Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/uytI9kNYARx4QtPOxcstRwaLg20.cer
File:                     uytI9kNYARx4QtPOxcstRwaLg20.cer (raw, json)
Hash identifier:          5ypnzNdXYdI8kJ0ZV133gCvD09KELv5/PLy5WS3bDsg=
Subject key identifier:   BB:2B:48:F6:43:58:01:1C:78:42:D3:CE:C5:CB:2D:47:06:8B:83:6D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5CD971F573126822EBDE4B16A7D17
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/uytI9kNYARx4QtPOxcstRwaLg20.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:50 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 12824
                          AS: 215484
                          IP: 46.41.128.0/18
                          IP: 46.242.128.0/17
                          IP: 62.129.192.0/18
                          IP: 79.96.0.0/16
                          IP: 89.161.128.0/17
                          IP: 188.128.128.0/17
                          IP: 212.85.96.0/19
                          IP: 2a02:25a8::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:cd:97:1f:57:31:26:82:2e:bd:e4:b1:6a:7d:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb2b48f64358011c7842d3cec5cb2d47068b836d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4c:b6:8c:e6:9c:44:d1:b5:08:ea:34:b2:c9:
                    cc:57:01:71:93:75:4d:dc:5c:0c:fd:9d:73:b0:65:
                    dc:36:e2:e1:cc:63:ea:82:74:95:9c:ec:f9:05:b1:
                    bb:b8:2e:a4:52:6d:53:99:b5:ab:52:b4:70:3b:95:
                    67:76:85:1d:05:b2:c6:9f:15:43:76:49:f8:e0:3b:
                    91:27:ca:9f:ce:c2:79:be:87:a7:b7:19:89:1c:6f:
                    eb:af:54:0f:41:85:22:18:83:a2:f9:ba:37:32:79:
                    0b:79:bb:d2:61:4c:f8:42:5e:de:b8:96:27:d6:cf:
                    8b:7b:d3:c5:81:46:02:98:17:47:78:8f:f6:2f:d8:
                    8e:a0:fb:95:2d:b7:7f:52:21:5b:7f:b9:65:d1:98:
                    1f:3f:63:07:31:79:79:ba:e4:c6:77:54:85:7c:a0:
                    c2:e3:21:96:04:3a:b5:83:bf:e4:e8:de:92:28:84:
                    31:ba:70:93:b0:69:c7:f1:27:a3:cc:21:9b:ae:d8:
                    a6:7a:a6:f7:e1:9d:9c:8a:f6:63:23:6d:41:03:0f:
                    fa:e6:d1:d4:c9:66:44:0a:82:d2:4b:39:25:31:f3:
                    9d:8d:75:75:8f:3f:73:a0:74:7f:c1:bb:d4:44:e0:
                    c6:dd:f5:27:6b:28:de:d7:95:dd:3e:6d:e9:55:8e:
                    fd:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:2B:48:F6:43:58:01:1C:78:42:D3:CE:C5:CB:2D:47:06:8B:83:6D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/uytI9kNYARx4QtPOxcstRwaLg20.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.41.128.0/18
                  46.242.128.0/17
                  62.129.192.0/18
                  79.96.0.0/16
