Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YSQjU25R-U-r_FCs-UTXmKrPQD8.cer
File:                     YSQjU25R-U-r_FCs-UTXmKrPQD8.cer (raw, json)
Hash identifier:          1JsH1Pc0LrPfSkXikeSrE1+peY2Z0qAbYsVD6Knh1Qo=
Subject key identifier:   61:24:23:53:6E:51:F9:4F:AB:FC:50:AC:F9:44:D7:98:AA:CF:40:3F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942369FC77D065946BE7B58A12A8070BAE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/7b0ec7-9848-4163-ac1b-7b04d3597378/1/YSQjU25R-U-r_FCs-UTXmKrPQD8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/7b0ec7-9848-4163-ac1b-7b04d3597378/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:48:56 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 41766
                          IP: 193.37.147.0/24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fc:77:d0:65:94:6b:e7:b5:8a:12:a8:07:0b:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=612423536e51f94fabfc50acf944d798aacf403f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ac:70:06:01:4b:7c:72:47:99:24:55:56:e3:
                    ad:d5:82:b9:68:05:98:0e:0c:d5:a8:a1:5d:a7:ba:
                    bb:f2:8b:bd:a5:0e:02:cb:da:57:5f:c3:be:d6:0d:
                    32:d7:37:06:73:24:71:bb:25:fa:38:3b:be:69:1d:
                    7d:c6:bc:2c:c5:a1:dd:0b:7a:a3:d7:13:0d:fd:07:
                    44:da:27:98:a3:58:19:fc:b2:94:aa:48:30:07:cc:
                    73:d3:48:99:c3:eb:1d:1f:6a:7e:25:36:c1:d1:d6:
                    00:0c:ea:39:00:c1:cf:c2:6a:1a:ef:d3:da:bd:94:
                    9e:30:e1:3a:3b:15:50:54:0c:c3:67:df:f8:1b:97:
                    7f:18:22:40:19:d3:5e:bf:93:d1:78:1e:ab:35:0a:
                    7a:4f:37:04:e9:47:2b:54:42:1b:34:ba:59:c3:1e:
                    53:85:18:a3:75:cb:2c:be:7e:9c:32:b0:ac:6c:46:
                    73:3a:55:5e:45:31:08:12:94:3d:f1:0f:9a:47:82:
                    d5:6b:23:6d:53:f1:f5:66:65:22:b7:a5:e8:fc:97:
                    bd:9e:7c:fb:9c:a8:00:dc:78:a5:1c:e1:f6:ee:dd:
                    eb:43:ae:11:d9:f6:6b:6c:4f:7b:3b:e4:9f:98:0a:
                    05:68:54:ae:f5:97:65:e7:3b:7b:13:5a:23:0c:c4:
                    1b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:24:23:53:6E:51:F9:4F:AB:FC:50:AC:F9:44:D7:98:AA:CF:40:3F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/7b0ec7-9848-4163-ac1b-7b04d3597378/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/7b0ec7-9848-4163-ac1b-7b04d3597378/1/YSQjU25R-U-r_FCs-UTXmKrPQD8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.147.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41766

    Signature Algorithm: sha256WithRSAEncryption
         00:6d:1c:c0:ce:84:c0:de:eb:2a:7a:53:bc:2f:3b:c1:be:5b:
         76:0f:8f:75:ad:41:59:76:7f:8e:f1:07:76:47:e1:bb:77:22:
         c1:bf:13:79:12:7f:79:a3:d5:49:4f:1f:e3:19:f4:9d:9b:1e:
         e7:78:1c:9a:06:5f:cd:4f:3c:9b:23:c6:80:53:ed:4a:f6:73:
         b2:e8:3e:72:6b:46:f7:92:ff:98:51:5e:93:0c:98:30:ff:5e:
         e5:5f:85:45:47:d4:46:6a:d4:dc:81:41:94:a8:50:92:6e:bc:
         d8:38:70:17:c5:d8:7f:2f:6a:05:15:1d:54:31:ab:6f:1c:60:
         e0:4f:07:2f:c2:bb:63:91:4b:da:ca:89:ab:a9:7f:86:4d:d3:
         eb:5a:80:61:37:78:2e:42:d4:c3:32:69:cc:6f:39:40:08:e6:
         8f:a7:5e:28:54:a3:4d:81:d7:68:dd:df:15:ff:18:ee:eb:59:
         d7:41:f4:80:b7:9f:2a:5b:f3:87:43:2b:fd:46:94:d0:da:86:
         f2:5c:5e:4b:8a:61:f6:23:c7:9e:df:37:68:f3:04:7f:9e:b4:
         54:f1:ce:28:2d:3c:e1:e9:71:81:7b:ad:73:e9:5c:66:eb:2d:
         04:2c:f8:d5:83:a9:8b:e5:24:29:9a:82:25:04:7e:e1:06:61:
         b9:65:dd:f7
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQjafx30GWUa+e1ihKoBwuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTI0MjM1MzZlNTFmOTRmYWJmYzUwYWNmOTQ0ZDc5OGFhY2Y0MDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qxwBgFLfHJHmSRVVuOt1YK5aAWY
DgzVqKFdp7q78ou9pQ4Cy9pXX8O+1g0y1zcGcyRxuyX6ODu+aR19xrwsxaHdC3qj
1xMN/QdE2ieYo1gZ/LKUqkgwB8xz00iZw+sdH2p+JTbB0dYADOo5AMHPwmoa79Pa
vZSeMOE6OxVQVAzDZ9/4G5d/GCJAGdNev5PReB6rNQp6TzcE6UcrVEIbNLpZwx5T
hRijdcssvn6cMrCsbEZzOlVeRTEIEpQ98Q+aR4LVayNtU/H1ZmUit6Xo/Je9nnz7
nKgA3HilHOH27t3rQ64R2fZrbE97O+SfmAoFaFSu9Zdl5zt7E1ojDMQbEwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGEkI1NuUflPq/xQrPlE15iqz0A/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliLzdiMGVj
Ny05ODQ4LTQxNjMtYWMxYi03YjA0ZDM1OTczNzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvN2IwZWM3
LTk4NDgtNDE2My1hYzFiLTdiMDRkMzU5NzM3OC8xL1lTUWpVMjVSLVUtcl9GQ3Mt
VVRYbUtyUFFEOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwSWTMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCjJjANBgkqhkiG9w0BAQsFAAOCAQEAAG0cwM6EwN7rKnpTvC87wb5bdg+Pda1B
WXZ/jvEHdkfhu3ciwb8TeRJ/eaPVSU8f4xn0nZse53gcmgZfzU88myPGgFPtSvZz
sug+cmtG95L/mFFekwyYMP9e5V+FRUfURmrU3IFBlKhQkm682DhwF8XYfy9qBRUd
VDGrbxxg4E8HL8K7Y5FL2sqJq6l/hk3T61qAYTd4LkLUwzJpzG85QAjmj6deKFSj
TYHXaN3fFf8Y7utZ10H0gLefKlvzh0Mr/UaU0NqG8lxeS4ph9iPHnt83aPMEf560
VPHOKC084elxgXutc+lcZustBCz41YOpi+UkKZqCJQR+4QZhuWXd9w==
-----END CERTIFICATE-----