Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/P5YkCZj85BJMPLTfusuw7RYYQFo.cer
File:                     P5YkCZj85BJMPLTfusuw7RYYQFo.cer (raw, json)
Hash identifier:          UIZYrU3Be1yFv2wfH71b/2cmE92DYO0iNOsYA3B5maw=
Subject key identifier:   3F:96:24:09:98:FC:E4:12:4C:3C:B4:DF:BA:CB:B0:ED:16:18:40:5A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5AF2182CF8160AA4D1C7FEEC38B14
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/P5YkCZj85BJMPLTfusuw7RYYQFo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:42 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198101
                          AS: 201457
                          IP: 185.52.216.0/22
                          IP: 185.74.204.0/22
                          IP: 2a03:4760::/29
                          IP: 2a04:bf80::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:af:21:82:cf:81:60:aa:4d:1c:7f:ee:c3:8b:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f96240998fce4124c3cb4dfbacbb0ed1618405a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:07:52:f3:26:53:aa:c3:ad:59:aa:c2:ac:44:
                    3d:5c:53:a6:3d:b1:8a:59:4b:78:6f:30:7b:e1:be:
                    81:bd:ae:b9:03:93:d6:c1:e0:3f:0e:1a:c5:63:a4:
                    0e:30:b8:ad:06:97:b6:93:33:ef:87:48:02:e9:8c:
                    91:42:44:fd:c8:a2:76:33:e4:d8:f4:f8:7a:b6:51:
                    98:a0:66:fe:86:bc:69:1f:a4:74:da:ba:24:80:20:
                    58:d5:50:a8:4d:c9:fa:f6:d9:ff:61:3e:6e:60:c9:
                    b0:fc:05:7f:d6:8f:01:79:ca:3d:67:16:dd:17:e2:
                    49:b2:34:d5:1f:f3:d9:61:c7:ef:da:ed:fa:39:85:
                    6c:4d:10:80:ea:32:46:f3:64:f3:3a:06:77:53:0d:
                    c6:e9:ad:f2:a4:e4:67:ac:c8:21:bb:52:96:bf:d3:
                    93:3e:c1:62:c6:8c:28:7a:ff:10:63:28:fc:cc:b6:
                    ad:52:66:a0:b9:91:1a:25:51:fc:13:7f:d3:8e:97:
                    57:b1:35:3c:17:88:45:f4:ad:7c:69:2d:8d:8d:82:
                    88:03:98:78:43:4b:d8:fc:2e:2b:f2:84:95:3c:84:
                    5d:32:cb:6f:a2:11:a3:22:56:fd:d2:fc:f5:61:fc:
                    0e:a9:62:8f:b9:19:33:8a:97:f9:f1:e6:fd:d6:d3:
                    6d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:96:24:09:98:FC:E4:12:4C:3C:B4:DF:BA:CB:B0:ED:16:18:40:5A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/P5YkCZj85BJMPLTfusuw7RYYQFo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.216.0/22
                  185.74.204.0/22
                IPv6:
                  2a03:4760::/29
                  2a04:bf80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198101
                  201457

    Signature Algorithm: sha256WithRSAEncryption
         66:de:6b:5a:d0:4a:b8:cc:95:4f:6b:2f:48:ad:a7:e7:d9:18:
         13:b0:33:5f:88:99:d6:cd:97:f0:ff:62:f3:14:76:ef:61:ae:
         d6:18:69:e8:39:44:eb:22:68:4c:de:ca:39:ac:68:b8:98:4b:
         b5:6d:c1:15:fe:95:18:fd:97:e9:1a:65:0b:1f:a6:8f:a8:c5:
         99:7a:7e:d8:ce:2b:2d:8a:02:97:bb:6c:df:c7:d6:f5:a9:2b:
         a8:fc:95:10:f5:11:90:ad:23:bb:93:ba:be:73:06:40:ee:03:
         80:17:f1:8a:98:bb:31:c0:e2:f3:9d:da:ad:df:10:97:cb:1f:
         2b:2d:3d:58:2d:44:a1:59:e7:56:09:5d:97:7b:5b:e8:6d:59:
         7d:be:c4:9b:54:fb:82:af:62:14:97:1d:66:a9:73:59:15:1f:
         f7:ae:79:bb:85:31:79:64:76:16:24:5e:fb:7f:1a:3b:ee:a2:
         a7:4f:38:11:4d:5f:20:aa:85:70:44:fc:be:b9:5d:f4:9b:79:
         d5:c0:0f:60:a3:9c:25:78:9f:1b:ce:f8:97:78:8a:7a:5b:94:
         b2:c6:3c:43:0b:f0:b0:59:c5:c0:8f:1d:c4:05:d7:98:01:a2:
         9d:54:60:e7:72:ee:1c:56:11:9b:9c:49:2f:51:ec:e8:ea:64:
         99:71:d6:2c
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAZQg1a8hgs+BYKpNHH/uw4sUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjk2MjQwOTk4ZmNlNDEyNGMzY2I0ZGZiYWNiYjBlZDE2MTg0MDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgdS8yZTqsOtWarCrEQ9XFOmPbGK
WUt4bzB74b6Bva65A5PWweA/DhrFY6QOMLitBpe2kzPvh0gC6YyRQkT9yKJ2M+TY
9Ph6tlGYoGb+hrxpH6R02rokgCBY1VCoTcn69tn/YT5uYMmw/AV/1o8Beco9Zxbd
F+JJsjTVH/PZYcfv2u36OYVsTRCA6jJG82TzOgZ3Uw3G6a3ypORnrMghu1KWv9OT
PsFixowoev8QYyj8zLatUmaguZEaJVH8E3/TjpdXsTU8F4hF9K18aS2NjYKIA5h4
Q0vY/C4r8oSVPIRdMstvohGjIlb90vz1YfwOqWKPuRkzipf58eb91tNt6wIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFD+WJAmY/OQSTDy037rLsO0WGEBaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZmLzYwZmVj
Ny0wYjUxLTQ0NDYtOWI1ZC1jNzQxYzI3YjRlMjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYvNjBmZWM3
LTBiNTEtNDQ0Ni05YjVkLWM3NDFjMjdiNGUyMi8xL1A1WWtDWmo4NUJKTVBMVGZ1
c3V3N1JZWVFGby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDsGCCsGAQUF
BwEHAQH/BCwwKjASBAIAATAMAwQCuTTYAwQCuUrMMBQEAgACMA4DBQMqA0dgAwUD
KgS/gDAfBggrBgEFBQcBCAEB/wQQMA6gDDAKAgMDBdUCAwMS8TANBgkqhkiG9w0B
AQsFAAOCAQEAZt5rWtBKuMyVT2svSK2n59kYE7AzX4iZ1s2X8P9i8xR272Gu1hhp
6DlE6yJoTN7KOaxouJhLtW3BFf6VGP2X6RplCx+mj6jFmXp+2M4rLYoCl7ts38fW
9akrqPyVEPURkK0ju5O6vnMGQO4DgBfxipi7McDi853ard8Ql8sfKy09WC1EoVnn
Vgldl3tb6G1Zfb7Em1T7gq9iFJcdZqlzWRUf9655u4UxeWR2FiRe+38aO+6ip084
EU1fIKqFcET8vrld9Jt51cAPYKOcJXifG874l3iKeluUssY8QwvwsFnFwI8dxAXX
mAGinVRg53LuHFYRm5xJL1Hs6OpkmXHWLA==
-----END CERTIFICATE-----