Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HwYU4ZXBZWoo6LGbInhOi1W7RTM.cer
File:                     HwYU4ZXBZWoo6LGbInhOi1W7RTM.cer (raw, json)
Hash identifier:          pF0Gw2/aX8JOi2/z1fzTBJ5g6jFOSFTMNO8jULpPeGc=
Subject key identifier:   1F:06:14:E1:95:C1:65:6A:28:E8:B1:9B:22:78:4E:8B:55:BB:45:33
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942521364B5E2CB7F960478E249B041D47
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/HwYU4ZXBZWoo6LGbInhOi1W7RTM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:48:41 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 51373
                          IP: 91.218.156.0/22
                          IP: 94.24.28.0/24
                          IP: 94.24.79.0/24
                          IP: 178.251.120.0/22
                          IP: 185.44.216.0/22
                          IP: 185.80.56.0/22
                          IP: 193.33.8.0/23
                          IP: 2a04:9a40::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:36:4b:5e:2c:b7:f9:60:47:8e:24:9b:04:1d:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f0614e195c1656a28e8b19b22784e8b55bb4533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:cd:fe:70:92:b8:56:d8:9f:7d:ca:25:74:d9:
                    c3:9c:ef:33:c2:b1:d5:f1:33:99:83:17:78:7d:02:
                    1c:34:9f:45:0a:0b:bf:38:52:8f:fc:0a:ef:b5:87:
                    46:16:eb:08:24:80:f6:36:c4:44:90:1f:ac:52:1d:
                    97:a3:2b:bc:fe:ba:d4:6c:dc:96:c1:aa:7e:2b:05:
                    0c:36:76:82:a5:dc:1f:2d:07:24:97:e7:80:ba:ec:
                    9d:e7:ad:a3:5f:5b:e3:6c:4f:26:ce:99:62:3e:d8:
                    12:4c:ac:92:e4:25:43:b5:19:50:4a:be:f2:6a:1d:
                    6d:1d:28:6a:a3:11:be:03:5a:e6:0a:18:3f:d3:05:
                    0f:94:f3:0f:69:6a:22:d9:95:d4:c3:d5:49:3e:d2:
                    49:68:b0:f4:48:18:f5:30:63:24:66:52:5d:7e:b1:
                    7e:1c:66:89:2a:a0:9a:98:de:c3:ce:cc:14:89:2e:
                    b8:9b:4c:13:bf:01:50:c8:ab:c7:39:ef:95:a2:06:
                    48:53:89:4d:3d:58:6d:40:11:11:30:db:cd:0d:a3:
                    05:5a:88:f4:85:ce:b6:70:c4:53:17:c3:72:67:8a:
                    cc:8e:9f:4c:f3:c2:48:3f:2e:ff:e1:fe:3b:b0:d6:
                    e6:e0:42:32:dd:b0:f9:7e:0a:5e:92:32:49:c0:f9:
                    ba:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:06:14:E1:95:C1:65:6A:28:E8:B1:9B:22:78:4E:8B:55:BB:45:33
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/HwYU4ZXBZWoo6LGbInhOi1W7RTM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.156.0/22
                  94.24.28.0/24
                  94.24.79.0/24
                  178.251.120.0/22
