Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
File:                     iUkoo5YnzV7l-XW9iXwtd1qymUA.cer (raw, json)
Hash identifier:          kJglXxA+oJr4vN0cYHKwQN41s4QTu2M/31oA2+B4kR4=
Subject key identifier:   89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA1BBB7433C348B881BC131E19161B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:47:52 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 9183
                          AS: 203970
                          IP: 139.15.0.0/16
                          IP: 149.226.0.0/16
                          IP: 185.112.176.0/22
                          IP: 192.48.31.0/24
                          IP: 193.108.217.0/24
                          IP: 193.141.57.0/24
                          IP: 194.39.218.0/23
                          IP: 2a03:cc00::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:1b:bb:74:33:c3:48:b8:81:bc:13:1e:19:16:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=894928a39627cd5ee5f975bd897c2d775ab29940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f5:8c:40:a0:e7:75:4b:a4:8e:07:5f:7d:78:
                    8e:bc:d3:a4:d9:35:a4:63:2f:7c:3e:4c:94:97:70:
                    1e:45:d0:56:06:04:d3:f3:8c:df:87:b7:9b:a5:0e:
                    be:95:25:07:50:46:65:c7:81:29:fd:9a:0b:85:f3:
                    40:5c:25:58:3e:f6:28:f6:76:dc:db:ad:b7:4f:aa:
                    fc:9c:28:01:df:14:67:92:25:52:cc:fd:f5:1c:63:
                    a9:65:d7:b7:ce:49:a5:ed:2f:9c:6c:82:0e:2a:83:
                    8a:dd:de:ad:dc:d8:42:d8:49:12:18:21:9c:8f:7c:
                    47:f9:fe:ac:6e:cb:94:78:e3:ef:8d:73:d6:33:b1:
                    97:2e:c6:3a:03:e2:09:a2:a7:c2:2f:9d:02:7d:de:
                    ab:12:a8:ed:69:0d:ad:01:30:a6:85:37:03:b7:03:
                    b7:d0:b4:b4:ce:82:14:62:30:3b:82:52:9c:20:d2:
                    58:51:a0:bc:d0:48:a4:41:2d:8b:53:69:1a:97:85:
                    17:8d:ed:3d:70:a5:37:c0:3d:3d:c7:82:75:0d:ab:
                    09:c5:c3:5f:de:75:04:fb:38:74:8e:c2:f7:72:8f:
                    5f:9a:37:f8:28:3b:6e:0e:55:0e:0a:af:81:56:a2:
                    e3:68:7d:71:ea:e4:e3:c9:87:7e:c9:51:77:df:00:
                    79:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.15.0.0/16
                  149.226.0.0/16
                  185.112.176.0/22
                  192.48.31.0/24
                  193.108.217.0/24
                  193.141.57.0/24
                  194.39.218.0/23
                IPv6:
                  2a03:cc00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  9183
                  203970

    Signature Algorithm: sha256WithRSAEncryption
         46:d5:f1:20:5b:88:39:10:b4:6a:19:8a:78:70:65:3f:8b:7a:
         0e:a3:60:e4:6c:d8:75:31:4c:03:3b:de:8b:09:7a:17:28:18:
         a2:48:94:16:7a:54:cb:ee:ba:8c:2f:79:05:fe:7f:8b:30:29:
         91:b7:92:3a:db:e1:2e:70:1a:b2:f0:e5:d7:1e:e5:7f:af:e0:
         da:c1:04:3d:e3:f4:0d:45:0b:b9:8e:c1:6e:35:0a:48:b8:1d:
         6f:b8:1a:6e:a6:ec:d3:26:4e:8a:09:63:8a:32:57:5b:d0:83:
         e6:85:5b:7f:d1:b6:c0:7a:93:95:43:74:96:52:2e:37:5d:96:
         29:ca:4b:e3:bb:74:3a:5e:d8:49:b2:2d:1b:45:cd:1c:ae:ad:
         d2:f1:6e:ae:24:37:f0:4b:fe:0c:a2:79:73:83:da:25:e4:4c:
         80:36:71:60:9e:d2:67:52:93:ab:40:d2:c3:57:c0:86:72:94:
         1f:0c:0b:8f:04:46:4c:90:fa:bd:74:96:e9:b7:3c:d8:7f:8f:
         9c:a4:1d:14:e6:dc:42:f8:88:f4:7b:1f:47:78:d3:06:e4:67:
         3e:93:c3:72:a4:80:09:ca:02:e6:05:60:56:7d:2c:1d:71:f6:
         36:65:c1:2c:54:eb:16:de:74:21:94:c2:ff:cb:f3:f0:4c:c9:
         d1:66:40:16
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgISAZQf+hu7dDPDSLiBvBMeGRYbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQ5MjhhMzk2MjdjZDVlZTVmOTc1YmQ4OTdjMmQ3NzVhYjI5OTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvWMQKDndUukjgdffXiOvNOk2TWk
Yy98PkyUl3AeRdBWBgTT84zfh7ebpQ6+lSUHUEZlx4Ep/ZoLhfNAXCVYPvYo9nbc
2623T6r8nCgB3xRnkiVSzP31HGOpZde3zkml7S+cbIIOKoOK3d6t3NhC2EkSGCGc
j3xH+f6sbsuUeOPvjXPWM7GXLsY6A+IJoqfCL50Cfd6rEqjtaQ2tATCmhTcDtwO3
0LS0zoIUYjA7glKcINJYUaC80EikQS2LU2kal4UXje09cKU3wD09x4J1DasJxcNf
3nUE+zh0jsL3co9fmjf4KDtuDlUOCq+BVqLjaH1x6uTjyYd+yVF33wB5UQIDAQAB
o4IC1TCCAtEwHQYDVR0OBBYEFIlJKKOWJ81e5fl1vYl8LXdasplAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc0LzY5Yzdk
MS1jNDNkLTRiY2QtOGU2YS0xNTkzZDQwNDVjYmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzQvNjljN2Qx
LWM0M2QtNGJjZC04ZTZhLTE1OTNkNDA0NWNiYy8xL2lVa29vNVluelY3bC1YVzlp
WHd0ZDFxeW1VQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFAGCCsGAQUF
BwEHAQH/BEEwPzAuBAIAATAoAwMAiw8DAwCV4gMEArlwsAMEAMAwHwMEAMFs2QME
AMGNOQMEAcIn2jANBAIAAjAHAwUDKgPMADAeBggrBgEFBQcBCAEB/wQPMA2gCzAJ
AgIj3wIDAxzCMA0GCSqGSIb3DQEBCwUAA4IBAQBG1fEgW4g5ELRqGYp4cGU/i3oO
o2DkbNh1MUwDO96LCXoXKBiiSJQWelTL7rqML3kF/n+LMCmRt5I62+EucBqy8OXX
HuV/r+DawQQ94/QNRQu5jsFuNQpIuB1vuBpupuzTJk6KCWOKMldb0IPmhVt/0bbA
epOVQ3SWUi43XZYpykvju3Q6XthJsi0bRc0crq3S8W6uJDfwS/4Monlzg9ol5EyA
NnFgntJnUpOrQNLDV8CGcpQfDAuPBEZMkPq9dJbptzzYf4+cpB0U5txC+Ij0ex9H
eNMG5Gc+k8NypIAJygLmBWBWfSwdcfY2ZcEsVOsW3nQhlML/y/PwTMnRZkAW
-----END CERTIFICATE-----