                  89.161.128.0/17
                  188.128.128.0/17
                  212.85.96.0/19
                IPv6:
                  2a02:25a8::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  12824
                  215484

    Signature Algorithm: sha256WithRSAEncryption
         18:d3:6a:e4:db:52:06:3c:06:19:a3:ea:c7:a8:c8:ba:c5:1d:
         c6:b3:2f:01:c3:ba:c1:a4:e8:d7:0f:5b:74:e9:ff:be:ff:e5:
         16:b4:38:5e:c2:5c:12:d6:6f:c1:07:d6:30:d2:3a:c8:93:44:
         f9:76:9c:88:51:14:ce:82:af:98:74:6e:f3:a2:3b:69:40:29:
         8b:0c:a5:bb:bd:5d:17:61:ea:bb:49:0e:3f:00:33:0c:7e:a8:
         e8:f1:1a:f4:e7:e6:ec:79:a2:39:bb:70:42:c2:db:97:98:51:
         37:02:ef:7d:49:76:15:31:e5:fd:49:a5:a0:fe:48:f4:fd:6b:
         07:45:74:a9:be:48:d4:b0:26:8a:0f:96:ae:c3:75:c4:b6:8f:
         7c:22:74:c9:ef:83:69:f8:49:2d:0c:7b:55:39:e5:2e:be:d6:
         68:d2:ec:0a:3c:fb:4c:e4:a3:0d:0d:75:a8:1b:9b:7e:db:d4:
         56:9c:06:23:2c:b6:b4:8a:37:3b:92:2c:29:2b:d4:75:64:b9:
         7e:2e:50:45:e1:1a:3e:93:70:32:5d:6d:28:d4:6c:fd:63:c4:
         c4:b1:b7:3b:84:4b:70:69:54:d5:1c:92:5e:35:18:72:b6:46:
         74:70:71:f9:94:68:12:dc:c3:f3:05:da:e1:96:8b:72:fe:a1:
         0d:4c:91:d1
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAZQg1c2XH1cxJoIuveSxan0XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjJiNDhmNjQzNTgwMTFjNzg0MmQzY2VjNWNiMmQ0NzA2OGI4MzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0y2jOacRNG1COo0ssnMVwFxk3VN
3FwM/Z1zsGXcNuLhzGPqgnSVnOz5BbG7uC6kUm1TmbWrUrRwO5VndoUdBbLGnxVD
dkn44DuRJ8qfzsJ5voentxmJHG/rr1QPQYUiGIOi+bo3MnkLebvSYUz4Ql7euJYn
1s+Le9PFgUYCmBdHeI/2L9iOoPuVLbd/UiFbf7ll0ZgfP2MHMXl5uuTGd1SFfKDC
4yGWBDq1g7/k6N6SKIQxunCTsGnH8SejzCGbrtimeqb34Z2civZjI21BAw/65tHU
yWZECoLSSzklMfOdjXV1jz9zoHR/wbvURODG3fUnayje15XdPm3pVY79kQIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFLsrSPZDWAEceELTzsXLLUcGi4NtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ViL2Y2NmI2
Yi1jZGRlLTQwY2ItYTE4Mi1jNTIyOTg2M2FlYmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvZjY2YjZi
LWNkZGUtNDBjYi1hMTgyLWM1MjI5ODYzYWViYS8xL3V5dEk5a05ZQVJ4NFF0UE94
Y3N0UndhTGcyMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFEGCCsGAQUF
BwEHAQH/BEIwQDAvBAIAATApAwQGLimAAwQHLvKAAwQGPoHAAwMAT2ADBAdZoYAD
BAe8gIADBAXUVWAwDQQCAAIwBwMFAyoCJagwHgYIKwYBBQUHAQgBAf8EDzANoAsw
CQICMhgCAwNJvDANBgkqhkiG9w0BAQsFAAOCAQEAGNNq5NtSBjwGGaPqx6jIusUd
xrMvAcO6waTo1w9bdOn/vv/lFrQ4XsJcEtZvwQfWMNI6yJNE+XaciFEUzoKvmHRu
86I7aUApiwylu71dF2Hqu0kOPwAzDH6o6PEa9Ofm7HmiObtwQsLbl5hRNwLvfUl2
FTHl/UmloP5I9P1rB0V0qb5I1LAmig+WrsN1xLaPfCJ0ye+DafhJLQx7VTnlLr7W
aNLsCjz7TOSjDQ11qBubftvUVpwGIyy2tIo3O5IsKSvUdWS5fi5QReEaPpNwMl1t
KNRs/WPExLG3O4RLcGlU1RySXjUYcrZGdHBx+ZRoEtzD8wXa4ZaLcv6hDUyR0Q==
-----END CERTIFICATE-----