Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ckJsPRHJ8krMCh2EVMvJYEhlqAk.cer
File:                     ckJsPRHJ8krMCh2EVMvJYEhlqAk.cer (raw, json)
Hash identifier:          IdpteI1TVlh+ONe0sXspvnYoGzWzS2mOp64R6oLtz4s=
Subject key identifier:   72:42:6C:3D:11:C9:F2:4A:CC:0A:1D:84:54:CB:C9:60:48:65:A8:09
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420683D383E30E7EB6486429F6E271B85
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/46/4c1b34-9c70-411f-b01f-be90b0fd1f78/1/ckJsPRHJ8krMCh2EVMvJYEhlqAk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/46/4c1b34-9c70-411f-b01f-be90b0fd1f78/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 200607
                          IP: 185.101.180.0/22
                          IP: 2a06:2040::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3d:38:3e:30:e7:eb:64:86:42:9f:6e:27:1b:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72426c3d11c9f24acc0a1d8454cbc9604865a809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9d:fc:3e:ec:82:25:01:c9:a2:ab:bd:07:f6:
                    d3:89:7f:36:b3:04:26:36:bd:5d:77:fc:10:18:af:
                    5f:10:2b:de:ce:9e:af:2c:fd:77:28:58:2a:c1:85:
                    44:61:5d:46:7a:d4:56:59:1c:55:61:1f:c4:f0:8f:
                    6f:e3:5a:76:35:62:62:82:d9:d3:d1:d3:48:e8:72:
                    8a:ee:95:1e:32:79:eb:3f:7a:27:d4:bf:f2:37:e5:
                    32:d4:5c:81:ea:c7:8e:2c:74:02:5b:32:e0:ca:cc:
                    84:68:2d:61:0c:f2:57:03:f7:cc:13:b4:7c:d6:8e:
                    35:f7:d9:51:b5:2a:24:4f:6b:06:86:34:39:d6:24:
                    4e:25:63:e7:7d:dd:ba:4d:12:50:82:f9:2e:e4:14:
                    7e:cb:e0:ab:b8:e6:d6:fe:fa:84:56:4f:bf:4c:9b:
                    da:0a:32:d0:c8:fb:a8:7e:bb:82:7c:ce:a5:d8:b6:
                    db:64:7f:21:19:98:ed:ef:b2:ca:5a:26:e7:25:5f:
                    9b:13:1c:ab:ec:a9:a2:ae:21:62:7e:90:a4:53:15:
                    90:f7:2a:e2:cd:9d:fe:91:a7:c7:fc:b8:97:93:cd:
                    54:5c:ec:4f:4d:c7:50:29:2c:2f:a1:95:3a:8b:5e:
                    73:b1:dd:43:7c:9e:31:dc:c8:6a:38:10:8d:7c:b8:
                    8b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:42:6C:3D:11:C9:F2:4A:CC:0A:1D:84:54:CB:C9:60:48:65:A8:09
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4c1b34-9c70-411f-b01f-be90b0fd1f78/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4c1b34-9c70-411f-b01f-be90b0fd1f78/1/ckJsPRHJ8krMCh2EVMvJYEhlqAk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.180.0/22
                IPv6:
                  2a06:2040::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200607

    Signature Algorithm: sha256WithRSAEncryption
         a1:ed:a1:28:4e:58:d2:de:e0:d2:ae:d9:fd:f6:26:9e:33:7a:
         b8:d6:1c:2b:32:45:91:4d:06:89:da:6e:ca:f3:3f:ec:a2:b6:
         d1:66:1f:ed:2f:96:52:53:dc:46:6d:fa:11:d5:89:fc:3f:94:
         74:26:40:a1:9f:29:a7:1c:47:ee:a0:a3:cb:94:cc:c4:75:8a:
         0a:06:8e:e4:03:dd:6a:24:62:a3:9d:1b:33:69:96:3f:b1:53:
         26:15:bb:cd:2c:4a:fb:4a:2c:d2:26:00:aa:92:d7:e7:a0:29:
         5a:a2:d3:76:6c:d6:d1:7c:4f:42:34:ab:93:ce:17:dc:34:58:
         ac:6e:33:2a:76:bd:f9:aa:1b:d2:12:3e:74:07:a3:cf:2a:f5:
         3e:82:76:21:b0:2d:26:08:96:72:d4:3e:7e:50:6b:9e:28:00:
         86:ac:bf:85:e8:75:eb:cd:72:39:16:ef:d5:cd:66:80:a0:85:
         11:5f:c0:fa:29:f0:f3:51:3f:ff:9a:31:81:4a:e2:79:5b:98:
         b2:db:bc:f6:3f:3a:80:0e:7f:dd:43:1d:28:e5:97:32:a7:cb:
         a3:09:c0:a7:88:88:6c:0e:c9:da:fd:6a:b1:4f:ae:05:e8:21:
         62:c4:84:f4:5f:c6:e8:47:37:81:3c:b1:2d:d3:e8:bc:81:fb:
         64:1e:7d:d1
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQgaD04PjDn62SGQp9uJxuFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjQyNmMzZDExYzlmMjRhY2MwYTFkODQ1NGNiYzk2MDQ4NjVhODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJ38PuyCJQHJoqu9B/bTiX82swQm
Nr1dd/wQGK9fECvezp6vLP13KFgqwYVEYV1GetRWWRxVYR/E8I9v41p2NWJigtnT
0dNI6HKK7pUeMnnrP3on1L/yN+Uy1FyB6seOLHQCWzLgysyEaC1hDPJXA/fME7R8
1o4199lRtSokT2sGhjQ51iROJWPnfd26TRJQgvku5BR+y+CruObW/vqEVk+/TJva
CjLQyPuofruCfM6l2LbbZH8hGZjt77LKWibnJV+bExyr7KmiriFifpCkUxWQ9yri
zZ3+kafH/LiXk81UXOxPTcdQKSwvoZU6i15zsd1DfJ4x3MhqOBCNfLiL4QIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFHJCbD0RyfJKzAodhFTLyWBIZagJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ2LzRjMWIz
NC05YzcwLTQxMWYtYjAxZi1iZTkwYjBmZDFmNzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYvNGMxYjM0
LTljNzAtNDExZi1iMDFmLWJlOTBiMGZkMWY3OC8xL2NrSnNQUkhKOGtyTUNoMkVW
TXZKWUVobHFBay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuWW0MA0EAgACMAcDBQMqBiBAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMPnzANBgkqhkiG9w0BAQsFAAOCAQEAoe2hKE5Y0t7g
0q7Z/fYmnjN6uNYcKzJFkU0GidpuyvM/7KK20WYf7S+WUlPcRm36EdWJ/D+UdCZA
oZ8ppxxH7qCjy5TMxHWKCgaO5APdaiRio50bM2mWP7FTJhW7zSxK+0os0iYAqpLX
56ApWqLTdmzW0XxPQjSrk84X3DRYrG4zKna9+aob0hI+dAejzyr1PoJ2IbAtJgiW
ctQ+flBrnigAhqy/heh1681yORbv1c1mgKCFEV/A+inw81E//5oxgUrieVuYstu8
9j86gA5/3UMdKOWXMqfLownAp4iIbA7J2v1qsU+uBeghYsSE9F/G6Ec3gTyxLdPo
vIH7ZB590Q==
-----END CERTIFICATE-----