Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/pIqHxF2XIEZJBbamsJM_fDlRGS0.cer
File:                     pIqHxF2XIEZJBbamsJM_fDlRGS0.cer (raw, json)
Hash identifier:          JpPPLBVZJxKhKmJI9MbivMMYEctVs1+HTt7v30u9sto=
Subject key identifier:   A4:8A:87:C4:5D:97:20:46:49:05:B6:A6:B0:93:3F:7C:39:51:19:2D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FB69FF32173330D54ED224E0799D03
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6b/7a9f0c-5888-4fd8-bd90-683384b19ea3/1/pIqHxF2XIEZJBbamsJM_fDlRGS0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6b/7a9f0c-5888-4fd8-bd90-683384b19ea3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 39542
                          IP: 91.213.242.0/24
                          IP: 185.43.60.0/22
                          IP: 185.137.252.0/23
                          IP: 193.164.232.192/27
                          IP: 193.201.35.0/24
                          IP: 193.201.37.0 -- 193.201.38.255
                          IP: 193.201.43.0/24
                          IP: 194.50.39.0/24
                          IP: 2a01:6960::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:69:ff:32:17:33:30:d5:4e:d2:24:e0:79:9d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a48a87c45d9720464905b6a6b0933f7c3951192d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b7:3e:e2:8d:29:bb:1e:f2:eb:90:4d:10:a2:
                    cd:ad:23:8d:00:3d:ad:29:2f:bd:2f:5c:ca:e3:6a:
                    e4:1a:51:b6:c2:2b:63:79:b8:e8:e1:d8:ec:45:3b:
                    b6:f9:e9:9d:71:8b:07:28:04:b3:e9:10:75:27:98:
                    45:2c:f8:52:19:10:50:3f:73:1b:4b:8c:87:19:3f:
                    28:8d:6c:4e:71:af:58:6e:14:31:50:d5:45:0a:1e:
                    5a:88:22:f0:93:90:6b:19:4e:17:f0:78:88:6b:e5:
                    83:94:2b:5a:6f:e6:81:78:dc:aa:34:c9:ad:37:a3:
                    bf:2a:bd:22:c7:c3:60:06:ec:48:e2:48:24:87:e8:
                    0f:a0:b7:d2:81:bf:08:24:43:07:74:e8:d6:8d:78:
                    ae:8c:0a:e6:13:fd:29:b0:82:8f:6b:c2:07:a9:41:
                    0e:bd:2d:a1:43:16:67:33:ee:fc:ec:69:54:69:5e:
                    7e:c7:c0:63:30:2c:f6:c6:c5:84:71:cd:65:07:aa:
                    85:bc:eb:f1:df:1a:13:68:59:8d:b8:6c:eb:11:23:
                    de:8f:22:1d:b7:48:cf:0f:b3:56:cb:2e:e5:0c:17:
                    9e:03:a7:cf:9d:32:bd:b8:13:d7:d9:7e:28:f4:69:
                    2e:55:42:8e:be:f7:d5:c5:3b:ce:01:99:b3:3b:ad:
                    1e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:8A:87:C4:5D:97:20:46:49:05:B6:A6:B0:93:3F:7C:39:51:19:2D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/7a9f0c-5888-4fd8-bd90-683384b19ea3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/7a9f0c-5888-4fd8-bd90-683384b19ea3/1/pIqHxF2XIEZJBbamsJM_fDlRGS0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.242.0/24
