlAeYdjDejKC4/luypjIECiCCUrzb
Iz2h+WsYr14DYZ6lsGruQnMDQJ1cU5MtZWizfzJVQm4kK6gxeDDNoecIupSzrmD0
DmHX6cXbJBRDhs35G+pAsJDLjNVh5ss/08kMJndr2GOllUcEp207b6uUHg+8OOSq
VnuP/P99rZvkMfFLlx4yf3BbbhUApGoSN4tGQlrksHZi9I8r48KP3EoJeaktriW2
AnjnUXaKBMuog1Mp
-----END CERTIFICATE-----