Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NOT2Cw5Qhybd5owcJV0EvSGjoYM.cer
File:                     NOT2Cw5Qhybd5owcJV0EvSGjoYM.cer (raw, json)
Hash identifier:          G77hLKpe5sLdhwhmkEe9W7H60XPh6VoLpY8QOinaAWw=
Subject key identifier:   34:E4:F6:0B:0E:50:87:26:DD:E6:8C:1C:25:5D:04:BD:21:A3:A1:83
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B37BA660E7D98F01C734FE62E4ED5C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/NOT2Cw5Qhybd5owcJV0EvSGjoYM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 197086
                          IP: 91.217.205.0/24
                          IP: 91.233.32.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:7b:a6:60:e7:d9:8f:01:c7:34:fe:62:e4:ed:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34e4f60b0e508726dde68c1c255d04bd21a3a183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3a:67:12:58:04:ab:df:24:0b:a2:52:a5:e3:
                    06:64:8e:83:46:ce:97:8e:14:7c:d7:ff:4a:ed:72:
                    fe:19:a8:88:fb:70:dd:7e:10:2c:1f:5c:3b:c1:f0:
                    30:a5:2e:e4:d5:d5:07:3d:b6:c1:0a:c1:4f:2e:2c:
                    eb:ff:b4:3a:ce:cb:94:94:a0:05:02:73:d5:10:73:
                    91:b9:48:e2:5f:ff:5a:4e:64:b1:c3:18:42:e7:fb:
                    bb:4c:cc:07:9d:1c:dc:fe:c7:e3:79:42:0c:c4:96:
                    2e:8d:c1:3a:c9:e9:49:64:9f:5a:5f:67:99:75:b9:
                    4e:81:33:52:fc:11:1c:f0:aa:77:5e:22:53:2c:25:
                    5a:b3:b8:a0:7e:e6:c4:2a:90:b7:b7:38:ef:40:0a:
                    93:41:03:26:ae:c8:89:74:01:d3:b0:e1:ed:ed:41:
                    77:9a:16:25:fc:73:59:21:f6:0e:11:22:c8:1e:52:
                    c3:d3:8e:18:86:93:2b:34:5b:71:da:40:b2:16:4a:
                    43:6c:6b:e0:29:01:b0:c1:1c:5c:17:5c:8d:75:f5:
                    96:cb:49:6d:39:aa:c6:8f:b9:5f:32:a7:f5:e5:83:
                    e8:75:b3:d2:bb:0d:cc:9b:4b:83:3b:ff:04:f0:04:
                    4a:04:f7:13:f8:1a:fb:e6:dc:ae:4c:65:67:a8:c1:
                    1a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E4:F6:0B:0E:50:87:26:DD:E6:8C:1C:25:5D:04:BD:21:A3:A1:83
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/NOT2Cw5Qhybd5owcJV0EvSGjoYM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.205.0/24
                  91.233.32.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197086

    Signature Algorithm: sha256WithRSAEncryption
         87:c0:b0:48:4b:9d:6c:24:0e:cb:ff:5a:f2:59:c1:60:18:f4:
         41:9b:c6:de:d9:a9:50:8e:41:64:65:fd:34:66:2e:d2:bc:b7:
         c7:6e:fd:d0:9d:bf:4a:b0:b6:42:ef:96:48:25:19:74:a4:63:
         83:dd:30:7f:2b:e6:b5:a9:ac:20:2b:16:4a:6b:0c:4e:c5:b9:
         f7:91:c2:a6:2d:2f:32:83:50:04:d2:eb:19:aa:ac:3e:f8:e9:
         69:c1:02:7d:29:70:23:5e:4b:f6:1d:77:4e:5b:8c:f1:7c:e8:
         2f:dc:0f:4a:60:6b:f0:08:3e:85:43:d9:34:f0:9d:71:e2:e8:
         08:fe:77:da:ab:54:26:64:c0:6b:8c:2f:f0:27:f3:2e:2f:b6:
         50:3c:fc:52:00:ba:f1:49:20:07:8a:aa:34:e1:59:41:9a:33:
         e2:11:c5:f6:45:d0:10:d6:33:cb:39:64:7e:73:a3:af:8b:d6:
         a7:73:8e:21:08:96:9d:b0:e7:f1:b9:6f:09:ee:68:f2:25:0a:
         d6:93:5b:6d:4c:6d:1e:b7:cd:a8:c0:96:b1:ef:05:c9:e0:12:
         c4:39:0b:54:79:6c:e1:d8:33:06:4e:37:3d:b9:e6:e4:49:85:
         28:03:ba:4e:44:c0:f8:e0:66:c1:c5:9e:bc:76:61:8c:16:16:
         9e:88:d4:f0
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAZQks3umYOfZjwHHNP5i5O1cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGU0ZjYwYjBlNTA4NzI2ZGRlNjhjMWMyNTVkMDRiZDIxYTNhMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zpnElgEq98kC6JSpeMGZI6DRs6X
jhR81/9K7XL+GaiI+3DdfhAsH1w7wfAwpS7k1dUHPbbBCsFPLizr/7Q6zsuUlKAF
AnPVEHORuUjiX/9aTmSxwxhC5/u7TMwHnRzc/sfjeUIMxJYujcE6yelJZJ9aX2eZ
dblOgTNS/BEc8Kp3XiJTLCVas7igfubEKpC3tzjvQAqTQQMmrsiJdAHTsOHt7UF3
mhYl/HNZIfYOESLIHlLD044YhpMrNFtx2kCyFkpDbGvgKQGwwRxcF1yNdfWWy0lt
OarGj7lfMqf15YPodbPSuw3Mm0uDO/8E8ARKBPcT+Br75tyuTGVnqMEa1QIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFDTk9gsOUIcm3eaMHCVdBL0ho6GDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E3L2FmM2Rh
MC1hZjkyLTQxYjgtODdiZi1kNThiMDk0ZGYwNmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvYWYzZGEw
LWFmOTItNDFiOC04N2JmLWQ1OGIwOTRkZjA2Yy8xL05PVDJDdzVRaHliZDVvd2NK
VjBFdlNHam9ZTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAW9nNAwQAW+kgMBoGCCsGAQUFBwEIAQH/BAsw
CaAHMAUCAwMB3jANBgkqhkiG9w0BAQsFAAOCAQEAh8CwSEudbCQOy/9a8lnBYBj0
QZvG3tmpUI5BZGX9NGYu0ry3x2790J2/SrC2Qu+WSCUZdKRjg90wfyvmtamsICsW
SmsMTsW595HCpi0vMoNQBNLrGaqsPvjpacECfSlwI15L9h13TluM8XzoL9wPSmBr
8Ag+hUPZNPCdceLoCP532qtUJmTAa4wv8CfzLi+2UDz8UgC68UkgB4qqNOFZQZoz
4hHF9kXQENYzyzlkfnOjr4vWp3OOIQiWnbDn8blvCe5o8iUK1pNbbUxtHrfNqMCW
se8FyeASxDkLVHls4dgzBk43Pbnm5EmFKAO6TkTA+OBmwcWevHZhjBYWnojU8A==
-----END CERTIFICATE-----