Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/O1Xn_rkHE3KZ9XksNjle-6mzS2I.cer
File:                     O1Xn_rkHE3KZ9XksNjle-6mzS2I.cer (raw, json)
Hash identifier:          kBi4J93h27riVw5vvQaT9tyDyeh/CFoSvT4LKTaXHe0=
Subject key identifier:   3B:55:E7:FE:B9:07:13:72:99:F5:79:2C:36:39:5E:FB:A9:B3:4B:62
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B36F8D26D065BA56BD13CC99210639
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/16/8b768c-0e0a-4ad3-9100-a441e24be036/1/O1Xn_rkHE3KZ9XksNjle-6mzS2I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/16/8b768c-0e0a-4ad3-9100-a441e24be036/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:46 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 5429
                          AS: 29233
                          IP: 85.89.96.0/19
                          IP: 185.92.140.0/22
                          IP: 193.108.182.0/24
                          IP: 195.178.192.0/19
                          IP: 217.67.112.0/20
                          IP: 2a02:7bc0::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:6f:8d:26:d0:65:ba:56:bd:13:cc:99:21:06:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b55e7feb907137299f5792c36395efba9b34b62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:95:c8:bf:e7:72:30:de:5d:4e:d1:a2:99:cf:
                    70:c4:50:f7:c2:ca:1b:5d:ce:d1:ef:89:09:a4:90:
                    03:7e:03:62:b7:37:e4:1f:19:13:97:1a:2b:79:20:
                    0a:4a:c9:ae:f1:6f:c6:b3:23:77:29:6c:7e:39:18:
                    ff:0f:28:76:a8:28:a3:21:dc:e1:b1:9b:24:75:54:
                    df:17:47:4d:de:4b:3c:84:c4:9b:74:cb:62:5d:98:
                    d1:28:e5:51:86:3e:72:84:4a:0e:74:a5:e2:07:37:
                    b1:8c:c6:b0:f5:3b:5a:92:42:fc:46:d7:0f:67:b0:
                    95:f0:4c:da:05:20:08:8c:89:79:48:6c:05:c1:3d:
                    d9:12:31:b9:a0:2b:79:a3:d7:e7:1c:a9:11:17:5d:
                    4a:86:ae:ed:41:17:12:10:02:f8:51:73:94:ff:a2:
                    14:08:6e:28:d2:05:32:1e:2a:43:95:23:a8:f0:52:
                    d7:76:42:4c:09:9d:50:c1:02:74:41:79:cb:00:43:
                    8e:0b:69:51:fd:a9:48:c2:b0:67:af:c4:1e:27:11:
                    7a:7f:7f:6e:ba:af:6c:9a:65:cf:b2:3b:1f:aa:c8:
                    51:6b:7c:9d:52:d0:c7:9d:00:45:14:eb:f9:4e:26:
                    a8:a5:7d:45:e2:c7:a7:9d:1f:91:10:2c:b6:d9:f6:
                    25:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:55:E7:FE:B9:07:13:72:99:F5:79:2C:36:39:5E:FB:A9:B3:4B:62
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8b768c-0e0a-4ad3-9100-a441e24be036/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8b768c-0e0a-4ad3-9100-a441e24be036/1/O1Xn_rkHE3KZ9XksNjle-6mzS2I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.89.96.0/19