                  185.44.216.0/22
                  185.80.56.0/22
                  193.33.8.0/23
                IPv6:
                  2a04:9a40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51373

    Signature Algorithm: sha256WithRSAEncryption
         67:cc:66:37:8e:5e:22:39:71:3b:7c:84:0e:bc:11:46:43:76:
         ad:bc:7e:a5:5b:55:ee:ab:9c:14:f0:6a:18:07:09:84:b4:b0:
         9e:66:70:43:cc:1a:f8:ed:06:d3:1b:70:10:c0:88:d4:e0:ee:
         b9:b1:a9:bf:03:d6:c3:9a:56:3e:ab:21:ca:95:78:2f:fb:62:
         c7:56:d5:ad:0d:d7:49:50:58:4d:9f:a7:24:9c:62:0e:88:c8:
         4e:35:4a:27:b4:0e:4e:b7:71:69:de:84:8b:f2:98:1e:48:f5:
         90:d7:cb:e8:40:86:d4:31:9e:9f:e8:64:1b:35:c8:3e:e3:60:
         7f:73:c6:f1:74:c1:12:a8:8b:f6:fe:22:19:ac:bf:22:b4:d2:
         95:0c:d3:33:ba:05:58:1c:68:d1:d0:c1:99:18:c0:4b:31:da:
         f3:dc:31:20:47:6b:c6:79:f4:ce:cc:37:74:18:3c:7b:34:74:
         61:d1:ca:41:89:d9:08:00:cb:8f:9f:03:13:b7:7d:76:de:ec:
         e1:af:86:a6:83:31:60:a4:e5:2e:71:75:61:4d:b9:77:3d:2e:
         4d:95:22:ae:02:d6:5a:ff:78:0a:de:f9:26:20:87:40:a8:5b:
         07:0c:97:e6:44:d6:cb:eb:ac:6c:1e:f9:b1:75:ef:11:f7:e4:
         f6:28:e6:16
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgISAZQlITZLXiy3+WBHjiSbBB1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjA2MTRlMTk1YzE2NTZhMjhlOGIxOWIyMjc4NGU4YjU1YmI0NTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1s3+cJK4VtiffcoldNnDnO8zwrHV
8TOZgxd4fQIcNJ9FCgu/OFKP/ArvtYdGFusIJID2NsREkB+sUh2Xoyu8/rrUbNyW
wap+KwUMNnaCpdwfLQckl+eAuuyd562jX1vjbE8mzpliPtgSTKyS5CVDtRlQSr7y
ah1tHShqoxG+A1rmChg/0wUPlPMPaWoi2ZXUw9VJPtJJaLD0SBj1MGMkZlJdfrF+
HGaJKqCamN7DzswUiS64m0wTvwFQyKvHOe+VogZIU4lNPVhtQBERMNvNDaMFWoj0
hc62cMRTF8NyZ4rMjp9M88JIPy7/4f47sNbm4EIy3bD5fgpekjJJwPm60QIDAQAB
o4IC0zCCAs8wHQYDVR0OBBYEFB8GFOGVwWVqKOixmyJ4TotVu0UzMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzllLzEwZWJj
Yy1jODMyLTRkMzMtODhiNS1iZWY4NzJkYWVjZTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUvMTBlYmNj
LWM4MzItNGQzMy04OGI1LWJlZjg3MmRhZWNlNy8xL0h3WVU0WlhCWldvbzZMR2JJ
bmhPaTFXN1JUTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFIGCCsGAQUF
BwEHAQH/BEMwQTAwBAIAATAqAwQCW9qcAwQAXhgcAwQAXhhPAwQCsvt4AwQCuSzY
AwQCuVA4AwQBwSEIMA0EAgACMAcDBQMqBJpAMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwDIrTANBgkqhkiG9w0BAQsFAAOCAQEAZ8xmN45eIjlxO3yEDrwRRkN2rbx+
pVtV7qucFPBqGAcJhLSwnmZwQ8wa+O0G0xtwEMCI1ODuubGpvwPWw5pWPqshypV4
L/tix1bVrQ3XSVBYTZ+nJJxiDojITjVKJ7QOTrdxad6Ei/KYHkj1kNfL6ECG1DGe
n+hkGzXIPuNgf3PG8XTBEqiL9v4iGay/IrTSlQzTM7oFWBxo0dDBmRjASzHa89wx
IEdrxnn0zsw3dBg8ezR0YdHKQYnZCADLj58DE7d9dt7s4a+GpoMxYKTlLnF1YU25
dz0uTZUirgLWWv94Ct75JiCHQKhbBwyX5kTWy+usbB75sXXvEffk9ijmFg==
-----END CERTIFICATE-----