Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0vcAvspCZT5kq0NaLwpPPZpQFLA.cer
File:                     0vcAvspCZT5kq0NaLwpPPZpQFLA.cer (raw, json)
Hash identifier:          0anxZJJScjTfy8FeSU981cWCa92otFPbiLy1+pwYF8w=
Subject key identifier:   D2:F7:00:BE:CA:42:65:3E:64:AB:43:5A:2F:0A:4F:3D:9A:50:14:B0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019428231E85162B4E4EB7E6BEF0A72B2394
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/91/07512a-12c8-4895-b32f-75c7ba1c073f/1/0vcAvspCZT5kq0NaLwpPPZpQFLA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/91/07512a-12c8-4895-b32f-75c7ba1c073f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 17:49:37 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208004
                          IP: 45.86.236.0/22
                          IP: 91.237.34.0/23
                          IP: 176.111.192.0 -- 176.111.205.255
                          IP: 185.195.208.0/22
                          IP: 193.57.98.0/23
                          IP: 193.57.142.0/23
                          IP: 2a0e:ea80::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:1e:85:16:2b:4e:4e:b7:e6:be:f0:a7:2b:23:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 17:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2f700beca42653e64ab435a2f0a4f3d9a5014b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e5:18:9f:af:b9:23:6a:bd:0f:cf:6e:50:cb:
                    a6:8f:56:97:f8:0d:87:c8:72:af:e4:4c:fd:99:b7:
                    02:bd:b8:65:d1:f8:07:26:6f:d9:7a:0a:72:3d:8c:
                    ad:6b:95:d4:67:f1:80:ce:23:8f:fe:1a:65:cd:0b:
                    0c:cb:d3:da:cd:32:21:12:76:e9:46:4d:26:a2:95:
                    ee:90:cc:62:4b:c0:30:a7:1a:b8:d1:ab:7e:da:80:
                    ae:7f:8f:94:e7:e1:92:5e:43:05:38:4e:2a:10:2b:
                    04:19:96:c5:31:9c:b9:0a:d4:5c:34:de:be:4e:4e:
                    46:66:58:ab:bd:82:9c:93:0e:f4:ac:3e:e9:1f:af:
                    a7:63:d6:d2:a5:4b:48:c6:9d:fe:b9:45:25:2a:d3:
                    51:76:16:19:81:b8:37:85:4c:79:12:88:4f:f2:43:
                    aa:d1:a1:a3:6f:dc:3d:ed:56:da:d8:8d:49:a9:59:
                    ae:87:ba:1c:77:95:85:2a:43:69:a2:b2:f3:aa:fc:
                    f6:cf:97:22:2c:c0:e3:40:93:0d:28:0c:1d:99:12:
                    90:bc:a8:a6:f4:3e:91:6a:ce:56:1f:10:b4:21:76:
                    53:f7:f6:20:bd:b7:0d:08:10:76:e9:a6:e6:06:8f:
                    ba:b5:20:e4:75:ab:11:33:e1:a6:06:a7:41:3c:0b:
                    47:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:F7:00:BE:CA:42:65:3E:64:AB:43:5A:2F:0A:4F:3D:9A:50:14:B0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/07512a-12c8-4895-b32f-75c7ba1c073f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/07512a-12c8-4895-b32f-75c7ba1c073f/1/0vcAvspCZT5kq0NaLwpPPZpQFLA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.236.0/22
