Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HtkwhM7ESb7YpvwAi8fdmV6zcxw.cer
File:                     HtkwhM7ESb7YpvwAi8fdmV6zcxw.cer (raw, json)
Hash identifier:          JP0za3Y5NO3yd2fLytWmOoY7F+i+P0ruJGX8Sx/ON8c=
Subject key identifier:   1E:D9:30:84:CE:C4:49:BE:D8:A6:FC:00:8B:C7:DD:99:5E:B3:73:1C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D6D5282636BE2128CAA7AB4C35EAFB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/f0b723-77f1-44c0-8fca-7c646795090b/1/HtkwhM7ESb7YpvwAi8fdmV6zcxw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/f0b723-77f1-44c0-8fca-7c646795090b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:47:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 205944
                          IP: 91.230.80.0/24
                          IP: 185.250.96.0/22
                          IP: 2a0a:d440::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d5:28:26:36:be:21:28:ca:a7:ab:4c:35:ea:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ed93084cec449bed8a6fc008bc7dd995eb3731c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4d:8d:d2:46:09:f7:af:3e:6b:1f:b6:62:08:
                    39:1d:fe:84:eb:02:9f:73:90:b4:4b:ae:6d:3f:57:
                    17:e3:3e:24:54:d9:e1:b1:99:aa:b8:06:39:3b:85:
                    99:37:80:38:41:f8:06:1a:eb:c1:cc:29:27:09:b1:
                    55:c4:b7:2a:1b:4e:4d:43:4b:cb:14:42:25:26:b9:
                    4e:ab:cd:dc:b7:77:0a:78:3c:25:fe:06:a0:b6:3a:
                    aa:3d:0c:83:c5:b5:69:d6:79:b5:a5:6c:73:29:a2:
                    81:89:a3:4d:d2:ec:2a:b2:1a:e6:65:46:43:e8:48:
                    f8:0b:c8:f3:9e:f2:67:2c:5d:fb:95:79:dd:8e:c6:
                    26:8f:0d:50:6c:92:10:5e:0a:f0:cb:29:15:51:1a:
                    d2:73:56:b2:81:59:ef:80:63:64:86:08:aa:25:34:
                    be:78:12:60:13:c3:4c:19:3d:c9:5c:7c:fd:3f:61:
                    60:cf:1d:e0:b0:34:39:96:d1:c8:c8:52:b5:72:36:
                    aa:d9:65:cc:43:fd:6e:0c:b8:97:0d:53:81:4e:18:
                    38:5f:88:a9:d9:6f:fd:e4:d5:a5:5d:86:62:f5:bd:
                    71:d5:88:f9:63:e0:a4:c5:9d:bf:75:ab:7a:a7:ce:
                    4d:92:38:d7:dd:be:c0:16:65:31:18:41:3b:e4:e1:
                    4a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:D9:30:84:CE:C4:49:BE:D8:A6:FC:00:8B:C7:DD:99:5E:B3:73:1C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/f0b723-77f1-44c0-8fca-7c646795090b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/f0b723-77f1-44c0-8fca-7c646795090b/1/HtkwhM7ESb7YpvwAi8fdmV6zcxw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.80.0/24
                  185.250.96.0/22
                IPv6:
                  2a0a:d440::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205944

    Signature Algorithm: sha256WithRSAEncryption
         31:aa:85:71:7f:c9:b3:31:ec:37:48:4d:89:ac:17:f6:cc:ba:
         2b:ea:b5:e4:01:13:88:4e:1f:8d:39:ac:56:45:69:dc:56:e4:
         91:18:2c:b2:cf:fe:00:6f:bd:a4:6d:18:b4:3d:2d:6b:c9:0a:
         cd:bd:b2:e7:d4:fe:1f:ac:bf:3d:6b:b0:28:a0:77:ff:b2:3e:
         be:3e:63:94:b3:f9:30:29:0b:d1:8b:d4:0e:d5:f8:87:1f:67:
         cb:b9:23:08:1e:e2:7c:8e:6f:44:ed:3b:9f:e3:44:3f:da:3a:
         a8:47:21:ef:c9:84:f7:23:48:02:f4:30:c6:3c:73:b2:7b:c9:
         b6:e9:29:35:9a:80:e4:de:d7:58:1b:bf:b8:0b:01:4f:71:5c:
         a9:b3:3f:26:e0:0c:9f:86:18:e1:46:87:a4:b8:5c:aa:38:77:
         5e:f8:f5:34:c0:3e:88:e0:39:d8:e0:0d:7a:b1:19:b4:0d:e0:
         d3:df:00:4d:ad:40:6a:cf:df:04:75:46:57:a5:37:78:9b:cf:
         40:0a:80:5d:44:2f:45:b2:cc:fa:28:84:09:bb:9a:82:5c:97:
         6d:9b:cb:02:d3:d5:f6:4a:8c:38:2f:c6:d0:b0:ee:42:a8:c1:
         73:ae:4f:e5:e6:3e:b0:e4:c5:14:ac:f6:cf:d2:7b:2d:5b:ec:
         38:37:26:a9
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZQj1tUoJja+ISjKp6tMNer7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWQ5MzA4NGNlYzQ0OWJlZDhhNmZjMDA4YmM3ZGQ5OTVlYjM3MzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE2N0kYJ968+ax+2Ygg5Hf6E6wKf
c5C0S65tP1cX4z4kVNnhsZmquAY5O4WZN4A4QfgGGuvBzCknCbFVxLcqG05NQ0vL
FEIlJrlOq83ct3cKeDwl/gagtjqqPQyDxbVp1nm1pWxzKaKBiaNN0uwqshrmZUZD
6Ej4C8jznvJnLF37lXndjsYmjw1QbJIQXgrwyykVURrSc1aygVnvgGNkhgiqJTS+
eBJgE8NMGT3JXHz9P2Fgzx3gsDQ5ltHIyFK1cjaq2WXMQ/1uDLiXDVOBThg4X4ip
2W/95NWlXYZi9b1x1Yj5Y+CkxZ2/dat6p85NkjjX3b7AFmUxGEE75OFKSwIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFB7ZMITOxEm+2Kb8AIvH3Zles3McMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlL2YwYjcy
My03N2YxLTQ0YzAtOGZjYS03YzY0Njc5NTA5MGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvZjBiNzIz
LTc3ZjEtNDRjMC04ZmNhLTdjNjQ2Nzk1MDkwYi8xL0h0a3doTTdFU2I3WXB2d0Fp
OGZkbVY2emN4dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQAW+ZQAwQCufpgMA0EAgACMAcDBQMqCtRAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwMkeDANBgkqhkiG9w0BAQsFAAOCAQEAMaqF
cX/JszHsN0hNiawX9sy6K+q15AETiE4fjTmsVkVp3FbkkRgsss/+AG+9pG0YtD0t
a8kKzb2y59T+H6y/PWuwKKB3/7I+vj5jlLP5MCkL0YvUDtX4hx9ny7kjCB7ifI5v
RO07n+NEP9o6qEch78mE9yNIAvQwxjxzsnvJtukpNZqA5N7XWBu/uAsBT3FcqbM/
JuAMn4YY4UaHpLhcqjh3Xvj1NMA+iOA52OANerEZtA3g098ATa1Aas/fBHVGV6U3
eJvPQAqAXUQvRbLM+iiECbuaglyXbZvLAtPV9kqMOC/G0LDuQqjBc65P5eY+sOTF
FKz2z9J7LVvsODcmqQ==
-----END CERTIFICATE-----