Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BRYHqGja9IRiRfPIu_nr52mCmtk.cer
File:                     BRYHqGja9IRiRfPIu_nr52mCmtk.cer (raw, json)
Hash identifier:          YW+xdUQdzDt1N1lQQ9SRcCCXREDFsSHRLDZ60DAo5jg=
Subject key identifier:   05:16:07:A8:68:DA:F4:84:62:45:F3:C8:BB:F9:EB:E7:69:82:9A:D9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B63E569FBB89785A11AB77E7DB4650
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/BRYHqGja9IRiRfPIu_nr52mCmtk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:50:42 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 39819
                          IP: 91.207.28.0/23
                          IP: 91.213.233.0/24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:3e:56:9f:bb:89:78:5a:11:ab:77:e7:db:46:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=051607a868daf4846245f3c8bbf9ebe769829ad9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b0:c4:b9:1d:70:78:c1:5b:69:90:c8:76:a1:
                    db:c7:17:50:6f:c5:68:14:64:93:de:c2:16:b2:5a:
                    5f:a6:a1:ff:26:23:03:8a:9c:cd:3e:83:ae:fe:3b:
                    e3:55:d2:a4:15:aa:6f:b2:cc:60:f7:af:2f:5d:70:
                    29:bf:74:f8:fd:65:fe:2f:a8:7f:9f:86:6a:d1:40:
                    84:5b:fe:f0:68:bf:5a:c5:87:18:77:c4:c2:65:11:
                    47:6b:ef:b1:ec:74:2e:65:2d:31:24:4c:d1:b9:86:
                    3d:66:bc:15:80:3f:e5:7a:25:8b:86:b6:b3:ac:1e:
                    d6:5b:21:57:e9:01:cb:3c:c7:20:33:6f:67:1e:b8:
                    0f:82:7b:1c:90:f5:0b:a6:76:05:26:fd:4f:d8:c8:
                    ca:0f:a8:d0:ae:41:f7:1e:89:3c:bf:f6:53:7f:d5:
                    af:f9:e5:f9:07:3e:a6:c8:d6:be:78:e6:a0:75:57:
                    92:73:c7:6c:90:14:ad:e9:20:7b:4d:fd:d3:1b:33:
                    fe:f7:9b:69:56:0f:c1:14:8e:54:38:73:c4:0e:a0:
                    29:ad:fd:ef:f3:d8:d1:48:9a:e5:68:91:ec:4a:7f:
                    5b:df:4d:4c:b4:21:7b:9a:6d:dc:1e:d4:a4:85:71:
                    7a:de:cf:e3:7e:d8:4e:45:6c:8d:88:bb:c2:27:95:
                    98:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:16:07:A8:68:DA:F4:84:62:45:F3:C8:BB:F9:EB:E7:69:82:9A:D9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/BRYHqGja9IRiRfPIu_nr52mCmtk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.28.0/23
                  91.213.233.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39819

    Signature Algorithm: sha256WithRSAEncryption
         51:6a:15:20:52:ab:fd:3e:47:a2:d6:8c:14:f5:bc:1d:d2:f4:
         40:23:97:ab:70:50:04:a5:2c:c1:88:b9:a8:e1:6c:49:51:c8:
         9b:c4:21:57:26:80:6b:9d:d8:f7:67:5e:7a:b8:0a:13:7d:74:
         d6:9b:c0:76:b2:4c:c9:ac:5e:16:e1:78:2f:fe:57:a2:13:2b:
         02:e3:8f:e9:77:72:9f:c1:34:25:38:2e:b1:ca:de:e8:8b:ae:
         de:27:94:a8:50:bd:59:3a:43:27:eb:b3:e3:e6:bf:54:35:11:
         b0:5c:92:dd:f7:96:e1:4c:2f:82:25:ae:bd:5d:f4:92:b5:de:
         a2:f8:fc:70:03:49:e0:05:60:ac:46:d9:3a:14:ef:4f:4a:83:
         9e:b0:20:f2:e1:11:e0:83:53:0e:a4:37:de:03:22:21:eb:f4:
         8c:b3:c9:04:f4:04:8b:e4:8a:8e:1d:0a:5d:d3:86:42:4c:6b:
         ca:40:00:c8:1b:a4:7c:63:d3:46:43:07:0d:7e:76:c6:50:64:
         cb:e1:12:c6:96:be:0e:ac:31:73:2e:f4:1f:0a:d8:1d:3e:38:
         3f:ed:44:9a:7c:68:ef:a3:e1:09:71:be:50:13:ac:d0:a0:96:
         0d:8d:d9:8d:63:a7:cf:7b:94:3b:95:7b:7a:20:2d:f6:21:b3:
         1f:26:65:08
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAZQntj5Wn7uJeFoRq3fn20ZQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTE2MDdhODY4ZGFmNDg0NjI0NWYzYzhiYmY5ZWJlNzY5ODI5YWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorDEuR1weMFbaZDIdqHbxxdQb8Vo
FGST3sIWslpfpqH/JiMDipzNPoOu/jvjVdKkFapvssxg968vXXApv3T4/WX+L6h/
n4Zq0UCEW/7waL9axYcYd8TCZRFHa++x7HQuZS0xJEzRuYY9ZrwVgD/leiWLhraz
rB7WWyFX6QHLPMcgM29nHrgPgnsckPULpnYFJv1P2MjKD6jQrkH3Hok8v/ZTf9Wv
+eX5Bz6myNa+eOagdVeSc8dskBSt6SB7Tf3TGzP+95tpVg/BFI5UOHPEDqAprf3v
89jRSJrlaJHsSn9b301MtCF7mm3cHtSkhXF63s/jfthORWyNiLvCJ5WY0wIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFAUWB6ho2vSEYkXzyLv56+dpgprZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJlL2E3MDcx
MC1mZGQ3LTQxNDYtOTgyMS03MmNmZGFhOTU5YTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUvYTcwNzEw
LWZkZDctNDE0Ni05ODIxLTcyY2ZkYWE5NTlhMi8xL0JSWUhxR2phOUlSaVJmUEl1
X25yNTJtQ210ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBW88cAwQAW9XpMBoGCCsGAQUFBwEIAQH/BAsw
CaAHMAUCAwCbizANBgkqhkiG9w0BAQsFAAOCAQEAUWoVIFKr/T5HotaMFPW8HdL0
QCOXq3BQBKUswYi5qOFsSVHIm8QhVyaAa53Y92deergKE3101pvAdrJMyaxeFuF4
L/5XohMrAuOP6Xdyn8E0JTguscre6Iuu3ieUqFC9WTpDJ+uz4+a/VDURsFyS3feW
4UwvgiWuvV30krXeovj8cANJ4AVgrEbZOhTvT0qDnrAg8uER4INTDqQ33gMiIev0
jLPJBPQEi+SKjh0KXdOGQkxrykAAyBukfGPTRkMHDX52xlBky+ESxpa+Dqwxcy70
HwrYHT44P+1Emnxo76PhCXG+UBOs0KCWDY3ZjWOnz3uUO5V7eiAt9iGzHyZlCA==
-----END CERTIFICATE-----