Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer
File:                     YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer (raw, json)
Hash identifier:          34xxAKWTKb6fv25GMA3+do4JmFqLRSAJJh4zEwlzEvA=
Subject key identifier:   60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221FB9471FF1CFF8FB96B3517A291287
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:11 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 31294
                          AS: 50608
                          AS: 61980
                          IP: 83.220.160.0/22
                          IP: 83.220.166.0/23
                          IP: 2a01:b8a0::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b9:47:1f:f1:cf:f8:fb:96:b3:51:7a:29:12:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=607548c37abebc58b928ed285433d69e95df9c3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:36:02:4f:74:7b:3a:28:e8:f6:30:5f:38:27:
                    24:39:65:ce:64:d4:f4:ad:6d:4e:ff:da:43:48:74:
                    b4:5e:25:ab:a1:f3:ea:3e:a9:ee:a9:bd:f1:6b:47:
                    5b:de:26:b9:94:24:2b:4a:99:7b:2f:29:ea:5e:a6:
                    50:0e:c6:3f:51:56:ec:72:09:27:30:7f:a1:33:56:
                    63:ed:e8:06:f2:8e:59:0f:03:5f:89:71:8a:65:fa:
                    da:bc:8b:98:9b:c9:20:f0:85:36:67:75:34:4c:40:
                    dd:25:4b:bc:1a:45:00:d1:04:f4:36:38:8c:d2:c4:
                    b8:61:6e:46:d8:18:9f:2b:70:4c:72:0f:a5:fb:c8:
                    aa:7e:80:14:df:af:5b:8a:10:0d:47:2b:94:f9:23:
                    c7:04:2d:72:9d:6f:fd:c4:0d:a5:7c:6c:24:57:d4:
                    56:22:e5:1f:c7:e7:a8:79:1c:ca:29:05:eb:9d:bb:
                    b2:bc:d2:75:74:a0:f7:30:f7:8f:31:9d:1c:6f:09:
                    b6:40:69:52:5c:ac:b9:4a:3a:56:0c:18:f7:38:1e:
                    07:86:a1:da:18:f6:cb:df:22:ba:e6:83:3b:ce:62:
                    22:64:cf:63:cf:68:bc:89:39:86:2b:5a:8a:03:28:
                    f0:ed:79:b7:b4:15:7e:d0:55:54:2f:39:07:83:a7:
                    ee:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.160.0/22
                  83.220.166.0/23
                IPv6:
                  2a01:b8a0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  31294
                  50608
                  61980

    Signature Algorithm: sha256WithRSAEncryption
         2f:fa:26:c6:21:2f:dd:a0:f1:14:0c:d5:27:7a:7c:f5:e2:27:
         fd:77:22:02:7d:3a:ef:cf:22:0f:b2:cd:0c:5f:e1:34:97:f7:
         2d:0b:45:55:f5:a7:8c:53:42:e6:1c:b7:ea:0c:36:e2:12:c4:
         ec:55:31:99:fc:dd:09:07:c5:3c:7f:fe:0b:61:cb:52:a3:39:
         db:40:d0:dd:fc:8c:13:64:53:70:e3:08:9f:b1:89:1d:d2:ec:
         45:97:78:ce:7a:e9:22:41:43:58:b2:8c:c4:8f:40:ae:9c:e2:
         7b:e0:4d:3d:e8:80:da:67:eb:c4:cf:27:31:8e:9c:2e:63:e0:
         0e:cc:de:7f:3a:4c:42:f0:82:3c:e1:4e:7e:83:31:ed:fc:4b:
         4b:9c:be:fb:2c:d5:9e:ef:d7:c8:64:d5:0a:64:01:a0:c7:76:
         f7:ce:bf:17:4d:cb:dc:ee:36:a8:48:b9:e6:6a:75:68:a0:f6:
         e7:e8:eb:f5:4f:d6:79:d7:f1:71:6c:20:a9:5f:a2:ac:c5:a4:
         e3:72:bb:6c:6d:85:6e:c7:3b:69:cd:37:45:50:5b:be:3e:90:
         26:19:e1:b3:66:44:ef:8c:89:9b:bd:80:d0:c4:dd:aa:f5:86:
         14:b9:b1:74:7c:a7:bf:9a:b5:f7:18:f8:01:7b:c3:54:94:76:
         2c:07:29:bd
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAZQiH7lHH/HP+PuWs1F6KRKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDc1NDhjMzdhYmViYzU4YjkyOGVkMjg1NDMzZDY5ZTk1ZGY5YzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DYCT3R7Oijo9jBfOCckOWXOZNT0
rW1O/9pDSHS0XiWrofPqPqnuqb3xa0db3ia5lCQrSpl7LynqXqZQDsY/UVbscgkn
MH+hM1Zj7egG8o5ZDwNfiXGKZfravIuYm8kg8IU2Z3U0TEDdJUu8GkUA0QT0NjiM
0sS4YW5G2BifK3BMcg+l+8iqfoAU369bihANRyuU+SPHBC1ynW/9xA2lfGwkV9RW
IuUfx+eoeRzKKQXrnbuyvNJ1dKD3MPePMZ0cbwm2QGlSXKy5SjpWDBj3OB4HhqHa
GPbL3yK65oM7zmIiZM9jz2i8iTmGK1qKAyjw7Xm3tBV+0FVULzkHg6fuCwIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFGB1SMN6vrxYuSjtKFQz1p6V35w7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUyLzUyYjYz
NC02MTQ4LTRlMmUtYjhmMy0wYzk4YzU3MGE2ZTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTIvNTJiNjM0
LTYxNDgtNGUyZS1iOGYzLTBjOThjNTcwYTZlMC8xL1lIVkl3M3EtdkZpNUtPMG9W
RFBXbnBYZm5Ecy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCU9ygAwQBU9ymMA0EAgACMAcDBQAqAbigMCMG
CCsGAQUFBwEIAQH/BBQwEqAQMA4CAno+AgMAxbACAwDyHDANBgkqhkiG9w0BAQsF
AAOCAQEAL/omxiEv3aDxFAzVJ3p89eIn/XciAn06788iD7LNDF/hNJf3LQtFVfWn
jFNC5hy36gw24hLE7FUxmfzdCQfFPH/+C2HLUqM520DQ3fyME2RTcOMIn7GJHdLs
RZd4znrpIkFDWLKMxI9Arpzie+BNPeiA2mfrxM8nMY6cLmPgDszefzpMQvCCPOFO
foMx7fxLS5y++yzVnu/XyGTVCmQBoMd2986/F03L3O42qEi55mp1aKD25+jr9U/W
edfxcWwgqV+irMWk43K7bG2Fbsc7ac03RVBbvj6QJhnhs2ZE74yJm72A0MTdqvWG
FLmxdHynv5q19xj4AXvDVJR2LAcpvQ==
-----END CERTIFICATE-----