Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/RHhnr-yeLyk5So9fl_kJKdkoIQI.cer
File:                     RHhnr-yeLyk5So9fl_kJKdkoIQI.cer (raw, json)
Hash identifier:          c4Ko6qupL46IKp+hPw9rlBbCS6DXK1K8IkJ7NF4QyPc=
Subject key identifier:   44:78:67:AF:EC:9E:2F:29:39:4A:8F:5F:97:F9:09:29:D9:28:21:02
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F8936D404EEBEB1ADFA30F7F51F7C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5d/7a322b-6482-44a5-b3d2-3e109107ceb6/1/RHhnr-yeLyk5So9fl_kJKdkoIQI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5d/7a322b-6482-44a5-b3d2-3e109107ceb6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:11 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 49493
                          AS: 57286
                          IP: 5.56.56.0/21
                          IP: 95.130.48.0/21
                          IP: 146.255.96.0/21
                          IP: 185.37.224.0/22
                          IP: 185.102.220.0/22
                          IP: 195.114.208.0/20
                          IP: 2a01:b680::/32
                          IP: 2a0d:a080::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:89:36:d4:04:ee:be:b1:ad:fa:30:f7:f5:1f:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=447867afec9e2f29394a8f5f97f90929d9282102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0d:3e:55:a2:c0:06:da:68:39:90:28:0b:60:
                    9b:02:bd:c2:2e:ae:2b:5d:66:df:83:2d:6b:8b:93:
                    5d:bc:bd:c7:1d:6e:c6:27:d6:17:b1:17:e1:d8:d3:
                    86:60:01:6d:15:99:e2:b9:54:c8:25:14:68:92:a4:
                    b7:d0:71:2e:e9:e5:1b:b0:29:d8:f6:4c:fc:d4:4c:
                    6b:3d:e3:9a:f3:19:67:01:d1:bc:3d:c0:e8:da:2d:
                    c2:94:56:f6:0c:d1:e4:c7:e6:90:f6:06:8e:4c:23:
                    f2:18:60:0d:5d:62:2f:7c:a4:3e:fe:75:45:2a:00:
                    58:8b:0c:1a:d7:e7:8d:b2:d3:4d:54:47:22:17:73:
                    b3:a7:37:c5:a0:f3:8d:61:cb:6b:3a:b9:f7:ef:c1:
                    61:81:2f:85:eb:c7:1e:85:6d:17:9c:5b:36:4d:11:
                    a6:c0:61:88:01:d8:a1:16:8d:6f:10:43:72:0d:e9:
                    3f:a6:51:a3:b2:95:fe:fd:db:e7:d4:41:58:18:1e:
                    3c:62:36:0b:71:74:47:38:0c:bd:e7:31:45:67:56:
                    ee:f1:22:8f:66:bc:6f:75:e4:df:fc:11:14:9e:a3:
                    34:19:b6:21:95:51:d9:9f:ac:e4:aa:e4:b7:6d:c5:
                    c0:1d:da:ae:36:19:39:8b:aa:a3:3f:bc:82:16:df:
                    db:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:78:67:AF:EC:9E:2F:29:39:4A:8F:5F:97:F9:09:29:D9:28:21:02
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a322b-6482-44a5-b3d2-3e109107ceb6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a322b-6482-44a5-b3d2-3e109107ceb6/1/RHhnr-yeLyk5So9fl_kJKdkoIQI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.56.0/21
