Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dLM_sg3VV80LFO3-EIgPDg0hxSk.cer
File:                     dLM_sg3VV80LFO3-EIgPDg0hxSk.cer (raw, json)
Hash identifier:          yF8mTG8/VJggtuz8y1QKGtlbKtnz7NBdLpN3KS1SbJ8=
Subject key identifier:   74:B3:3F:B2:0D:D5:57:CD:0B:14:ED:FE:10:88:0F:0E:0D:21:C5:29
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FBD9104614FCF68B60B8C14A25F99F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8a/f6ee9d-756f-437e-bc03-e703e94b7beb/1/dLM_sg3VV80LFO3-EIgPDg0hxSk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8a/f6ee9d-756f-437e-bc03-e703e94b7beb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 60232
                          AS: 199484
                          IP: 37.75.8.0/21
                          IP: 185.28.0.0/22
                          IP: 195.142.0.0/22
                          IP: 195.142.104.0/21
                          IP: 195.142.132.0/22
                          IP: 2a03:c040::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:d9:10:46:14:fc:f6:8b:60:b8:c1:4a:25:f9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74b33fb20dd557cd0b14edfe10880f0e0d21c529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:12:9c:14:c9:f7:48:8b:1d:29:8f:fc:ba:04:
                    b6:4c:a7:18:93:73:19:4f:64:30:33:cb:2b:b8:f4:
                    21:66:2a:7f:e3:b0:ee:93:53:00:50:d7:d1:cd:0c:
                    89:ed:55:98:95:0f:cc:1b:0a:d3:6e:05:54:77:03:
                    33:db:bb:3d:5f:50:57:49:77:48:75:69:e8:ef:79:
                    de:7f:73:82:7b:8d:76:4d:d2:6a:c5:1b:94:38:84:
                    2f:d7:48:f1:e2:95:8c:c0:5e:a9:ed:b1:9e:f3:18:
                    14:3b:03:39:52:2f:d1:40:6f:19:85:1f:9b:fd:b3:
                    f3:0e:a6:74:9b:e8:af:4c:16:fd:47:a2:cf:79:14:
                    08:5a:b7:cc:81:87:6f:82:ef:56:83:9a:49:6a:24:
                    7e:70:d2:dd:9b:e1:74:5b:24:1d:ad:42:8d:fd:55:
                    f6:3e:52:75:aa:3c:22:a2:67:d1:d9:29:b8:72:91:
                    8c:7c:b0:98:26:9a:20:05:22:c6:05:be:a2:67:2b:
                    13:76:e1:16:3c:24:8b:3b:09:3f:be:6a:ca:4c:0c:
                    f6:9f:0c:60:73:6f:da:f8:06:47:ca:c2:8c:eb:e4:
                    e1:f0:2c:de:27:af:6c:97:ec:01:17:df:73:e0:9a:
                    d0:31:df:48:43:9d:3d:73:ae:46:d5:a7:b5:62:15:
                    94:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:B3:3F:B2:0D:D5:57:CD:0B:14:ED:FE:10:88:0F:0E:0D:21:C5:29
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f6ee9d-756f-437e-bc03-e703e94b7beb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f6ee9d-756f-437e-bc03-e703e94b7beb/1/dLM_sg3VV80LFO3-EIgPDg0hxSk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.75.8.0/21
