Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/oCuxHQGVV-EvX7brkDg3QhFg0Ak.cer
File:                     oCuxHQGVV-EvX7brkDg3QhFg0Ak.cer (raw, json)
Hash identifier:          SfFlDNUQrxMQDnADS5ISnfKNzCSbKjup/F24UECMJmA=
Subject key identifier:   A0:2B:B1:1D:01:95:57:E1:2F:5F:B6:EB:90:38:37:42:11:60:D0:09
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942747B90A40696B489EC51C3CA673E401
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/9d6ca2-0dac-4597-80f5-7bd3ab73e172/1/oCuxHQGVV-EvX7brkDg3QhFg0Ak.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/9d6ca2-0dac-4597-80f5-7bd3ab73e172/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:49:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 202332
                          IP: 194.147.40.0/22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b9:0a:40:69:6b:48:9e:c5:1c:3c:a6:73:e4:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a02bb11d019557e12f5fb6eb903837421160d009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c8:74:45:c1:22:0b:0d:bf:97:d7:49:c1:ff:
                    a4:d1:99:15:b3:25:38:71:50:cd:74:14:09:61:c2:
                    25:9e:63:f7:47:a5:5e:5e:4f:a1:5d:12:3b:3d:4d:
                    40:d9:c0:56:a3:c3:55:b7:8f:ae:c2:f3:3a:d6:e4:
                    12:f3:84:e7:6e:88:3d:58:3a:75:04:24:7d:94:3f:
                    bd:32:31:02:f1:f2:d1:04:bb:b4:ef:45:72:39:4b:
                    dd:35:6f:95:52:88:62:ca:0f:12:c9:f6:9e:9d:e1:
                    2e:8d:27:39:d0:ee:3b:b9:27:c1:39:8a:27:a2:5a:
                    af:fa:98:6b:e5:4c:f8:1f:33:e6:fa:1a:22:fb:cf:
                    8c:3e:66:1e:65:cd:00:36:d3:54:78:42:e3:75:66:
                    d9:f1:66:c2:44:85:f4:91:36:2f:1e:e5:c7:5a:ab:
                    c3:94:83:e7:d7:60:32:81:11:fa:dd:c8:4b:9a:58:
                    45:f8:4d:4b:db:3f:14:22:82:4d:95:b8:9a:8d:06:
                    ce:ff:aa:6c:93:cf:1f:39:6e:d3:7d:c5:07:fa:90:
                    f8:a9:4d:f6:1b:2d:17:a5:94:4b:08:56:6a:ba:a6:
                    21:20:d2:a8:17:2f:38:eb:57:db:ae:91:6c:6a:7a:
                    c8:95:ba:1a:63:8e:37:ee:93:cf:42:dd:cd:5a:ae:
                    6f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2B:B1:1D:01:95:57:E1:2F:5F:B6:EB:90:38:37:42:11:60:D0:09
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9d6ca2-0dac-4597-80f5-7bd3ab73e172/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9d6ca2-0dac-4597-80f5-7bd3ab73e172/1/oCuxHQGVV-EvX7brkDg3QhFg0Ak.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.40.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202332

    Signature Algorithm: sha256WithRSAEncryption
         88:37:c9:5e:bd:d6:5a:27:c3:24:4c:ea:a1:a2:6a:99:c9:c3:
         e9:06:02:16:9a:39:39:94:56:f2:78:49:11:5f:c1:57:e9:51:
         58:84:43:91:a6:dc:c2:17:7d:57:a7:c6:86:52:d3:17:d7:0b:
         9d:86:8d:9d:fd:31:25:d0:ac:f7:a0:46:2b:33:30:2e:d2:a2:
         b8:89:86:5f:92:fd:e1:b3:b3:79:e9:76:85:8c:6d:70:99:72:
         8c:69:ef:a7:05:9d:c6:87:ba:1e:5f:2c:00:24:7a:d0:1a:92:
         53:5a:19:ae:b4:a8:86:df:4f:c9:4d:dd:5c:4e:87:77:ee:49:
         36:9e:eb:ac:ef:ac:a9:4f:eb:cf:1f:78:4d:73:c6:0a:52:8d:
         65:4d:8a:39:5c:c1:58:3c:04:8a:64:6b:60:e6:40:07:85:cf:
         f7:15:f5:64:e8:6e:2e:6c:52:57:62:e8:77:c0:6b:64:ec:50:
         2b:eb:19:68:0c:26:89:1f:5b:27:5b:92:4a:82:e3:9f:9c:30:
         d9:35:af:2b:04:75:88:80:9c:48:c1:2d:93:10:5c:17:8d:4d:
         08:69:ca:ed:fd:35:ee:2f:92:27:d4:29:94:90:c7:b8:43:ab:
         72:57:58:69:3f:cb:d3:02:ea:13:3a:3c:b6:62:67:eb:5a:6f:
         b7:32:1c:f5
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQnR7kKQGlrSJ7FHDymc+QBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDJiYjExZDAxOTU1N2UxMmY1ZmI2ZWI5MDM4Mzc0MjExNjBkMDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Mh0RcEiCw2/l9dJwf+k0ZkVsyU4
cVDNdBQJYcIlnmP3R6VeXk+hXRI7PU1A2cBWo8NVt4+uwvM61uQS84Tnbog9WDp1
BCR9lD+9MjEC8fLRBLu070VyOUvdNW+VUohiyg8SyfaeneEujSc50O47uSfBOYon
olqv+phr5Uz4HzPm+hoi+8+MPmYeZc0ANtNUeELjdWbZ8WbCRIX0kTYvHuXHWqvD
lIPn12AygRH63chLmlhF+E1L2z8UIoJNlbiajQbO/6psk88fOW7TfcUH+pD4qU32
Gy0XpZRLCFZquqYhINKoFy8461fbrpFsanrIlboaY4437pPPQt3NWq5vKwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKArsR0BlVfhL1+265A4N0IRYNAJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2LzlkNmNh
Mi0wZGFjLTQ1OTctODBmNS03YmQzYWI3M2UxNzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvOWQ2Y2Ey
LTBkYWMtNDU5Ny04MGY1LTdiZDNhYjczZTE3Mi8xL29DdXhIUUdWVi1Fdlg3YnJr
RGczUWhGZzBBay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwpMoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMWXDANBgkqhkiG9w0BAQsFAAOCAQEAiDfJXr3WWifDJEzqoaJqmcnD6QYCFpo5
OZRW8nhJEV/BV+lRWIRDkabcwhd9V6fGhlLTF9cLnYaNnf0xJdCs96BGKzMwLtKi
uImGX5L94bOzeel2hYxtcJlyjGnvpwWdxoe6Hl8sACR60BqSU1oZrrSoht9PyU3d
XE6Hd+5JNp7rrO+sqU/rzx94TXPGClKNZU2KOVzBWDwEimRrYOZAB4XP9xX1ZOhu
LmxSV2Lod8BrZOxQK+sZaAwmiR9bJ1uSSoLjn5ww2TWvKwR1iICcSMEtkxBcF41N
CGnK7f017i+SJ9QplJDHuEOrcldYaT/L0wLqEzo8tmJn61pvtzIc9Q==
-----END CERTIFICATE-----