Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HCrBJGouDql6DCKVtz3b4AbQ7Sw.cer
File:                     HCrBJGouDql6DCKVtz3b4AbQ7Sw.cer (raw, json)
Hash identifier:          lmmbtceMvHyNpEPQc90r3OuQtbKxPeYb9uq5aSmmqj8=
Subject key identifier:   1C:2A:C1:24:6A:2E:0E:A9:7A:0C:22:95:B7:3D:DB:E0:06:D0:ED:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C9A6EF5DFDA0D76D5288E4EBE4C85
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/HCrBJGouDql6DCKVtz3b4AbQ7Sw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:48:15 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 48769
                          IP: 194.153.187.0/24
                          IP: 2001:678:c78::/48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9a:6e:f5:df:da:0d:76:d5:28:8e:4e:be:4c:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c2ac1246a2e0ea97a0c2295b73ddbe006d0ed2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:45:2e:d3:84:5c:32:8e:e9:34:51:71:8a:a1:
                    91:92:39:cd:f0:5a:32:cf:72:35:23:e8:2c:07:10:
                    52:6d:a0:22:24:d1:4c:50:b7:54:1b:30:69:7e:da:
                    18:3f:c8:66:13:34:0b:ec:e6:02:d0:3c:47:38:2f:
                    d2:cf:4a:6a:dd:5f:3a:e7:06:3e:26:08:4b:07:2f:
                    d6:62:de:a0:a0:3d:a6:cd:d9:54:1f:16:72:f4:78:
                    c5:65:22:e3:54:43:21:e9:bc:35:15:37:3f:19:9c:
                    ea:63:7c:68:96:45:a0:8f:fe:d7:58:2b:ec:a7:ae:
                    fa:ca:a0:7f:45:9b:1e:d0:36:4c:b0:d3:3c:94:ed:
                    fe:84:30:a2:73:7b:e4:34:b0:91:4c:b7:70:67:5d:
                    ea:b8:92:02:a4:a5:48:33:60:b1:bb:9e:00:e0:c8:
                    de:74:5b:95:2f:58:a1:01:b1:dc:98:79:e1:e5:c1:
                    2a:5e:76:7d:ae:1b:5b:e5:3c:db:3b:1e:7e:41:b7:
                    41:ff:52:8a:70:ff:04:8a:b0:f1:2f:77:3a:17:a5:
                    54:84:e7:d1:e0:c2:a8:da:b1:c8:98:82:c5:a1:d1:
                    35:69:b9:39:8b:17:11:79:13:21:56:75:af:91:ab:
                    18:57:0a:49:3b:43:9a:61:bf:62:a1:25:4d:e5:bf:
                    40:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:2A:C1:24:6A:2E:0E:A9:7A:0C:22:95:B7:3D:DB:E0:06:D0:ED:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/HCrBJGouDql6DCKVtz3b4AbQ7Sw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.187.0/24
                IPv6:
                  2001:678:c78::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48769

    Signature Algorithm: sha256WithRSAEncryption
         20:95:fd:9c:81:c1:7a:d9:8d:8a:54:c4:9f:83:8e:cd:ed:fc:
         09:0e:0b:45:5d:f7:6c:c3:91:62:de:69:b5:19:b4:6a:2a:e0:
         95:44:5a:7d:a2:f0:ed:dc:51:1b:90:64:33:93:da:9e:9f:1f:
         9c:34:9f:89:7c:80:9e:64:45:20:65:90:7f:ea:65:12:a6:11:
         bd:f1:cd:f1:f3:3f:5c:18:57:8c:e5:a6:b3:3c:f6:86:bd:c6:
         9f:8c:10:5a:9a:87:17:23:7d:34:0e:35:8b:f3:1b:43:c1:6e:
         ee:74:26:45:d3:55:ec:70:c5:60:7d:06:95:7e:99:d4:fd:08:
         96:4d:ae:2e:a3:8f:66:24:7b:84:d3:d3:28:94:ae:9a:64:37:
         a5:b8:03:db:6b:a4:9c:79:34:6f:af:b4:fa:42:d7:84:24:d0:
         46:3a:94:33:ef:9f:b8:13:65:e3:48:e9:92:ae:5d:23:a1:b6:
         41:4f:60:73:3d:2e:4c:d1:0a:8b:74:9b:6e:10:ca:9b:1b:9a:
         04:5a:96:06:e0:11:08:3b:a0:37:4b:4d:3e:ae:6a:21:73:0c:
         07:61:05:d3:0c:a9:39:ab:98:78:23:1e:cb:56:9d:3f:9f:21:
         91:7b:2f:f7:2e:e2:b4:3d:50:bb:72:5e:6e:cd:cf:2e:30:82:
         0f:ee:30:d0
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgISAZQfjJpu9d/aDXbVKI5OvkyFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzJhYzEyNDZhMmUwZWE5N2EwYzIyOTViNzNkZGJlMDA2ZDBlZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kUu04RcMo7pNFFxiqGRkjnN8Foy
z3I1I+gsBxBSbaAiJNFMULdUGzBpftoYP8hmEzQL7OYC0DxHOC/Sz0pq3V865wY+
JghLBy/WYt6goD2mzdlUHxZy9HjFZSLjVEMh6bw1FTc/GZzqY3xolkWgj/7XWCvs
p676yqB/RZse0DZMsNM8lO3+hDCic3vkNLCRTLdwZ13quJICpKVIM2Cxu54A4Mje
dFuVL1ihAbHcmHnh5cEqXnZ9rhtb5TzbOx5+QbdB/1KKcP8EirDxL3c6F6VUhOfR
4MKo2rHImILFodE1abk5ixcReRMhVnWvkasYVwpJO0OaYb9ioSVN5b9AgwIDAQAB
o4ICsTCCAq0wHQYDVR0OBBYEFBwqwSRqLg6pegwilbc92+AG0O0sMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQyLzBkZTdl
MS1iZjdmLTQzNGYtOTU5MS04ZDQ2ZTA5ZGY5ZjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIvMGRlN2Ux
LWJmN2YtNDM0Zi05NTkxLThkNDZlMDlkZjlmMy8xL0hDckJKR291RHFsNkRDS1Z0
ejNiNEFiUTdTdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAwpm7MA8EAgACMAkDBwAgAQZ4DHgwGgYIKwYB
BQUHAQgBAf8ECzAJoAcwBQIDAL6BMA0GCSqGSIb3DQEBCwUAA4IBAQAglf2cgcF6
2Y2KVMSfg47N7fwJDgtFXfdsw5Fi3mm1GbRqKuCVRFp9ovDt3FEbkGQzk9qenx+c
NJ+JfICeZEUgZZB/6mUSphG98c3x8z9cGFeM5aazPPaGvcafjBBamocXI300DjWL
8xtDwW7udCZF01XscMVgfQaVfpnU/QiWTa4uo49mJHuE09MolK6aZDeluAPba6Sc
eTRvr7T6QteEJNBGOpQz75+4E2XjSOmSrl0jobZBT2BzPS5M0QqLdJtuEMqbG5oE
WpYG4BEIO6A3S00+rmohcwwHYQXTDKk5q5h4Ix7LVp0/nyGRey/3LuK0PVC7cl5u
zc8uMIIP7jDQ
-----END CERTIFICATE-----