Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/VHkd3iyb3qNmzn7GxagAxdpjNFQ.cer
File:                     VHkd3iyb3qNmzn7GxagAxdpjNFQ.cer (raw, json)
Hash identifier:          hZ3aoPFJkyUepdYXpjS98na/rve7LLitXk6JyaVrI3g=
Subject key identifier:   54:79:1D:DE:2C:9B:DE:A3:66:CE:7E:C6:C5:A8:00:C5:DA:63:34:54
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266BB2FB2BD5ED84AEFA060B431AA993
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/VHkd3iyb3qNmzn7GxagAxdpjNFQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:49:39 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 212772
                          IP: 45.156.136.0/22
                          IP: 46.243.228.0/22
                          IP: 92.255.56.0/24
                          IP: 92.255.68.0/22
                          IP: 92.255.84.0/24
                          IP: 94.140.14.0/23
                          IP: 176.103.128.0/19
                          IP: 185.113.28.0/22
                          IP: 217.72.12.0/22
                          IP: 2a10:50c0::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:b2:fb:2b:d5:ed:84:ae:fa:06:0b:43:1a:a9:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54791dde2c9bdea366ce7ec6c5a800c5da633454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c0:30:89:bc:2e:3e:a8:13:68:fa:b4:c0:2d:
                    07:77:65:ce:2a:e9:9b:b1:f6:82:eb:2e:38:55:c7:
                    0c:46:42:21:8b:6d:35:f1:e1:1c:19:52:99:bc:2d:
                    f7:b4:64:89:fb:2b:8b:ed:55:3d:65:28:f8:aa:c7:
                    b4:46:8c:6a:90:21:48:f2:cc:b5:33:01:c7:c2:b4:
                    11:b3:30:c7:e8:75:a7:c3:db:39:5f:2a:49:de:67:
                    76:08:3a:df:12:be:8f:08:5b:3c:fa:ab:09:d2:dd:
                    d9:a1:9f:9a:12:cf:b2:d3:a5:36:8a:4b:45:e2:1c:
                    bb:6f:a4:45:0c:19:25:e1:17:c0:af:0e:27:79:6b:
                    10:0a:5b:47:52:d4:8a:d4:fb:50:ac:40:ad:5a:bf:
                    16:5b:bc:a4:9b:7d:23:4c:cb:6e:5a:fa:ed:7f:dd:
                    8b:f9:83:ee:b7:05:1e:c5:94:43:94:a9:22:46:d4:
                    78:34:42:b9:f7:77:6d:d7:f5:37:26:fd:4f:80:b9:
                    d8:81:1c:e9:3c:44:34:f4:13:93:53:c3:79:56:5b:
                    c2:12:17:48:af:5d:d7:27:de:e5:47:a7:52:82:8c:
                    fe:42:ed:ec:38:e2:91:1a:e7:33:a3:f5:f2:38:15:
                    8d:a9:d2:0a:89:f6:a5:d3:da:71:2e:a7:da:d2:a3:
                    81:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:79:1D:DE:2C:9B:DE:A3:66:CE:7E:C6:C5:A8:00:C5:DA:63:34:54
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/VHkd3iyb3qNmzn7GxagAxdpjNFQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.136.0/22
                  46.243.228.0/22
                  92.255.56.0/24
                  92.255.68.0/22
