Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3tNT4vXTGMNIdyqP8QWqcHGeQTU.cer
File:                     3tNT4vXTGMNIdyqP8QWqcHGeQTU.cer (raw, json)
Hash identifier:          v7oSDTM60WtxQBQJnCpB2of+mzNCbPnbWx1hpFCM3t4=
Subject key identifier:   DE:D3:53:E2:F5:D3:18:C3:48:77:2A:8F:F1:05:AA:70:71:9E:41:35
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B2175C673BD0368CEB9D5133D6E8CD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/3tNT4vXTGMNIdyqP8QWqcHGeQTU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:27 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 79.170.64.0/21
                          IP: 87.237.80.0/21
                          IP: 185.186.200.0/22
                          IP: 2001:1a58::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:17:5c:67:3b:d0:36:8c:eb:9d:51:33:d6:e8:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ded353e2f5d318c348772a8ff105aa70719e4135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:96:6f:d9:b1:9f:0d:a4:cf:9b:e1:7c:71:2d:
                    ef:de:a2:4a:75:24:97:32:44:49:57:4d:f1:72:1e:
                    ae:3c:aa:3a:c8:82:d2:1c:fb:d4:3d:cf:18:35:18:
                    21:76:43:11:4b:2c:f4:ec:22:01:e3:7a:91:30:6e:
                    ab:e7:dc:b3:35:86:44:ff:be:61:5c:9d:80:1a:84:
                    51:07:e8:51:dd:c0:d3:28:5e:07:45:7b:55:8b:4a:
                    85:bd:99:a1:39:1b:0c:59:b0:c7:0e:b1:94:ee:bd:
                    b6:58:77:a8:87:bb:c8:92:7f:3e:07:6a:7e:70:e8:
                    d5:70:83:1d:6b:b2:1a:57:95:bf:11:9f:ee:1c:f1:
                    fe:50:98:91:7c:15:e1:5d:8d:e2:0e:62:38:3d:44:
                    f7:06:e1:e3:40:5c:be:6a:b0:43:d1:21:e3:bf:9a:
                    5c:34:ef:ce:7d:ef:7d:95:3c:2c:8b:cb:d4:b7:9e:
                    fe:3a:b0:35:58:9d:fa:46:9a:2d:29:b6:71:cd:43:
                    83:7a:ab:60:f9:89:2a:0e:36:df:1f:fa:a7:40:16:
                    34:50:bf:d4:c7:e5:9f:88:6e:49:fd:4b:bb:0a:55:
                    e0:fc:53:a5:d3:e9:4b:cd:e0:d0:4d:e8:35:e0:88:
                    9f:57:a3:6b:53:f2:85:9a:f3:33:a9:fb:76:5d:1c:
                    db:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:D3:53:E2:F5:D3:18:C3:48:77:2A:8F:F1:05:AA:70:71:9E:41:35
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/3tNT4vXTGMNIdyqP8QWqcHGeQTU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.170.64.0/21
                  87.237.80.0/21
                  185.186.200.0/22
                IPv6:
                  2001:1a58::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:1b:6e:fa:a3:f4:d9:68:0f:38:1e:5c:f9:77:a5:67:45:18:
         70:65:54:68:d9:bf:56:14:32:7b:f2:42:54:55:55:fe:28:36:
         3f:59:51:16:95:7b:62:93:49:73:05:94:3e:ee:1d:ef:79:1d:
         d8:81:ac:49:52:31:8f:6c:4d:32:9d:ae:fb:9b:4a:77:20:d5:
         16:d4:9a:99:00:26:5e:5d:2c:83:da:5a:24:f1:79:a6:43:2a:
         95:6b:e3:bf:ff:98:b5:b9:8d:1d:96:f0:34:f1:86:11:6b:6b:
         6e:8b:b5:b0:63:a7:1d:a9:f7:85:ea:e6:eb:8b:2f:aa:fc:4b:
         2a:98:d1:4f:44:13:63:5f:38:b4:4b:4c:18:a6:97:34:0c:75:
         74:e7:d8:7a:ab:b5:e8:ed:44:ae:67:3f:2c:bc:7d:1d:0a:26:
         ab:a2:16:30:e9:8f:9a:b2:6b:7f:d5:63:24:82:0b:f8:65:ed:
         c2:35:f8:e9:e5:24:4b:d8:3b:2e:53:25:88:b1:03:fb:6e:e2:
         d7:11:8c:7c:f7:a8:df:d8:7b:7f:c5:54:a7:fb:49:1a:f3:1d:
         63:ff:c8:ae:56:0d:0e:83:20:0d:09:d1:8f:9a:59:18:e8:84:
         3e:cc:6d:10:99:fe:1b:de:9a:db:df:39:b4:cf:1b:65:1f:93:
         e5:f0:c6:ae
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQhshdcZzvQNozrnVEz1ujNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWQzNTNlMmY1ZDMxOGMzNDg3NzJhOGZmMTA1YWE3MDcxOWU0MTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6pZv2bGfDaTPm+F8cS3v3qJKdSSX
MkRJV03xch6uPKo6yILSHPvUPc8YNRghdkMRSyz07CIB43qRMG6r59yzNYZE/75h
XJ2AGoRRB+hR3cDTKF4HRXtVi0qFvZmhORsMWbDHDrGU7r22WHeoh7vIkn8+B2p+
cOjVcIMda7IaV5W/EZ/uHPH+UJiRfBXhXY3iDmI4PUT3BuHjQFy+arBD0SHjv5pc
NO/Ofe99lTwsi8vUt57+OrA1WJ36RpotKbZxzUODeqtg+YkqDjbfH/qnQBY0UL/U
x+WfiG5J/Uu7ClXg/FOl0+lLzeDQTeg14IifV6NrU/KFmvMzqft2XRzbTwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFN7TU+L10xjDSHcqj/EFqnBxnkE1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg2L2NiYWNj
ZS1lZmJmLTRmMzItOGQ4OC00ZTg1ZGFiZDY0NzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvY2JhY2Nl
LWVmYmYtNGYzMi04ZDg4LTRlODVkYWJkNjQ3NC8xLzN0TlQ0dlhUR01OSWR5cVA4
UVdxY0hHZVFUVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQDT6pAAwQDV+1QAwQCubrIMA0EAgACMAcDBQAg
ARpYMA0GCSqGSIb3DQEBCwUAA4IBAQApG276o/TZaA84Hlz5d6VnRRhwZVRo2b9W
FDJ78kJUVVX+KDY/WVEWlXtik0lzBZQ+7h3veR3YgaxJUjGPbE0yna77m0p3INUW
1JqZACZeXSyD2lok8XmmQyqVa+O//5i1uY0dlvA08YYRa2tui7WwY6cdqfeF6ubr
iy+q/EsqmNFPRBNjXzi0S0wYppc0DHV059h6q7Xo7USuZz8svH0dCiarohYw6Y+a
smt/1WMkggv4Ze3CNfjp5SRL2DsuUyWIsQP7buLXEYx896jf2Ht/xVSn+0ka8x1j
/8iuVg0OgyANCdGPmlkY6IQ+zG0Qmf4b3prb3zm0zxtlH5Pl8Mau
-----END CERTIFICATE-----