                  185.28.0.0/22
                  195.142.0.0/22
                  195.142.104.0/21
                  195.142.132.0/22
                IPv6:
                  2a03:c040::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  60232
                  199484

    Signature Algorithm: sha256WithRSAEncryption
         68:ec:55:43:42:ad:3b:ba:1f:59:ea:64:d9:61:6c:1b:d7:83:
         b4:44:bf:61:39:50:8d:b7:45:3a:35:7a:d6:47:57:e7:76:a8:
         95:f1:08:e0:74:9e:a8:13:78:38:f4:d0:02:2b:52:d9:a9:f1:
         69:02:5a:41:f7:5d:23:17:55:d5:5a:da:35:9f:7e:23:00:dd:
         d6:43:89:95:0a:2e:d6:ce:83:68:fd:90:c8:e3:0e:e9:6c:ec:
         7f:12:4c:ca:2c:ca:28:ef:8e:c3:a9:8d:35:4b:47:7f:e4:f3:
         cc:7c:aa:39:56:49:da:75:3b:f0:52:29:3a:4e:1d:1a:06:ef:
         b7:ca:55:7b:18:7e:29:60:7e:1a:15:b3:a6:e5:16:6b:27:03:
         e2:14:d5:43:f5:d5:f9:d4:24:dc:c0:ee:11:f6:9b:34:6c:01:
         f1:d2:95:c6:1c:ec:bf:f3:77:ad:44:ec:ed:54:8c:e0:d4:3d:
         c2:56:ab:34:cd:52:34:7f:8d:65:cc:00:16:02:9e:44:e3:76:
         3e:bb:1c:73:35:9b:d4:dd:6e:72:6a:27:5a:b0:1d:be:24:a6:
         2d:e3:58:52:80:92:fa:1b:1d:77:ff:8c:ce:0a:73:48:17:63:
         22:2a:90:c6:b2:08:03:23:61:b3:c2:18:5d:8d:26:3c:8b:46:
         d1:6f:80:cb
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAZQi+9kQRhT89otguMFKJfmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGIzM2ZiMjBkZDU1N2NkMGIxNGVkZmUxMDg4MGYwZTBkMjFjNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRKcFMn3SIsdKY/8ugS2TKcYk3MZ
T2QwM8sruPQhZip/47Duk1MAUNfRzQyJ7VWYlQ/MGwrTbgVUdwMz27s9X1BXSXdI
dWno73nef3OCe412TdJqxRuUOIQv10jx4pWMwF6p7bGe8xgUOwM5Ui/RQG8ZhR+b
/bPzDqZ0m+ivTBb9R6LPeRQIWrfMgYdvgu9Wg5pJaiR+cNLdm+F0WyQdrUKN/VX2
PlJ1qjwiomfR2Sm4cpGMfLCYJpogBSLGBb6iZysTduEWPCSLOwk/vmrKTAz2nwxg
c2/a+AZHysKM6+Th8CzeJ69sl+wBF99z4JrQMd9IQ509c65G1ae1YhWUtQIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFHSzP7IN1VfNCxTt/hCIDw4NIcUpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhhL2Y2ZWU5
ZC03NTZmLTQzN2UtYmMwMy1lNzAzZTk0YjdiZWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEvZjZlZTlk
LTc1NmYtNDM3ZS1iYzAzLWU3MDNlOTRiN2JlYi8xL2RMTV9zZzNWVjgwTEZPMy1F
SWdQRGcwaHhTay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEYGCCsGAQUF
BwEHAQH/BDcwNTAkBAIAATAeAwQDJUsIAwQCuRwAAwQCw44AAwQDw45oAwQCw46E
MA0EAgACMAcDBQAqA8BAMB8GCCsGAQUFBwEIAQH/BBAwDqAMMAoCAwDrSAIDAws8
MA0GCSqGSIb3DQEBCwUAA4IBAQBo7FVDQq07uh9Z6mTZYWwb14O0RL9hOVCNt0U6
NXrWR1fndqiV8QjgdJ6oE3g49NACK1LZqfFpAlpB910jF1XVWto1n34jAN3WQ4mV
Ci7WzoNo/ZDI4w7pbOx/EkzKLMoo747DqY01S0d/5PPMfKo5VknadTvwUik6Th0a
Bu+3ylV7GH4pYH4aFbOm5RZrJwPiFNVD9dX51CTcwO4R9ps0bAHx0pXGHOy/83et
ROztVIzg1D3CVqs0zVI0f41lzAAWAp5E43Y+uxxzNZvU3W5yaidasB2+JKYt41hS
gJL6Gx13/4zOCnNIF2MiKpDGsggDI2GzwhhdjSY8i0bRb4DL
-----END CERTIFICATE-----