Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer
File:                     ybIylYCXtYY-r9BHuzFRceqgH7c.cer (raw, json)
Hash identifier:          vx2K4+SKd/VYZKpV6EwFjj7pBOjQvMKRy5ee9a2VKH0=
Subject key identifier:   C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228E07D914017738E069420063682B80
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:41 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 25409
                          IP: 31.47.208.0/21
                          IP: 31.220.128.0/21
                          IP: 93.190.144.0/21
                          IP: 95.128.168.0/21
                          IP: 178.255.32.0/21
                          IP: 195.234.188.0/24
                          IP: 2a00:ff0::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:07:d9:14:01:77:38:e0:69:42:00:63:68:2b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9b232958097b5863eafd047bb315171eaa01fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:84:79:0e:2a:5a:e5:57:0d:ac:00:78:aa:6e:
                    64:5f:58:e0:b4:51:87:d1:ef:69:b4:84:e6:f0:c0:
                    e8:43:3c:a0:d1:b9:db:38:eb:1a:bb:d2:9e:7d:c5:
                    aa:5c:88:1f:14:ee:f8:4f:c2:4d:6f:26:32:aa:88:
                    ba:a3:be:b7:e7:a6:fd:cc:a5:f2:44:34:1e:c7:ad:
                    d4:72:b9:32:2a:c5:6f:02:aa:a6:7c:a7:56:fd:5f:
                    95:c8:86:63:0c:2f:4c:47:b2:4e:44:d5:93:70:76:
                    79:61:17:d7:92:20:b7:ac:c6:cd:64:a5:a9:c7:3d:
                    95:a4:9b:60:3a:07:6b:48:5e:a4:b8:b6:66:90:d9:
                    b9:83:8f:7d:57:2e:57:95:52:3e:de:4e:c0:53:11:
                    bd:42:74:39:17:3e:62:eb:12:2c:6e:04:56:f8:52:
                    72:8b:91:cf:4e:7d:df:03:85:f5:42:22:e8:f3:17:
                    7a:f7:6e:47:39:ed:55:1b:b6:8c:c3:7c:3b:af:bf:
                    08:4b:ed:d5:3d:d1:77:08:6a:e1:7d:f4:da:23:a7:
                    56:df:6a:c7:84:2a:ef:ba:9b:62:d3:cc:25:22:fb:
                    ba:ff:6b:1b:a5:57:f3:88:62:c9:a5:f9:e4:32:47:
                    aa:28:2a:31:bb:ce:10:f1:de:cb:1b:6b:b2:a7:66:
                    33:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.47.208.0/21
                  31.220.128.0/21
                  93.190.144.0/21
                  95.128.168.0/21
                  178.255.32.0/21
                  195.234.188.0/24
                IPv6:
                  2a00:ff0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25409

    Signature Algorithm: sha256WithRSAEncryption
         21:03:0c:49:3f:a6:c5:c1:d0:a0:5b:9d:c1:dd:3b:05:1e:1c:
         97:82:83:ed:38:f1:8c:8c:15:a1:14:e9:52:18:66:20:7b:08:
         e6:20:35:a6:04:df:b1:6a:ac:c0:73:32:05:67:d2:85:88:bb:
         1e:2f:1d:14:8d:87:7b:c7:42:00:3c:8f:67:9b:17:ab:56:6b:
         b6:70:2c:1d:81:c8:dc:66:01:29:e6:47:c4:e4:5d:35:12:85:
         8c:7a:57:8b:70:e5:53:36:87:a2:c3:9d:af:5b:b5:fb:4b:de:
         5d:c9:75:0f:ba:8a:30:0e:d4:57:34:41:ab:dd:30:f3:e9:62:
         55:32:3e:7c:ca:9f:a4:3c:13:44:d5:de:80:f0:70:88:44:8a:
         5f:c3:97:a9:bb:4e:fc:09:6a:6e:ca:79:99:6c:6a:b2:b4:cb:
         45:7d:cd:35:9b:8f:37:d2:4c:37:b0:a2:9b:78:a9:65:71:90:
         08:2c:7c:91:ed:78:3d:d1:59:36:ba:1d:54:38:af:7a:08:88:
         fc:d1:b0:2a:75:3a:66:f9:4a:f4:cd:13:9d:90:87:20:7e:dc:
         a6:95:8a:64:2d:d6:4d:57:1c:2e:37:1f:a0:70:cc:b6:7f:3e:
         42:43:42:e6:f7:bc:5c:97:38:d0:5c:de:6b:b4:7c:07:8e:f0:
         88:42:e0:5b
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAZQijgfZFAF3OOBpQgBjaCuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWIyMzI5NTgwOTdiNTg2M2VhZmQwNDdiYjMxNTE3MWVhYTAxZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IR5Dipa5VcNrAB4qm5kX1jgtFGH
0e9ptITm8MDoQzyg0bnbOOsau9KefcWqXIgfFO74T8JNbyYyqoi6o76356b9zKXy
RDQex63UcrkyKsVvAqqmfKdW/V+VyIZjDC9MR7JORNWTcHZ5YRfXkiC3rMbNZKWp
xz2VpJtgOgdrSF6kuLZmkNm5g499Vy5XlVI+3k7AUxG9QnQ5Fz5i6xIsbgRW+FJy
i5HPTn3fA4X1QiLo8xd6925HOe1VG7aMw3w7r78IS+3VPdF3CGrhffTaI6dW32rH
hCrvupti08wlIvu6/2sbpVfziGLJpfnkMkeqKCoxu84Q8d7LG2uyp2YzAwIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFMmyMpWAl7WGPq/QR7sxUXHqoB+3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RlL2YzNTQz
Mi1jZjk5LTRmMTktYTc2ZS0wN2I3ZmVmMDg1OGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGUvZjM1NDMy
LWNmOTktNGYxOS1hNzZlLTA3YjdmZWYwODU4Zi8xL3liSXlsWUNYdFlZLXI5Qkh1
ekZSY2VxZ0g3Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEwGCCsGAQUF
BwEHAQH/BD0wOzAqBAIAATAkAwQDHy/QAwQDH9yAAwQDXb6QAwQDX4CoAwQDsv8g
AwQAw+q8MA0EAgACMAcDBQAqAA/wMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQCAmNB
MA0GCSqGSIb3DQEBCwUAA4IBAQAhAwxJP6bFwdCgW53B3TsFHhyXgoPtOPGMjBWh
FOlSGGYgewjmIDWmBN+xaqzAczIFZ9KFiLseLx0UjYd7x0IAPI9nmxerVmu2cCwd
gcjcZgEp5kfE5F01EoWMeleLcOVTNoeiw52vW7X7S95dyXUPuoowDtRXNEGr3TDz
6WJVMj58yp+kPBNE1d6A8HCIRIpfw5epu078CWpuynmZbGqytMtFfc01m4830kw3
sKKbeKllcZAILHyR7Xg90Vk2uh1UOK96CIj80bAqdTpm+Ur0zROdkIcgftymlYpk
LdZNVxwuNx+gcMy2fz5CQ0Lm97xclzjQXN5rtHwHjvCIQuBb
-----END CERTIFICATE-----