Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qoCTNU5WWsSDilH0fSdpdpxmlE4.cer
File:                     qoCTNU5WWsSDilH0fSdpdpxmlE4.cer (raw, json)
Hash identifier:          grVSBkMBDeRqtsBTi/K2kiymIjPZFOXe2I6J/XacJgA=
Subject key identifier:   AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FDED8886FD8D1DBED28F507327DEAD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/qoCTNU5WWsSDilH0fSdpdpxmlE4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:49:45 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.193.43.0/24
                          IP: 193.163.170.0/24
                          IP: 195.20.16.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ed:88:86:fd:8d:1d:be:d2:8f:50:73:27:de:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa8093354e565ac4838a51f47d2769769c66944e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7b:1b:06:ff:3e:d2:18:0e:ec:f0:28:8f:94:
                    06:14:a7:aa:df:25:5d:e1:86:a0:63:da:00:c3:58:
                    38:8b:21:89:4d:32:ec:50:42:3e:33:78:a7:e9:a7:
                    2a:de:28:1d:d4:d7:2e:f1:86:77:4c:0f:d2:ad:9d:
                    a8:6b:e2:4c:7f:63:6e:8a:7d:92:9a:aa:f9:47:07:
                    71:28:0d:4f:33:c9:0e:f2:07:cf:48:73:7c:9f:c7:
                    10:06:07:b7:fe:0d:73:72:95:ff:ab:ee:a1:ca:16:
                    59:1b:bd:62:9c:92:f1:96:ec:67:ce:d3:68:fc:ad:
                    58:20:29:27:95:e4:67:33:81:3c:9f:61:e5:ce:f3:
                    bc:e4:79:b8:02:a0:a4:ee:6f:74:87:e4:2e:28:1d:
                    d3:99:a5:fd:7d:0f:19:b5:b1:60:ec:87:02:a5:ec:
                    87:0c:ae:31:a3:ca:6f:f3:10:85:69:16:f9:5b:98:
                    28:29:c6:23:42:a6:87:91:b3:16:1f:23:25:e3:90:
                    5f:a8:4e:81:7a:14:66:dd:27:ab:80:f7:52:aa:d5:
                    2a:31:16:09:b1:00:c2:db:36:55:73:8e:cc:61:25:
                    21:45:98:82:e0:f2:ba:49:e3:af:a5:2c:f6:a4:f0:
                    78:fa:49:95:63:28:37:a5:1f:c8:76:2c:02:0e:d5:
                    23:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/qoCTNU5WWsSDilH0fSdpdpxmlE4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.43.0/24
                  193.163.170.0/24
                  195.20.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:54:5f:a7:c0:d6:a1:8c:a5:35:5a:20:fd:41:2a:fd:df:26:
         d6:b3:c9:64:66:7a:a3:44:18:a5:d5:93:97:6d:88:bf:cc:0d:
         74:a0:43:65:4e:9e:72:88:5f:9c:62:3e:b1:e9:30:f9:2c:b0:
         67:72:7b:08:7b:40:61:9e:0d:d2:06:64:a2:0e:f8:bc:47:4c:
         c3:fd:d2:bb:2a:78:8d:75:4c:d0:5b:35:81:75:7e:24:c0:1e:
         fa:59:02:2f:bc:a8:41:a5:1a:0b:24:cb:a9:d4:c5:5d:03:a7:
         e3:cd:27:65:59:66:10:91:d7:43:3c:a2:eb:f2:17:24:cf:14:
         5e:03:48:c3:6a:6d:74:b8:09:6e:3e:46:75:ba:09:ab:67:49:
         09:c2:ab:63:1f:f4:38:c3:fd:56:bd:fa:f2:be:d2:9c:5f:38:
         24:d9:36:a9:0e:a9:de:2f:89:52:6c:92:1f:9a:7d:1f:0f:f1:
         29:4d:c0:47:90:0f:60:f7:f1:04:bf:99:d0:70:ff:6a:f6:ef:
         26:08:6e:e3:1e:6e:bd:66:ea:b9:ca:0e:b3:df:dc:b6:a8:ab:
         69:fc:84:17:f4:e6:9f:8f:f6:83:85:61:2f:d0:da:90:55:60:
         af:fe:56:78:46:0f:33:ad:b1:04:db:01:bd:ed:68:a6:cb:0b:
         8c:15:07:c5
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZQl/e2Ihv2NHb7Sj1BzJ96tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTgwOTMzNTRlNTY1YWM0ODM4YTUxZjQ3ZDI3Njk3NjljNjY5NDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnsbBv8+0hgO7PAoj5QGFKeq3yVd
4YagY9oAw1g4iyGJTTLsUEI+M3in6acq3igd1Ncu8YZ3TA/SrZ2oa+JMf2Nuin2S
mqr5RwdxKA1PM8kO8gfPSHN8n8cQBge3/g1zcpX/q+6hyhZZG71inJLxluxnztNo
/K1YICknleRnM4E8n2HlzvO85Hm4AqCk7m90h+QuKB3TmaX9fQ8ZtbFg7IcCpeyH
DK4xo8pv8xCFaRb5W5goKcYjQqaHkbMWHyMl45BfqE6BehRm3SergPdSqtUqMRYJ
sQDC2zZVc47MYSUhRZiC4PK6SeOvpSz2pPB4+kmVYyg3pR/IdiwCDtUjYQIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFKqAkzVOVlrEg4pR9H0naXacZpROMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJhL2VlOWRk
Yy1hY2QwLTQ4MWQtOGMwYi03ODhiNDZlMTA0OTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEvZWU5ZGRj
LWFjZDAtNDgxZC04YzBiLTc4OGI0NmUxMDQ5Ny8xL3FvQ1ROVTVXV3NTRGlsSDBm
U2RwZHB4bWxFNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUF
BwEHAQH/BBwwGjAYBAIAATASAwQAW8ErAwQAwaOqAwQAwxQQMA0GCSqGSIb3DQEB
CwUAA4IBAQAIVF+nwNahjKU1WiD9QSr93ybWs8lkZnqjRBil1ZOXbYi/zA10oENl
Tp5yiF+cYj6x6TD5LLBncnsIe0Bhng3SBmSiDvi8R0zD/dK7KniNdUzQWzWBdX4k
wB76WQIvvKhBpRoLJMup1MVdA6fjzSdlWWYQkddDPKLr8hckzxReA0jDam10uAlu
PkZ1ugmrZ0kJwqtjH/Q4w/1WvfryvtKcXzgk2TapDqneL4lSbJIfmn0fD/EpTcBH
kA9g9/EEv5nQcP9q9u8mCG7jHm69Zuq5yg6z39y2qKtp/IQX9Oafj/aDhWEv0NqQ
VWCv/lZ4Rg8zrbEE2wG97WimywuMFQfF
-----END CERTIFICATE-----