Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hgCq8T1N6clbY3Wa0YY2q8jiY3Y.cer
File:                     hgCq8T1N6clbY3Wa0YY2q8jiY3Y.cer (raw, json)
Hash identifier:          bgnNkB0MyHB/NiwCEhX+GoIZR1oMBWd3dj55wzwQVb4=
Subject key identifier:   86:00:AA:F1:3D:4D:E9:C9:5B:63:75:9A:D1:86:36:AB:C8:E2:63:76
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3C00409DDFED268DBBBB6DA7902F3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/35/b7d20e-33bc-4b23-a198-2244fd6185d3/1/hgCq8T1N6clbY3Wa0YY2q8jiY3Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/35/b7d20e-33bc-4b23-a198-2244fd6185d3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:49:07 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 48740
                          IP: 91.212.1.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c0:04:09:dd:fe:d2:68:db:bb:b6:da:79:02:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8600aaf13d4de9c95b63759ad18636abc8e26376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:94:1d:62:fe:27:19:fd:63:ed:e8:5e:f4:87:
                    6e:56:6e:63:03:d4:b1:c3:c7:72:b7:b2:0c:be:ab:
                    a1:45:8e:37:af:b2:98:6f:39:41:6c:b1:00:7e:04:
                    de:12:fa:b6:94:2b:e9:3f:73:4d:2b:0a:eb:df:bd:
                    e2:58:8a:a4:a5:a0:82:30:c2:1d:7c:26:fd:32:26:
                    28:79:3f:dc:5e:34:c5:ee:c8:df:e2:4d:96:93:2a:
                    33:44:5a:4f:5a:29:85:7b:89:b8:2d:8d:84:d6:af:
                    71:ec:e3:02:ee:5a:26:77:a5:9d:c0:b6:3d:81:b6:
                    e7:a1:0f:71:94:9c:ad:db:5c:57:ab:19:bf:4c:09:
                    c2:f9:86:e2:c9:b5:f0:89:bd:29:69:ec:28:c5:8e:
                    10:91:35:93:e0:5f:5d:af:a3:a0:96:e9:4c:11:ab:
                    c9:7d:0d:c0:83:b3:3f:04:7b:f2:2c:25:dc:0e:0e:
                    4a:bc:a1:db:40:80:73:2e:e5:10:4d:ab:46:74:65:
                    1c:0e:34:d9:d5:f6:90:47:ed:b7:5b:7c:d1:b6:23:
                    37:40:4e:40:d2:2c:3a:b7:66:ef:76:99:9c:f4:6c:
                    d8:43:f8:d1:ac:11:39:66:d9:11:c0:0e:a0:69:a0:
                    35:32:7c:c6:b7:9b:10:74:a0:ca:7b:36:45:f1:65:
                    c3:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:00:AA:F1:3D:4D:E9:C9:5B:63:75:9A:D1:86:36:AB:C8:E2:63:76
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b7d20e-33bc-4b23-a198-2244fd6185d3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b7d20e-33bc-4b23-a198-2244fd6185d3/1/hgCq8T1N6clbY3Wa0YY2q8jiY3Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.1.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48740

    Signature Algorithm: sha256WithRSAEncryption
         96:df:88:d9:87:e6:c6:36:40:be:6d:f2:1f:1f:c1:a8:f6:62:
         d9:3c:3a:54:d0:27:30:6e:f9:29:ad:d1:fa:fd:e6:50:c6:46:
         77:89:77:23:7a:3e:1f:e6:eb:cf:a3:ab:d9:21:6a:bc:42:95:
         6c:34:e0:7a:e9:98:e8:f0:0a:78:ee:2d:67:71:23:d5:5d:61:
         cc:58:e2:7e:8b:60:a9:5b:d3:b6:d7:b9:26:e1:9a:b8:f8:39:
         84:b4:96:0d:66:5d:d6:6d:71:36:03:8b:cf:b3:fe:4f:61:94:
         79:dc:39:cc:b1:49:0e:83:78:c6:7c:79:f3:2d:22:72:f1:4a:
         b5:16:80:1c:98:bd:34:90:0a:cc:d4:2e:50:b4:ab:99:00:4b:
         d1:ae:ce:ef:10:51:fd:ce:29:89:5d:1c:e0:30:67:df:2a:69:
         ef:b8:25:2c:39:53:ae:d1:57:28:d0:b2:bd:15:d8:a1:fd:9f:
         62:a0:97:cc:8c:50:7e:45:49:31:d5:9c:2a:c9:3d:66:a5:aa:
         10:48:0f:86:a4:ef:56:9f:a8:89:9b:a2:70:39:04:e2:94:aa:
         dd:4c:6a:85:a8:8f:11:de:33:ee:5c:0b:f0:4e:f8:65:f7:6c:
         0f:b6:05:d1:a1:99:bf:04:2e:61:14:4c:fc:4d:6b:fd:8f:6e:
         79:57:bf:4f
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQks8AECd3+0mjbu7baeQLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjAwYWFmMTNkNGRlOWM5NWI2Mzc1OWFkMTg2MzZhYmM4ZTI2Mzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpQdYv4nGf1j7ehe9IduVm5jA9Sx
w8dyt7IMvquhRY43r7KYbzlBbLEAfgTeEvq2lCvpP3NNKwrr373iWIqkpaCCMMId
fCb9MiYoeT/cXjTF7sjf4k2WkyozRFpPWimFe4m4LY2E1q9x7OMC7lomd6WdwLY9
gbbnoQ9xlJyt21xXqxm/TAnC+YbiybXwib0paewoxY4QkTWT4F9dr6OglulMEavJ
fQ3Ag7M/BHvyLCXcDg5KvKHbQIBzLuUQTatGdGUcDjTZ1faQR+23W3zRtiM3QE5A
0iw6t2bvdpmc9GzYQ/jRrBE5ZtkRwA6gaaA1MnzGt5sQdKDKezZF8WXDnwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIYAqvE9TenJW2N1mtGGNqvI4mN2MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM1L2I3ZDIw
ZS0zM2JjLTRiMjMtYTE5OC0yMjQ0ZmQ2MTg1ZDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUvYjdkMjBl
LTMzYmMtNGIyMy1hMTk4LTIyNDRmZDYxODVkMy8xL2hnQ3E4VDFONmNsYlkzV2Ew
WVkycThqaVkzWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9QBMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC+ZDANBgkqhkiG9w0BAQsFAAOCAQEAlt+I2YfmxjZAvm3yHx/BqPZi2Tw6VNAn
MG75Ka3R+v3mUMZGd4l3I3o+H+brz6Or2SFqvEKVbDTgeumY6PAKeO4tZ3Ej1V1h
zFjifotgqVvTtte5JuGauPg5hLSWDWZd1m1xNgOLz7P+T2GUedw5zLFJDoN4xnx5
8y0icvFKtRaAHJi9NJAKzNQuULSrmQBL0a7O7xBR/c4piV0c4DBn3ypp77glLDlT
rtFXKNCyvRXYof2fYqCXzIxQfkVJMdWcKsk9ZqWqEEgPhqTvVp+oiZuicDkE4pSq
3UxqhaiPEd4z7lwL8E74ZfdsD7YF0aGZvwQuYRRM/E1r/Y9ueVe/Tw==
-----END CERTIFICATE-----