Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/B8QNcBYPMIZCEpobcq5a5S24g8Q.cer
File:                     B8QNcBYPMIZCEpobcq5a5S24g8Q.cer (raw, json)
Hash identifier:          eN8j9BC4Mh8nKEnJXBaZc2eAkPp3MGI7SOeuhwC6FjM=
Subject key identifier:   07:C4:0D:70:16:0F:30:86:42:12:9A:1B:72:AE:5A:E5:2D:B8:83:C4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B2AA2FAD85849ED5DDFC3BF9F62792
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/82/e116c2-8f82-4cba-b5ae-97dcbb0086e3/1/B8QNcBYPMIZCEpobcq5a5S24g8Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/82/e116c2-8f82-4cba-b5ae-97dcbb0086e3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:47:56 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 48166
                          AS: 59666
                          IP: 5.250.232.0/21
                          IP: 89.22.16.0/20
                          IP: 91.133.0.0/19
                          IP: 91.210.84.0/22
                          IP: 178.213.192.0/21
                          IP: 185.51.208.0/22
                          IP: 185.61.92.0/22
                          IP: 194.9.224.0/20
                          IP: 2a02:7760::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:aa:2f:ad:85:84:9e:d5:dd:fc:3b:f9:f6:27:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07c40d70160f308642129a1b72ae5ae52db883c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8c:6b:e7:46:66:1e:9b:0b:2f:05:1b:f3:b1:
                    6b:99:53:14:f3:a0:72:87:3b:a4:f1:53:a5:d0:96:
                    81:43:ac:20:1d:57:7c:51:f5:4e:a1:97:fe:a9:ec:
                    92:72:ab:4e:d3:e8:31:86:a2:b9:33:32:24:38:fd:
                    51:64:ed:8a:dc:58:c7:ae:45:14:36:40:86:4c:ed:
                    21:30:40:ed:d8:df:64:91:79:7e:6a:83:a3:f0:af:
                    75:cb:5f:8e:44:af:0b:58:1b:4e:f3:d9:15:81:8e:
                    b8:a0:df:0c:83:e0:47:45:5a:9b:95:d2:9f:10:1c:
                    5f:39:b9:61:c6:8f:1b:3e:7f:02:75:d0:8b:cc:23:
                    99:94:30:c1:51:74:6d:a7:9d:52:42:3b:f0:14:cb:
                    df:97:d6:f2:c3:d0:fc:0d:09:43:05:6e:b8:40:e7:
                    f3:60:c3:07:d6:43:2a:fe:75:23:7b:f7:09:14:25:
                    77:76:c6:b9:f6:25:95:a0:57:37:ee:07:d0:8a:ac:
                    6e:46:cc:52:41:96:50:38:2c:36:51:4c:24:3d:83:
                    82:83:7b:33:66:ca:a0:cf:3c:69:3a:00:6f:58:3f:
                    8d:97:79:44:ec:c2:34:82:62:b3:2d:4f:3b:74:ab:
                    b1:38:26:c7:0f:9c:70:ae:9a:50:ff:a4:b6:24:02:
                    ee:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:C4:0D:70:16:0F:30:86:42:12:9A:1B:72:AE:5A:E5:2D:B8:83:C4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e116c2-8f82-4cba-b5ae-97dcbb0086e3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e116c2-8f82-4cba-b5ae-97dcbb0086e3/1/B8QNcBYPMIZCEpobcq5a5S24g8Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.232.0/21
