Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
File:                     SQsh95ueovPQQjdHFIZ9EkAZlds.cer (raw, json)
Hash identifier:          cgSWn3uEkL05C3F20cClmyAdOdC7vHB11H0OPcFdkCo=
Subject key identifier:   49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194214437C9DBCE5C2F04AC14B3AA594A94
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:26 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 51043
                          IP: 5.22.136.0/21
                          IP: 83.98.32.0/19
                          IP: 148.253.160.0/19
                          IP: 159.242.64.0/18
                          IP: 178.23.128.0/21
                          IP: 185.59.180.0/22
                          IP: 185.173.67.0/24
                          IP: 195.184.238.0/23
                          IP: 212.47.86.0/23
                          IP: 2a00:ed40::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:37:c9:db:ce:5c:2f:04:ac:14:b3:aa:59:4a:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=490b21f79b9ea2f3d042374714867d12401995db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:39:7e:17:8c:71:b7:54:47:bf:ed:e1:f3:c1:
                    a1:3f:91:20:37:8c:ea:53:57:9f:75:3b:19:95:14:
                    71:1b:a1:ce:87:28:7b:dd:13:e1:3f:56:0e:2d:8f:
                    3e:80:05:90:04:ce:ad:e2:68:40:3c:7d:48:99:5b:
                    16:94:d8:6d:c5:3a:3b:37:13:97:36:cb:f2:c9:4d:
                    0a:b6:21:81:0a:7c:7f:98:77:85:20:63:bd:60:56:
                    88:86:aa:1f:cd:fa:c6:3f:4b:2b:57:35:51:6e:a9:
                    5b:75:17:00:03:64:ed:78:30:2b:f6:49:2e:d7:3d:
                    62:13:fb:1c:03:5d:24:a9:a6:f0:d5:9e:03:8e:b0:
                    86:0f:a6:a0:27:87:20:15:f9:1e:f6:23:5f:66:24:
                    a2:a0:d8:b0:77:5a:db:19:c3:0b:a1:41:86:3d:ab:
                    b6:4a:a5:4b:43:f8:f2:82:1e:6a:e1:a7:13:bf:19:
                    03:a1:52:16:d9:dc:cc:83:47:4b:df:6d:88:21:66:
                    a7:30:64:04:01:99:9b:c2:a1:89:06:a7:80:7e:80:
                    8c:5a:3f:de:c5:66:5b:58:71:e0:67:1c:50:a3:b1:
                    d5:a8:0f:c5:f4:fe:09:9e:91:8d:22:b1:1d:43:26:
                    be:76:bc:1f:90:75:21:59:d1:5f:2c:78:14:3b:f5:
                    88:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.136.0/21
                  83.98.32.0/19
                  148.253.160.0/19
                  159.242.64.0/18
                  178.23.128.0/21
                  185.59.180.0/22
                  185.173.67.0/24
                  195.184.238.0/23
                  212.47.86.0/23
                IPv6:
                  2a00:ed40::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51043

    Signature Algorithm: sha256WithRSAEncryption
         7b:db:cd:6a:2b:c5:fe:96:2d:4a:a1:28:ed:7a:d6:e5:5e:69:
         25:e7:82:3d:3b:56:e4:75:ab:2d:2f:fc:e1:8c:c8:8b:29:51:
         d2:7a:bf:ba:d0:f8:d9:00:0d:92:05:f1:bc:44:69:9a:4b:47:
         15:7b:a7:61:90:46:6f:8a:dd:b8:c2:81:3a:59:89:e0:74:1f:
         2f:ed:92:3a:a3:6f:8d:32:e6:d3:2b:ed:8a:4a:ec:50:06:6d:
         72:ce:69:75:40:f5:2f:3e:9a:f1:aa:e1:5d:57:b3:c1:af:9d:
         ac:f2:96:fd:2c:85:9d:eb:36:82:f3:a0:98:ca:5b:f5:5c:39:
         22:7b:80:1c:00:39:c0:ee:40:12:87:0a:98:5f:59:c6:e1:46:
         c1:f0:4f:2a:6b:9a:0d:73:30:db:91:a3:b3:d8:da:a2:11:c3:
         be:da:06:43:12:01:ec:0a:25:1c:c0:d8:3f:89:59:9f:0e:fa:
         7e:e0:47:62:f1:43:fd:71:4e:e3:8f:f7:13:e0:9b:35:f9:da:
         bf:c3:2d:c5:e8:f0:cf:8a:61:44:8d:b6:6a:ff:93:e5:75:13:
         85:57:46:bf:b4:f8:1b:3e:e9:b7:59:8e:44:6c:a3:f0:d2:84:
         61:be:36:33:f0:ca:b1:ad:d7:02:e5:f0:cc:ed:60:d5:c3:11:
         98:8a:4e:49
-----BEGIN CERTIFICATE-----
MIIF0zCCBLugAwIBAgISAZQhRDfJ285cLwSsFLOqWUqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTBiMjFmNzliOWVhMmYzZDA0MjM3NDcxNDg2N2QxMjQwMTk5NWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjl+F4xxt1RHv+3h88GhP5EgN4zq
U1efdTsZlRRxG6HOhyh73RPhP1YOLY8+gAWQBM6t4mhAPH1ImVsWlNhtxTo7NxOX
NsvyyU0KtiGBCnx/mHeFIGO9YFaIhqofzfrGP0srVzVRbqlbdRcAA2TteDAr9kku
1z1iE/scA10kqabw1Z4DjrCGD6agJ4cgFfke9iNfZiSioNiwd1rbGcMLoUGGPau2
SqVLQ/jygh5q4acTvxkDoVIW2dzMg0dL322IIWanMGQEAZmbwqGJBqeAfoCMWj/e
xWZbWHHgZxxQo7HVqA/F9P4JnpGNIrEdQya+drwfkHUhWdFfLHgUO/WI/QIDAQAB
o4IC3zCCAtswHQYDVR0OBBYEFEkLIfebnqLz0EI3RxSGfRJAGZXbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FlL2UxMDE2
NS1iNGNkLTQzMjEtYmYzYy00ODBjMzJmNDAwZTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWUvZTEwMTY1
LWI0Y2QtNDMyMS1iZjNjLTQ4MGMzMmY0MDBlMS8xL1NRc2g5NXVlb3ZQUVFqZEhG
SVo5RWtBWmxkcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF4GCCsGAQUF
BwEHAQH/BE8wTTA8BAIAATA2AwQDBRaIAwQFU2IgAwQFlP2gAwQGn/JAAwQDsheA
AwQCuTu0AwQAua1DAwQBw7juAwQB1C9WMA0EAgACMAcDBQAqAO1AMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDHYzANBgkqhkiG9w0BAQsFAAOCAQEAe9vNaivF/pYt
SqEo7XrW5V5pJeeCPTtW5HWrLS/84YzIiylR0nq/utD42QANkgXxvERpmktHFXun
YZBGb4rduMKBOlmJ4HQfL+2SOqNvjTLm0yvtikrsUAZtcs5pdUD1Lz6a8arhXVez
wa+drPKW/SyFnes2gvOgmMpb9Vw5InuAHAA5wO5AEocKmF9ZxuFGwfBPKmuaDXMw
25Gjs9jaohHDvtoGQxIB7AolHMDYP4lZnw76fuBHYvFD/XFO44/3E+CbNfnav8Mt
xejwz4phRI22av+T5XUThVdGv7T4Gz7pt1mORGyj8NKEYb42M/DKsa3XAuXwzO1g
1cMRmIpOSQ==
-----END CERTIFICATE-----