Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eS7-37uW3KrRVl0hv0qoVnsLZJ8.cer
File:                     eS7-37uW3KrRVl0hv0qoVnsLZJ8.cer (raw, json)
Hash identifier:          MMf9/+aXZfmJI/D/TZ1rNUaCd89EL1hoBx9P1URw/s8=
Subject key identifier:   79:2E:FE:DF:BB:96:DC:AA:D1:56:5D:21:BF:4A:A8:56:7B:0B:64:9F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221FCF331CB0619F366DCCFC10547C5D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/94/d8aca2-4a8f-41f1-bd9e-7eab0485d34d/1/eS7-37uW3KrRVl0hv0qoVnsLZJ8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/94/d8aca2-4a8f-41f1-bd9e-7eab0485d34d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 8731
                          AS: 20686
                          IP: 62.91.0.0/16
                          IP: 80.85.0.0/20
                          IP: 185.70.204.0/22
                          IP: 193.218.208.0 -- 193.218.221.255
                          IP: 212.86.128.0/19
                          IP: 217.30.224.0/20
                          IP: 2a03:e880::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cf:33:1c:b0:61:9f:36:6d:cc:fc:10:54:7c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=792efedfbb96dcaad1565d21bf4aa8567b0b649f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9b:2a:14:fa:d9:04:c6:1a:6a:29:c0:6e:ef:
                    39:8c:69:82:18:ce:86:7e:cf:cc:ab:b4:49:fe:79:
                    b0:94:e6:02:53:75:06:80:ba:ab:79:08:3a:ff:81:
                    96:15:41:3b:b0:ba:a0:69:e9:01:d9:36:ee:6b:fb:
                    b9:f2:dd:ca:ae:85:e4:5b:45:05:a1:51:ce:c0:06:
                    04:17:e2:b4:88:d1:8c:26:3d:e2:29:8f:12:27:99:
                    50:8a:d1:04:da:a4:7b:48:02:67:fe:7c:75:92:74:
                    c7:ca:a8:60:17:5a:3f:5b:e1:74:65:c4:d2:db:08:
                    c5:c9:fc:98:13:c0:89:9d:4b:0e:ae:d3:d7:44:56:
                    be:df:48:2a:40:d8:52:e6:92:d3:ad:0d:fe:e2:5e:
                    74:e5:a0:85:bb:ec:da:23:5f:05:5b:71:78:69:e0:
                    af:6d:ef:a1:73:60:f1:d8:cc:53:55:0e:92:b1:7e:
                    d6:5c:4c:ce:74:ca:b8:75:73:f0:e2:e8:06:47:86:
                    a1:00:e8:dd:1b:2f:e5:cd:f9:b8:5f:ec:73:ce:68:
                    ab:33:a4:3e:e6:31:ec:03:cd:22:27:2a:18:46:b4:
                    2a:f1:06:eb:9f:5f:16:1d:39:bd:11:6d:07:0e:65:
                    33:dc:f7:a0:d7:98:79:38:a5:01:81:11:9d:f7:63:
                    9c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:2E:FE:DF:BB:96:DC:AA:D1:56:5D:21:BF:4A:A8:56:7B:0B:64:9F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/d8aca2-4a8f-41f1-bd9e-7eab0485d34d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/d8aca2-4a8f-41f1-bd9e-7eab0485d34d/1/eS7-37uW3KrRVl0hv0qoVnsLZJ8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.91.0.0/16