                  95.130.48.0/21
                  146.255.96.0/21
                  185.37.224.0/22
                  185.102.220.0/22
                  195.114.208.0/20
                IPv6:
                  2a01:b680::/32
                  2a0d:a080::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49493
                  57286

    Signature Algorithm: sha256WithRSAEncryption
         02:83:34:d6:f0:db:03:3a:97:3a:52:73:83:3a:0d:e0:bb:48:
         ed:cf:90:92:6b:d2:97:10:73:3f:4d:bc:91:9c:93:9d:14:ab:
         9b:03:0a:f2:17:6e:89:fe:0e:c9:a0:23:94:a8:17:80:b7:0a:
         e2:e1:60:8f:41:7c:01:70:86:9d:3d:8f:84:1d:a6:98:44:26:
         24:c8:0e:db:68:39:4a:ea:7c:bb:99:4d:eb:d3:5c:19:be:79:
         21:7a:a1:e8:18:6a:80:f2:12:f7:e8:6f:f1:91:52:26:98:02:
         9a:79:e5:81:6d:58:e8:c6:66:c7:4a:7a:47:3c:af:87:f7:9c:
         f7:c6:9a:98:19:05:0b:84:9b:be:64:b9:a4:2c:37:75:1f:6c:
         f7:bd:a6:ba:3e:3e:af:5b:52:85:54:d1:d3:3d:d2:04:f8:01:
         f5:0a:e0:63:6e:13:67:a8:d0:e0:5f:c9:4c:b6:3f:50:e1:0a:
         ff:cf:a0:87:b3:b7:ba:c4:bc:fe:76:e3:bf:28:bc:f6:78:1c:
         24:fe:b6:7a:50:84:52:82:ea:75:32:a3:68:7f:79:55:35:b8:
         cd:77:65:67:8a:7f:c4:4f:3d:d6:a1:08:ee:d4:0b:32:d6:f6:
         29:b8:a6:7c:d1:66:a2:38:5b:26:86:7d:51:cf:86:15:e6:26:
         09:f8:c9:ec
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgISAZQlj4k21ATuvrGt+jD39R98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDc4NjdhZmVjOWUyZjI5Mzk0YThmNWY5N2Y5MDkyOWQ5MjgyMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug0+VaLABtpoOZAoC2CbAr3CLq4r
XWbfgy1ri5NdvL3HHW7GJ9YXsRfh2NOGYAFtFZniuVTIJRRokqS30HEu6eUbsCnY
9kz81ExrPeOa8xlnAdG8PcDo2i3ClFb2DNHkx+aQ9gaOTCPyGGANXWIvfKQ+/nVF
KgBYiwwa1+eNstNNVEciF3OzpzfFoPONYctrOrn378FhgS+F68cehW0XnFs2TRGm
wGGIAdihFo1vEENyDek/plGjspX+/dvn1EFYGB48YjYLcXRHOAy95zFFZ1bu8SKP
ZrxvdeTf/BEUnqM0GbYhlVHZn6zkquS3bcXAHdquNhk5i6qjP7yCFt/bPQIDAQAB
o4IC2TCCAtUwHQYDVR0OBBYEFER4Z6/sni8pOUqPX5f5CSnZKCECMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVkLzdhMzIy
Yi02NDgyLTQ0YTUtYjNkMi0zZTEwOTEwN2NlYjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvN2EzMjJi
LTY0ODItNDRhNS1iM2QyLTNlMTA5MTA3Y2ViNi8xL1JIaG5yLXllTHlrNVNvOWZs
X2tKS2Rrb0lRSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFMGCCsGAQUF
BwEHAQH/BEQwQjAqBAIAATAkAwQDBTg4AwQDX4IwAwQDkv9gAwQCuSXgAwQCuWbc
AwQEw3LQMBQEAgACMA4DBQAqAbaAAwUAKg2ggDAfBggrBgEFBQcBCAEB/wQQMA6g
DDAKAgMAwVUCAwDfxjANBgkqhkiG9w0BAQsFAAOCAQEAAoM01vDbAzqXOlJzgzoN
4LtI7c+QkmvSlxBzP028kZyTnRSrmwMK8hduif4OyaAjlKgXgLcK4uFgj0F8AXCG
nT2PhB2mmEQmJMgO22g5Sup8u5lN69NcGb55IXqh6BhqgPIS9+hv8ZFSJpgCmnnl
gW1Y6MZmx0p6Rzyvh/ec98aamBkFC4SbvmS5pCw3dR9s972muj4+r1tShVTR0z3S
BPgB9QrgY24TZ6jQ4F/JTLY/UOEK/8+gh7O3usS8/nbjvyi89ngcJP62elCEUoLq
dTKjaH95VTW4zXdlZ4p/xE891qEI7tQLMtb2KbimfNFmojhbJoZ9Uc+GFeYmCfjJ
7A==
-----END CERTIFICATE-----