                  185.43.60.0/22
                  185.137.252.0/23
                  193.164.232.192/27
                  193.201.35.0/24
                  193.201.37.0-193.201.38.255
                  193.201.43.0/24
                  194.50.39.0/24
                IPv6:
                  2a01:6960::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39542

    Signature Algorithm: sha256WithRSAEncryption
         42:e6:e0:47:34:40:8b:b3:04:f0:d2:9e:b8:97:0f:cf:6d:7d:
         0a:82:b7:0b:1b:3a:64:91:80:03:12:ea:28:1c:f2:87:20:07:
         ca:7c:28:97:aa:a6:b3:eb:5c:11:21:1c:7e:66:a9:81:7b:c9:
         af:56:52:6a:43:8b:a7:69:5b:1d:7f:68:f7:98:ca:b7:f9:4c:
         ee:28:9e:01:f4:af:55:72:82:a4:78:bf:ae:51:e1:49:b5:0a:
         4c:04:63:c0:ca:3c:49:e4:ed:b7:76:6f:2d:fb:74:84:9d:d2:
         f8:6e:0d:02:0b:d9:de:b4:2f:97:0e:e7:0e:d5:02:57:47:a6:
         f3:47:3a:9a:10:f7:56:c5:5c:dd:3b:eb:b1:da:74:dd:5b:6f:
         94:34:3e:34:7d:5c:d4:ee:5e:a5:db:88:92:1a:47:fe:f2:23:
         3d:17:c1:30:cf:26:81:84:68:ca:1e:a6:81:65:6e:70:80:0c:
         37:46:21:82:b5:00:4f:b4:bb:aa:75:3d:c9:c1:72:0d:1e:4f:
         99:fa:cf:b9:1e:54:db:3a:54:7a:f0:c4:91:71:9f:58:ad:10:
         8f:d0:62:d0:e5:98:62:2b:f2:78:f9:84:58:2a:09:b9:da:0c:
         7c:14:29:18:12:5c:9e:e2:11:fd:1c:3d:81:02:e7:3c:65:3c:
         50:c7:91:fc
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgISAZQi+2n/MhczMNVO0iTgeZ0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDhhODdjNDVkOTcyMDQ2NDkwNWI2YTZiMDkzM2Y3YzM5NTExOTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Lc+4o0pux7y65BNEKLNrSONAD2t
KS+9L1zK42rkGlG2witjebjo4djsRTu2+emdcYsHKASz6RB1J5hFLPhSGRBQP3Mb
S4yHGT8ojWxOca9YbhQxUNVFCh5aiCLwk5BrGU4X8HiIa+WDlCtab+aBeNyqNMmt
N6O/Kr0ix8NgBuxI4kgkh+gPoLfSgb8IJEMHdOjWjXiujArmE/0psIKPa8IHqUEO
vS2hQxZnM+787GlUaV5+x8BjMCz2xsWEcc1lB6qFvOvx3xoTaFmNuGzrESPejyId
t0jPD7NWyy7lDBeeA6fPnTK9uBPX2X4o9GkuVUKOvvfVxTvOAZmzO60e4QIDAQAB
o4IC4jCCAt4wHQYDVR0OBBYEFKSKh8RdlyBGSQW2prCTP3w5URktMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZiLzdhOWYw
Yy01ODg4LTRmZDgtYmQ5MC02ODMzODRiMTllYTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIvN2E5ZjBj
LTU4ODgtNGZkOC1iZDkwLTY4MzM4NGIxOWVhMy8xL3BJcUh4RjJYSUVaSkJiYW1z
Sk1fZkRsUkdTMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGEGCCsGAQUF
BwEHAQH/BFIwUDA/BAIAATA5AwQAW9XyAwQCuSs8AwQBuYn8AwUFwaTowAMEAMHJ
IzAMAwQAwcklAwQAwckmAwQAwckrAwQAwjInMA0EAgACMAcDBQAqAWlgMBoGCCsG
AQUFBwEIAQH/BAswCaAHMAUCAwCadjANBgkqhkiG9w0BAQsFAAOCAQEAQubgRzRA
i7ME8NKeuJcPz219CoK3Cxs6ZJGAAxLqKBzyhyAHynwol6qms+tcESEcfmapgXvJ
r1ZSakOLp2lbHX9o95jKt/lM7iieAfSvVXKCpHi/rlHhSbUKTARjwMo8SeTtt3Zv
Lft0hJ3S+G4NAgvZ3rQvlw7nDtUCV0em80c6mhD3VsVc3Tvrsdp03VtvlDQ+NH1c
1O5epduIkhpH/vIjPRfBMM8mgYRoyh6mgWVucIAMN0YhgrUAT7S7qnU9ycFyDR5P
mfrPuR5U2zpUevDEkXGfWK0Qj9Bi0OWYYivyePmEWCoJudoMfBQpGBJcnuIR/Rw9
gQLnPGU8UMeR/A==
-----END CERTIFICATE-----