                  80.85.0.0/20
                  185.70.204.0/22
                  193.218.208.0-193.218.221.255
                  212.86.128.0/19
                  217.30.224.0/20
                IPv6:
                  2a03:e880::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8731
                  20686

    Signature Algorithm: sha256WithRSAEncryption
         5f:53:6f:e6:e9:13:d4:37:f8:9f:9c:b6:1d:94:be:0f:01:b8:
         93:69:fe:f0:4f:2a:6c:f5:40:2b:10:76:31:b7:9e:ca:1a:f8:
         d2:15:49:04:f7:14:82:fa:31:48:ff:0d:36:20:85:04:fe:41:
         67:a8:e9:69:46:26:ce:46:da:bb:10:d9:6b:ad:34:9c:05:8f:
         e7:c1:bc:b8:20:aa:a3:8a:c9:ef:fe:78:dc:98:96:31:56:fd:
         f0:5a:1f:ff:66:a7:97:41:10:2f:23:62:44:a3:f2:79:2a:56:
         7b:70:fb:90:ac:9c:74:d1:f3:8d:d2:fc:ca:8a:04:7b:10:18:
         a7:08:2e:21:ab:92:f0:f0:e9:04:a4:f7:5a:50:8b:49:65:b5:
         12:ed:89:84:fe:bf:59:c6:1d:b6:ae:28:f6:c5:bb:fa:78:b7:
         ca:3e:bf:bf:b3:22:17:db:06:03:c3:a3:9d:46:83:f2:39:94:
         3b:4a:c7:35:1e:b4:0d:3f:a7:86:61:31:c7:75:f9:2e:24:fb:
         ce:91:35:b4:aa:ed:8e:cc:8b:7c:c3:ce:9f:d8:d7:4f:90:97:
         81:95:15:27:b9:7e:54:e4:65:7b:38:28:fd:77:9a:72:f6:48:
         0f:1f:4f:be:02:19:94:8b:92:e8:80:e3:73:a6:86:95:d4:68:
         0a:e5:eb:e2
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgISAZQiH88zHLBhnzZtzPwQVHxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTJlZmVkZmJiOTZkY2FhZDE1NjVkMjFiZjRhYTg1NjdiMGI2NDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1psqFPrZBMYaainAbu85jGmCGM6G
fs/Mq7RJ/nmwlOYCU3UGgLqreQg6/4GWFUE7sLqgaekB2Tbua/u58t3KroXkW0UF
oVHOwAYEF+K0iNGMJj3iKY8SJ5lQitEE2qR7SAJn/nx1knTHyqhgF1o/W+F0ZcTS
2wjFyfyYE8CJnUsOrtPXRFa+30gqQNhS5pLTrQ3+4l505aCFu+zaI18FW3F4aeCv
be+hc2Dx2MxTVQ6SsX7WXEzOdMq4dXPw4ugGR4ahAOjdGy/lzfm4X+xzzmirM6Q+
5jHsA80iJyoYRrQq8Qbrn18WHTm9EW0HDmUz3Peg15h5OKUBgRGd92Oc8wIDAQAB
o4IC1zCCAtMwHQYDVR0OBBYEFHku/t+7ltyq0VZdIb9KqFZ7C2SfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk0L2Q4YWNh
Mi00YThmLTQxZjEtYmQ5ZS03ZWFiMDQ4NWQzNGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTQvZDhhY2Ey
LTRhOGYtNDFmMS1iZDllLTdlYWIwNDg1ZDM0ZC8xL2VTNy0zN3VXM0tyUlZsMGh2
MHFvVm5zTFpKOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFMGCCsGAQUF
BwEHAQH/BEQwQjAxBAIAATArAwMAPlsDBARQVQADBAK5RswwDAMEBMHa0AMEAcHa
3AMEBdRWgAMEBNke4DANBAIAAjAHAwUDKgPogDAdBggrBgEFBQcBCAEB/wQOMAyg
CjAIAgIiGwICUM4wDQYJKoZIhvcNAQELBQADggEBAF9Tb+bpE9Q3+J+cth2Uvg8B
uJNp/vBPKmz1QCsQdjG3nsoa+NIVSQT3FIL6MUj/DTYghQT+QWeo6WlGJs5G2rsQ
2WutNJwFj+fBvLggqqOKye/+eNyYljFW/fBaH/9mp5dBEC8jYkSj8nkqVntw+5Cs
nHTR843S/MqKBHsQGKcILiGrkvDw6QSk91pQi0lltRLtiYT+v1nGHbauKPbFu/p4
t8o+v7+zIhfbBgPDo51Gg/I5lDtKxzUetA0/p4ZhMcd1+S4k+86RNbSq7Y7Mi3zD
zp/Y10+Ql4GVFSe5flTkZXs4KP13mnL2SA8fT74CGZSLkuiA43OmhpXUaArl6+I=
-----END CERTIFICATE-----