                  92.255.84.0/24
                  94.140.14.0/23
                  176.103.128.0/19
                  185.113.28.0/22
                  217.72.12.0/22
                IPv6:
                  2a10:50c0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212772

    Signature Algorithm: sha256WithRSAEncryption
         67:39:f4:68:cd:d2:74:92:2f:7c:6c:1c:12:2c:5e:30:8a:8b:
         1d:95:65:cf:c5:ba:53:81:1c:16:9d:10:46:7a:ac:c3:0b:7b:
         e0:be:f6:90:97:16:14:cb:fa:5d:23:c7:0b:06:af:81:d1:84:
         cf:64:3b:89:3c:b8:59:e2:6d:ed:f3:43:83:53:ac:17:5f:1e:
         f3:52:89:4e:e2:10:8e:59:7f:64:2b:46:f6:19:0c:1b:bd:86:
         ce:a2:ab:ca:27:d6:5d:ff:3b:98:dd:55:32:5f:db:d8:a6:9e:
         ec:aa:3d:91:21:0b:8a:48:8f:13:b6:aa:37:69:aa:66:55:e8:
         97:41:07:af:77:83:8e:8c:23:7b:ae:f9:9d:32:72:f4:5c:a8:
         3a:63:6c:f6:57:3f:44:32:53:f2:02:c3:45:51:92:56:b2:46:
         cb:f9:cf:32:8f:ee:6e:06:c6:46:00:f7:88:9d:a1:4f:e6:46:
         10:f0:ec:e4:ca:93:22:89:87:3e:d6:1e:eb:b7:19:f5:11:a1:
         75:a1:56:62:9b:9c:8f:25:c1:27:02:4a:76:28:d1:41:8e:ef:
         39:15:df:12:a7:eb:e6:94:d0:14:95:4f:6a:4d:f9:fe:fe:ec:
         b3:74:14:ff:05:62:11:88:1b:61:6c:5e:46:46:6b:31:5e:b1:
         22:e8:b3:a4
-----BEGIN CERTIFICATE-----
MIIF0zCCBLugAwIBAgISAZQma7L7K9XthK76BgtDGqmTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDc5MWRkZTJjOWJkZWEzNjZjZTdlYzZjNWE4MDBjNWRhNjMzNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsAwibwuPqgTaPq0wC0Hd2XOKumb
sfaC6y44VccMRkIhi2018eEcGVKZvC33tGSJ+yuL7VU9ZSj4qse0RoxqkCFI8sy1
MwHHwrQRszDH6HWnw9s5XypJ3md2CDrfEr6PCFs8+qsJ0t3ZoZ+aEs+y06U2iktF
4hy7b6RFDBkl4RfArw4neWsQCltHUtSK1PtQrECtWr8WW7ykm30jTMtuWvrtf92L
+YPutwUexZRDlKkiRtR4NEK593dt1/U3Jv1PgLnYgRzpPEQ09BOTU8N5VlvCEhdI
r13XJ97lR6dSgoz+Qu3sOOKRGuczo/XyOBWNqdIKifal09pxLqfa0qOBKwIDAQAB
o4IC3zCCAtswHQYDVR0OBBYEFFR5Hd4sm96jZs5+xsWoAMXaYzRUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhmLzE3ZTU2
Ny05ZTQ0LTQ0NGEtYWM2NC0xOGIzNGJlYTliMDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGYvMTdlNTY3
LTllNDQtNDQ0YS1hYzY0LTE4YjM0YmVhOWIwNi8xL1ZIa2QzaXliM3FObXpuN0d4
YWdBeGRwak5GUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF4GCCsGAQUF
BwEHAQH/BE8wTTA8BAIAATA2AwQCLZyIAwQCLvPkAwQAXP84AwQCXP9EAwQAXP9U
AwQBXowOAwQFsGeAAwQCuXEcAwQC2UgMMA0EAgACMAcDBQAqEFDAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM/JDANBgkqhkiG9w0BAQsFAAOCAQEAZzn0aM3SdJIv
fGwcEixeMIqLHZVlz8W6U4EcFp0QRnqswwt74L72kJcWFMv6XSPHCwavgdGEz2Q7
iTy4WeJt7fNDg1OsF18e81KJTuIQjll/ZCtG9hkMG72GzqKryifWXf87mN1VMl/b
2Kae7Ko9kSELikiPE7aqN2mqZlXol0EHr3eDjowje675nTJy9FyoOmNs9lc/RDJT
8gLDRVGSVrJGy/nPMo/ubgbGRgD3iJ2hT+ZGEPDs5MqTIomHPtYe67cZ9RGhdaFW
YpucjyXBJwJKdijRQY7vORXfEqfr5pTQFJVPak35/v7ss3QU/wViEYgbYWxeRkZr
MV6xIuizpA==
-----END CERTIFICATE-----