                  185.92.140.0/22
                  193.108.182.0/24
                  195.178.192.0/19
                  217.67.112.0/20
                IPv6:
                  2a02:7bc0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  5429
                  29233

    Signature Algorithm: sha256WithRSAEncryption
         06:d6:a7:e4:cf:03:69:b1:4d:e5:46:57:f5:d4:25:06:e6:5e:
         9b:6e:e1:cc:2e:45:32:66:7a:9e:a6:dc:c0:f4:c2:9b:59:4e:
         ba:3d:16:90:ea:b3:dd:0c:09:8a:bd:04:da:96:f2:98:44:4d:
         a3:b0:18:eb:75:3f:95:1e:ad:0d:11:71:82:4f:dc:fd:ae:8e:
         4f:61:b8:49:a4:72:8a:7a:fb:d3:40:93:b4:18:4a:1f:f0:15:
         37:b6:6c:ba:14:69:a2:ab:3d:a8:3f:61:94:43:32:ac:f8:da:
         e2:65:07:8d:80:78:9a:f9:7c:d6:ac:1b:ff:34:ae:56:80:03:
         fe:a0:f7:1a:77:70:bd:bc:e8:93:05:13:95:80:b7:8d:ed:36:
         fa:95:e2:2c:6b:97:eb:db:8a:cf:e8:b2:25:8b:87:13:49:8b:
         d1:b4:09:d3:b2:62:12:fa:de:09:a1:37:49:87:96:d5:cc:a6:
         69:ab:72:f7:1c:ae:3f:ef:38:54:3a:81:12:25:75:f1:25:30:
         31:fb:df:30:da:3d:d1:1a:f0:d2:b8:f1:4d:f3:1b:c4:b6:0c:
         db:e7:92:5f:be:4d:e6:5d:a8:0b:c6:a6:24:d9:14:c4:f9:a8:
         3b:b3:64:d1:57:10:e2:1b:8f:55:84:15:96:eb:2d:bb:14:c0:
         e5:7d:49:22
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZQks2+NJtBlula9E8yZIQY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjU1ZTdmZWI5MDcxMzcyOTlmNTc5MmMzNjM5NWVmYmE5YjM0YjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5XIv+dyMN5dTtGimc9wxFD3wsob
Xc7R74kJpJADfgNitzfkHxkTlxoreSAKSsmu8W/GsyN3KWx+ORj/Dyh2qCijIdzh
sZskdVTfF0dN3ks8hMSbdMtiXZjRKOVRhj5yhEoOdKXiBzexjMaw9TtakkL8RtcP
Z7CV8EzaBSAIjIl5SGwFwT3ZEjG5oCt5o9fnHKkRF11Khq7tQRcSEAL4UXOU/6IU
CG4o0gUyHipDlSOo8FLXdkJMCZ1QwQJ0QXnLAEOOC2lR/alIwrBnr8QeJxF6f39u
uq9smmXPsjsfqshRa3ydUtDHnQBFFOv5TiaopX1F4sennR+RECy22fYlPwIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFDtV5/65BxNymfV5LDY5Xvups0tiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE2LzhiNzY4
Yy0wZTBhLTRhZDMtOTEwMC1hNDQxZTI0YmUwMzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTYvOGI3Njhj
LTBlMGEtNGFkMy05MTAwLWE0NDFlMjRiZTAzNi8xL08xWG5fcmtIRTNLWjlYa3NO
amxlLTZtelMySS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEYGCCsGAQUF
BwEHAQH/BDcwNTAkBAIAATAeAwQFVVlgAwQCuVyMAwQAwWy2AwQFw7LAAwQE2UNw
MA0EAgACMAcDBQAqAnvAMB0GCCsGAQUFBwEIAQH/BA4wDKAKMAgCAhU1AgJyMTAN
BgkqhkiG9w0BAQsFAAOCAQEABtan5M8DabFN5UZX9dQlBuZem27hzC5FMmZ6nqbc
wPTCm1lOuj0WkOqz3QwJir0E2pbymERNo7AY63U/lR6tDRFxgk/c/a6OT2G4SaRy
inr700CTtBhKH/AVN7ZsuhRpoqs9qD9hlEMyrPja4mUHjYB4mvl81qwb/zSuVoAD
/qD3GndwvbzokwUTlYC3je02+pXiLGuX69uKz+iyJYuHE0mL0bQJ07JiEvreCaE3
SYeW1cymaaty9xyuP+84VDqBEiV18SUwMfvfMNo90Rrw0rjxTfMbxLYM2+eSX75N
5l2oC8amJNkUxPmoO7Nk0VcQ4huPVYQVlustuxTA5X1JIg==
-----END CERTIFICATE-----