                  91.237.34.0/23
                  176.111.192.0-176.111.205.255
                  185.195.208.0/22
                  193.57.98.0/23
                  193.57.142.0/23
                IPv6:
                  2a0e:ea80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208004

    Signature Algorithm: sha256WithRSAEncryption
         a1:9e:87:c5:8a:30:69:d4:5e:fd:a5:5f:5b:94:bc:71:d3:d7:
         2a:3a:1b:76:d6:06:fd:c8:07:9b:9a:79:82:98:5f:76:7a:79:
         06:80:bb:d5:ff:07:f3:48:aa:9b:00:6c:10:15:37:0c:9a:71:
         b2:2b:3f:22:64:be:9e:eb:18:9e:c9:3a:22:96:a3:69:71:d5:
         3e:8d:4b:c1:98:f4:0c:62:bc:01:43:76:a1:10:24:50:e1:04:
         70:50:b6:14:12:d9:7c:05:04:07:f9:f1:4a:84:f2:44:d4:9c:
         16:1a:b3:f3:45:1b:18:0f:69:29:21:b8:f0:e5:6c:bb:92:49:
         75:3d:9b:f6:bc:86:f3:b2:6c:33:47:1b:36:13:f1:5e:4a:54:
         3b:89:18:6c:37:25:d5:34:4a:40:b1:b6:43:09:0b:51:bc:d6:
         60:b0:42:a0:3e:9c:6c:ce:07:3d:9d:b0:b8:a5:b5:97:f6:1c:
         72:13:03:00:26:48:95:ef:0a:03:b7:bc:31:7a:5b:a5:9f:0f:
         c8:a7:d5:96:42:f3:17:da:e9:4f:df:72:07:ea:e1:f1:fc:4d:
         bc:ab:0a:ac:2e:44:81:cc:bd:cd:f4:3b:ab:3c:78:f7:4f:79:
         59:8d:3b:5b:4b:d5:78:97:83:a2:75:d0:34:31:30:3c:0e:16:
         e5:74:ec:fd
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgISAZQoIx6FFitOTrfmvvCnKyOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmY3MDBiZWNhNDI2NTNlNjRhYjQzNWEyZjBhNGYzZDlhNTAxNGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+UYn6+5I2q9D89uUMumj1aX+A2H
yHKv5Ez9mbcCvbhl0fgHJm/ZegpyPYyta5XUZ/GAziOP/hplzQsMy9PazTIhEnbp
Rk0mopXukMxiS8Awpxq40at+2oCuf4+U5+GSXkMFOE4qECsEGZbFMZy5CtRcNN6+
Tk5GZlirvYKckw70rD7pH6+nY9bSpUtIxp3+uUUlKtNRdhYZgbg3hUx5EohP8kOq
0aGjb9w97Vba2I1JqVmuh7ocd5WFKkNporLzqvz2z5ciLMDjQJMNKAwdmRKQvKim
9D6Ras5WHxC0IXZT9/YgvbcNCBB26abmBo+6tSDkdasRM+GmBqdBPAtHfQIDAQAB
o4IC1TCCAtEwHQYDVR0OBBYEFNL3AL7KQmU+ZKtDWi8KTz2aUBSwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkxLzA3NTEy
YS0xMmM4LTQ4OTUtYjMyZi03NWM3YmExYzA3M2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEvMDc1MTJh
LTEyYzgtNDg5NS1iMzJmLTc1YzdiYTFjMDczZi8xLzB2Y0F2c3BDWlQ1a3EwTmFM
d3BQUFpwUUZMQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFQGCCsGAQUF
BwEHAQH/BEUwQzAyBAIAATAsAwQCLVbsAwQBW+0iMAwDBAawb8ADBAGwb8wDBAK5
w9ADBAHBOWIDBAHBOY4wDQQCAAIwBwMFAyoO6oAwGgYIKwYBBQUHAQgBAf8ECzAJ
oAcwBQIDAyyEMA0GCSqGSIb3DQEBCwUAA4IBAQChnofFijBp1F79pV9blLxx09cq
Oht21gb9yAebmnmCmF92enkGgLvV/wfzSKqbAGwQFTcMmnGyKz8iZL6e6xieyToi
lqNpcdU+jUvBmPQMYrwBQ3ahECRQ4QRwULYUEtl8BQQH+fFKhPJE1JwWGrPzRRsY
D2kpIbjw5Wy7kkl1PZv2vIbzsmwzRxs2E/FeSlQ7iRhsNyXVNEpAsbZDCQtRvNZg
sEKgPpxszgc9nbC4pbWX9hxyEwMAJkiV7woDt7wxelulnw/Ip9WWQvMX2ulP33IH
6uHx/E28qwqsLkSBzL3N9DurPHj3T3lZjTtbS9V4l4OiddA0MTA8DhbldOz9
-----END CERTIFICATE-----