Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/TWJ4HKFDbZbWd1uiDFzyx139E-k.cer
File:                     TWJ4HKFDbZbWd1uiDFzyx139E-k.cer (raw, json)
Hash identifier:          +DDNfujB8almpTqsTO4sA78E97jTGG0Z7fu2+4ZKZOk=
Subject key identifier:   4D:62:78:1C:A1:43:6D:96:D6:77:5B:A2:0C:5C:F2:C7:5D:FD:13:E9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228E15B7CAE214E3EC1FCEA3B9093737
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/TWJ4HKFDbZbWd1uiDFzyx139E-k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 43122
                          IP: 194.110.128.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:15:b7:ca:e2:14:e3:ec:1f:ce:a3:b9:09:37:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d62781ca1436d96d6775ba20c5cf2c75dfd13e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:51:89:70:b1:cc:f6:a4:76:6f:0d:60:48:5d:
                    23:bf:be:ec:0c:8e:74:8c:4a:bc:27:e6:8c:84:36:
                    69:d5:6d:43:00:11:41:97:64:0a:da:d7:fa:7b:9d:
                    8d:de:bd:45:e5:49:1c:61:41:ed:c2:df:3f:01:89:
                    2f:4c:00:38:67:44:2a:37:66:d9:2a:c8:d6:03:7d:
                    bb:8c:de:23:6a:31:28:f3:9c:e5:45:6e:54:e1:10:
                    50:43:9f:fc:b0:13:0c:39:12:fc:56:d5:74:0d:6b:
                    f3:4f:78:07:d1:b2:8c:3f:fb:90:2c:95:62:2b:41:
                    68:52:58:8c:c1:4d:0e:ba:cb:13:b9:f9:1a:e7:f1:
                    a5:ca:40:db:4e:69:d3:ae:32:f3:77:0f:5a:bb:22:
                    04:03:1a:dc:0d:6c:43:25:c7:07:b3:32:e3:ff:15:
                    cb:ba:ad:51:7f:f6:de:c4:fd:db:75:f2:b2:60:50:
                    ab:25:d0:58:16:3f:59:d6:56:de:c8:f1:4a:38:fa:
                    3d:cf:35:bf:8f:9c:02:70:f0:77:21:88:e1:83:c4:
                    62:34:cf:32:ea:20:31:a4:64:fd:a4:2e:99:ea:66:
                    ea:52:38:90:83:ea:fc:e8:48:42:f4:b6:e2:6f:97:
                    7d:fc:e3:76:d8:e2:49:a8:16:07:c0:46:b6:77:4b:
                    bf:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:62:78:1C:A1:43:6D:96:D6:77:5B:A2:0C:5C:F2:C7:5D:FD:13:E9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/TWJ4HKFDbZbWd1uiDFzyx139E-k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.128.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43122

    Signature Algorithm: sha256WithRSAEncryption
         5b:97:73:d8:61:91:6b:0a:d9:5d:78:c2:39:5d:6d:75:82:7b:
         b2:98:8c:32:d9:77:36:b3:f1:8b:db:71:f5:60:32:a5:96:d9:
         b8:69:85:44:88:6b:28:7a:83:77:22:4a:57:63:ca:5a:c3:44:
         3c:83:eb:53:32:8e:f0:13:63:87:63:e9:70:0d:99:67:0a:74:
         7d:72:a7:f8:5b:15:d8:c1:03:94:5e:c3:aa:d9:36:65:a5:a0:
         51:bb:46:9f:0c:47:02:a4:a4:da:2b:f8:ce:0f:c7:ec:fd:64:
         ed:f5:64:84:d1:44:c0:aa:80:2b:21:71:a6:9f:ed:c5:f1:fc:
         66:6b:c5:ef:ff:18:6a:fb:29:d8:53:40:d5:9d:78:cf:8f:d1:
         bf:ba:bf:c5:9c:c2:84:a0:f6:69:55:6d:33:55:02:53:e0:27:
         9c:bf:38:21:f1:8b:69:7b:3f:e9:e6:00:53:54:37:b8:e8:8f:
         bd:cc:07:ee:7f:2b:48:36:62:b4:1f:63:06:c1:f1:5c:96:c5:
         ac:c6:4b:ca:64:00:35:62:02:2f:2c:6e:dc:69:30:5f:93:f3:
         72:22:41:4b:77:23:b4:3b:f5:ef:f7:d8:20:12:5c:91:00:b4:
         91:75:7c:f7:8b:66:75:a1:36:2b:d9:fb:a6:7e:e9:cc:29:32:
         a5:4e:22:8b
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQijhW3yuIU4+wfzqO5CTc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDYyNzgxY2ExNDM2ZDk2ZDY3NzViYTIwYzVjZjJjNzVkZmQxM2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA91GJcLHM9qR2bw1gSF0jv77sDI50
jEq8J+aMhDZp1W1DABFBl2QK2tf6e52N3r1F5UkcYUHtwt8/AYkvTAA4Z0QqN2bZ
KsjWA327jN4jajEo85zlRW5U4RBQQ5/8sBMMORL8VtV0DWvzT3gH0bKMP/uQLJVi
K0FoUliMwU0OussTufka5/GlykDbTmnTrjLzdw9auyIEAxrcDWxDJccHszLj/xXL
uq1Rf/bexP3bdfKyYFCrJdBYFj9Z1lbeyPFKOPo9zzW/j5wCcPB3IYjhg8RiNM8y
6iAxpGT9pC6Z6mbqUjiQg+r86EhC9Lbib5d9/ON22OJJqBYHwEa2d0u/NwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFE1ieByhQ22W1ndbogxc8sdd/RPpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RiL2ZlNjM2
My02ZWQ1LTQ2N2QtYjk2ZS04ZTBiZGZmMjM3ZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGIvZmU2MzYz
LTZlZDUtNDY3ZC1iOTZlLThlMGJkZmYyMzdmOC8xL1RXSjRIS0ZEYlpiV2QxdWlE
Rnp5eDEzOUUtay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwm6AMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCocjANBgkqhkiG9w0BAQsFAAOCAQEAW5dz2GGRawrZXXjCOV1tdYJ7spiMMtl3
NrPxi9tx9WAypZbZuGmFRIhrKHqDdyJKV2PKWsNEPIPrUzKO8BNjh2PpcA2ZZwp0
fXKn+FsV2MEDlF7Dqtk2ZaWgUbtGnwxHAqSk2iv4zg/H7P1k7fVkhNFEwKqAKyFx
pp/txfH8ZmvF7/8Yavsp2FNA1Z14z4/Rv7q/xZzChKD2aVVtM1UCU+AnnL84IfGL
aXs/6eYAU1Q3uOiPvcwH7n8rSDZitB9jBsHxXJbFrMZLymQANWICLyxu3GkwX5Pz
ciJBS3cjtDv17/fYIBJckQC0kXV894tmdaE2K9n7pn7pzCkypU4iiw==
-----END CERTIFICATE-----