                  89.22.16.0/20
                  91.133.0.0/19
                  91.210.84.0/22
                  178.213.192.0/21
                  185.51.208.0/22
                  185.61.92.0/22
                  194.9.224.0/20
                IPv6:
                  2a02:7760::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48166
                  59666

    Signature Algorithm: sha256WithRSAEncryption
         65:17:12:de:15:93:61:4b:54:f8:33:5d:4c:48:77:63:da:70:
         4f:48:23:59:18:4e:72:4b:af:83:ba:51:f4:1f:fb:24:1c:39:
         53:dc:ee:e1:2a:46:1c:d5:db:8e:c6:54:90:f5:26:b4:77:0f:
         db:db:02:cc:31:80:b7:6c:84:7a:0e:1d:59:2f:ea:41:83:0d:
         28:38:ea:8d:f3:5c:51:ff:09:7a:6e:96:e7:d9:31:5f:4a:c0:
         f1:62:97:ce:46:3e:ec:a4:73:e4:5d:11:d4:9a:54:eb:cf:45:
         ec:1b:60:74:bd:68:99:c5:fb:39:cf:d2:5d:a8:99:4e:81:1c:
         75:23:2d:d7:86:1b:b8:9e:56:8f:94:c3:17:4d:f6:dd:6b:2d:
         c6:27:17:b9:40:1d:ba:2a:d8:f1:a1:d5:59:bf:32:b1:c6:fe:
         e5:98:51:44:e0:d2:15:77:ac:99:4b:ee:df:03:23:9d:c0:c6:
         9a:35:2c:eb:b2:5b:e3:09:28:70:15:12:4b:17:8c:0e:17:9e:
         b5:c1:8c:27:96:2e:75:b4:d0:49:cf:79:b6:3f:01:fa:b9:6f:
         c8:5b:d2:9b:65:9e:07:ca:1d:03:2e:71:4a:b5:43:f9:3b:4b:
         a9:a2:25:56:ba:39:0a:b9:94:10:1d:53:1e:77:e7:c7:8b:32:
         17:2b:bd:54
-----BEGIN CERTIFICATE-----
MIIF0jCCBLqgAwIBAgISAZQksqovrYWEntXd/Dv59ieSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2M0MGQ3MDE2MGYzMDg2NDIxMjlhMWI3MmFlNWFlNTJkYjg4M2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoxr50ZmHpsLLwUb87FrmVMU86By
hzuk8VOl0JaBQ6wgHVd8UfVOoZf+qeyScqtO0+gxhqK5MzIkOP1RZO2K3FjHrkUU
NkCGTO0hMEDt2N9kkXl+aoOj8K91y1+ORK8LWBtO89kVgY64oN8Mg+BHRVqbldKf
EBxfOblhxo8bPn8CddCLzCOZlDDBUXRtp51SQjvwFMvfl9byw9D8DQlDBW64QOfz
YMMH1kMq/nUje/cJFCV3dsa59iWVoFc37gfQiqxuRsxSQZZQOCw2UUwkPYOCg3sz
ZsqgzzxpOgBvWD+Nl3lE7MI0gmKzLU87dKuxOCbHD5xwrppQ/6S2JALu4wIDAQAB
o4IC3jCCAtowHQYDVR0OBBYEFAfEDXAWDzCGQhKaG3KuWuUtuIPEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgyL2UxMTZj
Mi04ZjgyLTRjYmEtYjVhZS05N2RjYmIwMDg2ZTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIvZTExNmMy
LThmODItNGNiYS1iNWFlLTk3ZGNiYjAwODZlMy8xL0I4UU5jQllQTUlaQ0Vwb2Jj
cTVhNVMyNGc4US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFgGCCsGAQUF
BwEHAQH/BEkwRzA2BAIAATAwAwQDBfroAwQEWRYQAwQFW4UAAwQCW9JUAwQDstXA
AwQCuTPQAwQCuT1cAwQEwgngMA0EAgACMAcDBQAqAndgMB8GCCsGAQUFBwEIAQH/
BBAwDqAMMAoCAwC8JgIDAOkSMA0GCSqGSIb3DQEBCwUAA4IBAQBlFxLeFZNhS1T4
M11MSHdj2nBPSCNZGE5yS6+DulH0H/skHDlT3O7hKkYc1duOxlSQ9Sa0dw/b2wLM
MYC3bIR6Dh1ZL+pBgw0oOOqN81xR/wl6bpbn2TFfSsDxYpfORj7spHPkXRHUmlTr
z0XsG2B0vWiZxfs5z9JdqJlOgRx1Iy3Xhhu4nlaPlMMXTfbday3GJxe5QB26Ktjx
odVZvzKxxv7lmFFE4NIVd6yZS+7fAyOdwMaaNSzrslvjCShwFRJLF4wOF561wYwn
li51tNBJz3m2PwH6uW/IW9KbZZ4Hyh0DLnFKtUP5O0upoiVWujkKuZQQHVMed+fH
izIXK71U
-----END CERTIFICATE-----