Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f4MwxQ_mcXlWDaj_2wLZvwgxNU.cer
File:                     2f4MwxQ_mcXlWDaj_2wLZvwgxNU.cer (raw, json)
Hash identifier:          1PgXMgSaGuVFXOczPxOyq2TEhbLAnE8bi3rxuS+JTgE=
Subject key identifier:   D9:FE:0C:C3:14:3F:99:C5:E5:58:36:A3:FF:6C:0B:66:FC:20:C4:D5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D614571B85314D0E8C7F31A23A651B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e6/c40db5-8c7b-40b2-b140-26319496d7de/1/2f4MwxQ_mcXlWDaj_2wLZvwgxNU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e6/c40db5-8c7b-40b2-b140-26319496d7de/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:08 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.47.165.0/24
                          IP: 193.168.130.0/24
                          IP: 193.176.233.0/24
                          IP: 194.104.225.0/24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:14:57:1b:85:31:4d:0e:8c:7f:31:a2:3a:65:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9fe0cc3143f99c5e55836a3ff6c0b66fc20c4d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4b:e3:31:e5:b7:d9:f9:4e:fb:c1:e1:07:13:
                    94:16:08:0c:c4:db:d0:61:80:50:7b:f9:2a:4f:67:
                    88:47:3c:bf:82:5e:42:45:74:75:38:b9:16:71:e4:
                    88:05:d7:3b:60:ae:da:46:7b:a9:cd:b9:b4:a8:8f:
                    8b:3f:65:40:7b:aa:96:dc:e9:07:e1:8d:ba:8c:1a:
                    8d:50:d5:19:f0:56:08:cc:c0:b0:06:59:00:e8:7a:
                    9d:78:48:0e:4d:66:95:14:54:ab:e5:d1:b5:c6:a7:
                    ac:07:b3:30:a2:d5:2a:ca:f2:c2:2d:ce:8c:99:d9:
                    1b:fa:b5:a8:28:53:bc:b9:1c:ae:81:bd:b5:24:72:
                    47:4a:5d:f2:fa:05:18:f9:9c:73:77:f0:a9:59:e5:
                    2a:fb:37:87:dd:18:66:14:0d:30:b3:13:01:16:57:
                    1f:a6:7d:04:2a:a2:2f:c9:be:39:ee:ee:0d:62:66:
                    b1:0a:bf:c8:a0:d7:27:e8:34:73:a3:1b:1d:76:cd:
                    b2:3f:ac:63:13:a7:67:b4:4b:c0:d2:12:48:96:47:
                    bb:7b:bf:57:d8:92:71:66:ae:71:fc:d7:59:4b:d1:
                    42:14:2b:71:81:fb:2e:05:14:9a:29:8d:d7:3d:9a:
                    fe:05:28:5a:4f:44:8b:f1:40:cb:ab:8f:c2:83:3a:
                    d4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:FE:0C:C3:14:3F:99:C5:E5:58:36:A3:FF:6C:0B:66:FC:20:C4:D5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/c40db5-8c7b-40b2-b140-26319496d7de/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/c40db5-8c7b-40b2-b140-26319496d7de/1/2f4MwxQ_mcXlWDaj_2wLZvwgxNU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.165.0/24
                  193.168.130.0/24
                  193.176.233.0/24
                  194.104.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:ea:b1:19:e1:c6:49:7e:a7:04:93:3a:19:b0:60:5d:45:ea:
         4c:e6:67:bf:67:70:c9:dc:29:57:e9:59:e5:92:b2:24:ae:04:
         ec:67:13:c7:65:c8:eb:84:72:96:7f:06:26:09:d6:f7:bb:91:
         c9:0f:96:6a:d4:4b:39:61:c2:13:57:00:b8:63:66:ac:7b:36:
         11:87:2f:27:91:40:55:42:bd:08:9f:34:a0:70:d0:bb:a9:ae:
         3a:92:36:61:c8:84:d7:6b:49:cd:0f:0f:4d:e6:da:59:03:74:
         2a:fe:32:14:da:fe:21:03:54:db:91:51:70:b2:7b:c5:99:17:
         22:23:c4:0a:c7:13:fd:9d:94:b7:00:97:14:30:5b:9f:ed:e1:
         9c:bb:4a:71:b2:be:8d:6e:13:69:2a:5d:81:0f:a3:3c:64:30:
         e9:c7:7e:ec:21:77:36:59:09:65:bf:f7:87:1c:88:7d:7f:4c:
         ff:28:34:66:1b:25:56:d8:2d:1d:9f:6c:5c:13:42:6e:eb:c9:
         ca:16:fe:19:e9:a6:7f:2a:73:f3:d9:16:e5:3a:c5:5d:10:3a:
         11:04:a6:86:4e:7d:75:ec:93:9a:f9:b9:5c:e4:d4:6e:a8:bf:
         c5:c3:66:d2:ed:49:c6:f8:af:f9:b2:45:55:1f:86:37:a1:a1:
         2f:ed:eb:47
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAZQg1hRXG4UxTQ6MfzGiOmUbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWZlMGNjMzE0M2Y5OWM1ZTU1ODM2YTNmZjZjMGI2NmZjMjBjNGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskvjMeW32flO+8HhBxOUFggMxNvQ
YYBQe/kqT2eIRzy/gl5CRXR1OLkWceSIBdc7YK7aRnupzbm0qI+LP2VAe6qW3OkH
4Y26jBqNUNUZ8FYIzMCwBlkA6HqdeEgOTWaVFFSr5dG1xqesB7MwotUqyvLCLc6M
mdkb+rWoKFO8uRyugb21JHJHSl3y+gUY+Zxzd/CpWeUq+zeH3RhmFA0wsxMBFlcf
pn0EKqIvyb457u4NYmaxCr/IoNcn6DRzoxsdds2yP6xjE6dntEvA0hJIlke7e79X
2JJxZq5x/NdZS9FCFCtxgfsuBRSaKY3XPZr+BShaT0SL8UDLq4/CgzrUjwIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFNn+DMMUP5nF5Vg2o/9sC2b8IMTVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U2L2M0MGRi
NS04YzdiLTQwYjItYjE0MC0yNjMxOTQ5NmQ3ZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYvYzQwZGI1
LThjN2ItNDBiMi1iMTQwLTI2MzE5NDk2ZDdkZS8xLzJmNE13eFFfbWNYbFdEYWpf
MndMWnZ3Z3hOVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEGCCsGAQUF
BwEHAQH/BCIwIDAeBAIAATAYAwQAuS+lAwQAwaiCAwQAwbDpAwQAwmjhMA0GCSqG
SIb3DQEBCwUAA4IBAQBH6rEZ4cZJfqcEkzoZsGBdRepM5me/Z3DJ3ClX6VnlkrIk
rgTsZxPHZcjrhHKWfwYmCdb3u5HJD5Zq1Es5YcITVwC4Y2asezYRhy8nkUBVQr0I
nzSgcNC7qa46kjZhyITXa0nNDw9N5tpZA3Qq/jIU2v4hA1TbkVFwsnvFmRciI8QK
xxP9nZS3AJcUMFuf7eGcu0pxsr6NbhNpKl2BD6M8ZDDpx37sIXc2WQllv/eHHIh9
f0z/KDRmGyVW2C0dn2xcE0Ju68nKFv4Z6aZ/KnPz2RblOsVdEDoRBKaGTn117JOa
+blc5NRuqL/Fw2bS7UnG+K/5skVVH4Y3oaEv7etH
-----END CERTIFICATE-----