Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hXosdK9aRNmq5HoLiUJfpPf8fBk.cer
File:                     hXosdK9aRNmq5HoLiUJfpPf8fBk.cer (raw, json)
Hash identifier:          /4bkujw/wv5Dli1BIZ8A4G96GFQNViaoW54pNFHbwos=
Subject key identifier:   85:7A:2C:74:AF:5A:44:D9:AA:E4:7A:0B:89:42:5F:A4:F7:FC:7C:19
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143F64863E4D25F905342DF0396B189
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/hXosdK9aRNmq5HoLiUJfpPf8fBk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 43281
                          AS: 201711
                          AS: 210133
                          AS: 212638
                          IP: 37.77.168.0/21
                          IP: 77.247.200.0/21
                          IP: 185.214.43.0/24
                          IP: 2a03:9d80::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f6:48:63:e4:d2:5f:90:53:42:df:03:96:b1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=857a2c74af5a44d9aae47a0b89425fa4f7fc7c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:43:e3:ba:9d:9f:3a:95:c4:07:1c:09:f9:76:
                    5e:37:ba:75:64:81:ab:94:6d:51:5a:e7:4e:c5:af:
                    94:62:f6:34:9d:84:9f:64:e8:da:c0:1a:4b:18:75:
                    62:d4:c0:b6:28:84:42:16:23:65:39:d7:0d:bf:62:
                    75:8d:1e:d4:b8:0e:01:cb:76:bf:4f:62:d9:0d:e1:
                    ce:0f:76:05:78:59:8e:00:ca:71:c0:96:f8:4b:d9:
                    fa:9f:80:36:46:09:00:d1:df:8c:0a:6c:76:7c:fd:
                    6c:d9:85:bc:af:89:10:22:e7:44:5b:a2:0c:8e:3f:
                    4e:79:95:ca:d4:0c:0f:3b:1c:09:1f:ed:a2:15:38:
                    b5:dd:ce:cc:14:51:67:a6:60:39:a9:4b:39:f7:1d:
                    f5:19:76:76:cb:56:7c:99:78:1e:e2:05:de:70:eb:
                    41:9e:3c:de:4d:3b:f1:9f:72:c3:f3:7f:1b:59:a0:
                    dc:09:15:94:51:2d:82:da:75:04:6f:eb:34:5c:d9:
                    b8:04:87:5c:aa:7e:50:c4:8d:0b:d0:81:fc:7d:20:
                    ef:b4:46:51:ff:91:98:19:4f:71:bb:18:20:f5:26:
                    40:d2:88:f3:54:f3:05:23:37:b2:08:b2:77:31:96:
                    68:86:f1:1e:63:10:d7:2d:13:b5:6b:57:97:03:1b:
                    ca:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:7A:2C:74:AF:5A:44:D9:AA:E4:7A:0B:89:42:5F:A4:F7:FC:7C:19
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/hXosdK9aRNmq5HoLiUJfpPf8fBk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.168.0/21
                  77.247.200.0/21
                  185.214.43.0/24
                IPv6:
                  2a03:9d80::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43281
                  201711
                  210133
                  212638

    Signature Algorithm: sha256WithRSAEncryption
         34:4b:bb:a9:76:42:a2:f1:f2:ac:a0:36:ae:84:2f:10:2f:80:
         43:52:8d:2a:29:d6:08:07:f0:5a:9b:9e:10:96:f7:bb:bb:6c:
         82:a1:6e:4a:a9:4e:b5:c0:81:17:df:36:50:64:41:e0:e8:d0:
         8c:64:61:c0:0b:2a:e9:fd:8a:3b:87:6a:40:69:01:49:66:10:
         2d:a9:11:ed:4b:1c:e0:f2:7a:83:91:fd:5f:c2:1c:2a:0e:a2:
         cf:f4:ae:46:67:6f:32:42:80:7b:6a:b2:cc:1a:f5:d8:c6:2a:
         7b:37:c1:27:db:b9:30:f8:44:7c:01:d3:d3:d6:34:44:cb:4d:
         b7:eb:47:bd:e3:78:98:9f:36:65:0c:1b:5b:13:73:a9:b0:7d:
         10:dd:b4:4a:c3:eb:8e:7a:2f:f0:15:da:a1:00:cd:fc:b2:8a:
         64:59:42:b1:eb:4a:ae:b5:61:47:8d:c3:ef:f6:41:8b:4f:bf:
         eb:40:6d:f2:68:b6:c2:cf:df:74:54:a2:07:cb:d9:bf:9c:dd:
         69:1c:63:b7:5a:2e:ce:9d:ca:7b:61:97:87:e4:1b:aa:97:7c:
         13:a6:2c:1f:90:c9:ee:46:d5:5e:ec:16:08:69:df:cf:df:83:
         1e:ba:1a:b2:62:5d:77:55:14:6c:f4:e9:0c:0c:11:28:6c:fb:
         20:74:94:fb
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZQhQ/ZIY+TSX5BTQt8DlrGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTdhMmM3NGFmNWE0NGQ5YWFlNDdhMGI4OTQyNWZhNGY3ZmM3YzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykPjup2fOpXEBxwJ+XZeN7p1ZIGr
lG1RWudOxa+UYvY0nYSfZOjawBpLGHVi1MC2KIRCFiNlOdcNv2J1jR7UuA4By3a/
T2LZDeHOD3YFeFmOAMpxwJb4S9n6n4A2RgkA0d+MCmx2fP1s2YW8r4kQIudEW6IM
jj9OeZXK1AwPOxwJH+2iFTi13c7MFFFnpmA5qUs59x31GXZ2y1Z8mXge4gXecOtB
njzeTTvxn3LD838bWaDcCRWUUS2C2nUEb+s0XNm4BIdcqn5QxI0L0IH8fSDvtEZR
/5GYGU9xuxgg9SZA0ojzVPMFIzeyCLJ3MZZohvEeYxDXLRO1a1eXAxvKWwIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFIV6LHSvWkTZquR6C4lCX6T3/HwZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkzLzBhOWEz
My05OWRjLTRiOTItOGNlZC04MzZhYzk3YzAxYmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTMvMGE5YTMz
LTk5ZGMtNGI5Mi04Y2VkLTgzNmFjOTdjMDFiYi8xL2hYb3NkSzlhUk5tcTVIb0xp
VUpmcFBmOGZCay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQDJU2oAwQDTffIAwQAudYrMA0EAgACMAcDBQAq
A52AMCkGCCsGAQUFBwEIAQH/BBowGKAWMBQCAwCpEQIDAxPvAgMDNNUCAwM+njAN
BgkqhkiG9w0BAQsFAAOCAQEANEu7qXZCovHyrKA2roQvEC+AQ1KNKinWCAfwWpue
EJb3u7tsgqFuSqlOtcCBF982UGRB4OjQjGRhwAsq6f2KO4dqQGkBSWYQLakR7Usc
4PJ6g5H9X8IcKg6iz/SuRmdvMkKAe2qyzBr12MYqezfBJ9u5MPhEfAHT09Y0RMtN
t+tHveN4mJ82ZQwbWxNzqbB9EN20SsPrjnov8BXaoQDN/LKKZFlCsetKrrVhR43D
7/ZBi0+/60Bt8mi2ws/fdFSiB8vZv5zdaRxjt1ouzp3Ke2GXh+Qbqpd8E6YsH5DJ
7kbVXuwWCGnfz9+DHroasmJdd1UUbPTpDAwRKGz7IHSU+w==
-----END CERTIFICATE-----