Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Z0mu2oqKzn7FlvwYei_hBYKmcE0.cer
File:                     Z0mu2oqKzn7FlvwYei_hBYKmcE0.cer (raw, json)
Hash identifier:          qXq/FJLB61A2XOmX6s28eqT1yGQh4Cj8ot6cnCfnEgA=
Subject key identifier:   67:49:AE:DA:8A:8A:CE:7E:C5:96:FC:18:7A:2F:E1:05:82:A6:70:4D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942368C722BA13479D90828591EBDDB0FC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b4/2d36ab-dee5-469d-9216-6663faba1dd0/1/Z0mu2oqKzn7FlvwYei_hBYKmcE0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b4/2d36ab-dee5-469d-9216-6663faba1dd0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:47:36 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 13184
                          IP: 62.109.64.0/18
                          IP: 78.48.0.0/13
                          IP: 80.171.0.0/16
                          IP: 85.176.0.0/13
                          IP: 89.12.0.0/14
                          IP: 92.224.0.0/13
                          IP: 185.93.236.0/22
                          IP: 213.39.128.0/17
                          IP: 213.191.64.0/19
                          IP: 2a01:c00::/26

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:c7:22:ba:13:47:9d:90:82:85:91:eb:dd:b0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6749aeda8a8ace7ec596fc187a2fe10582a6704d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d0:07:28:14:cf:6d:0f:36:a3:78:ac:3a:ec:
                    8e:92:bc:51:4d:3c:4f:e7:63:9e:8c:1b:8c:e2:ad:
                    fc:b2:cc:d4:57:cc:05:98:a0:f6:72:64:72:4b:6c:
                    f9:d3:e8:3f:08:f2:1d:eb:b9:53:c9:54:68:dd:43:
                    f0:48:97:21:d2:41:bd:c3:c1:78:a0:72:63:8c:5a:
                    de:ff:8a:fe:69:27:7c:b4:d5:ac:88:12:2f:ab:5f:
                    f2:83:66:6e:14:a6:6f:68:bf:40:a0:09:54:7c:80:
                    18:25:5c:47:fd:48:36:41:d7:0c:e2:f8:c4:70:09:
                    d1:0d:93:2a:91:91:ea:40:bd:1d:4f:48:54:0b:ce:
                    2e:e2:c4:7c:08:4d:d9:b0:e0:f8:0b:9a:9a:28:53:
                    f5:cd:20:f6:f3:35:dc:58:0e:1a:7d:d6:97:db:23:
                    ef:d0:bf:d9:98:c0:0d:a4:e5:3a:8a:0a:c4:68:ad:
                    fe:74:86:8d:c8:35:f2:15:dd:c4:5d:c4:ac:3f:d9:
                    20:7b:e0:65:9c:25:53:9b:30:ee:05:07:68:ad:cc:
                    eb:d0:39:b0:42:90:1e:fd:1e:b2:f6:06:ad:3a:04:
                    cd:9a:f2:9b:e8:f7:ca:91:cd:93:19:1c:36:09:e8:
                    0b:f3:54:e5:19:25:b8:a2:50:e1:fa:1e:c0:c9:0e:
                    30:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:49:AE:DA:8A:8A:CE:7E:C5:96:FC:18:7A:2F:E1:05:82:A6:70:4D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2d36ab-dee5-469d-9216-6663faba1dd0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2d36ab-dee5-469d-9216-6663faba1dd0/1/Z0mu2oqKzn7FlvwYei_hBYKmcE0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.109.64.0/18
                  78.48.0.0/13
                  80.171.0.0/16
                  85.176.0.0/13
                  89.12.0.0/14
                  92.224.0.0/13
                  185.93.236.0/22
                  213.39.128.0/17
                  213.191.64.0/19
                IPv6:
                  2a01:c00::/26

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  13184

    Signature Algorithm: sha256WithRSAEncryption
         7e:fc:f1:95:96:d8:42:90:b0:33:32:c1:72:5b:5c:1f:a5:a7:
         fe:f2:85:bd:00:c0:94:65:25:93:8d:f2:ec:eb:a5:26:75:8f:
         eb:a9:3d:09:74:90:d7:0d:a9:a8:78:f4:00:c6:ba:4a:fa:be:
         1a:e2:2f:fd:92:fa:41:be:26:0f:bc:44:2c:5f:e4:25:8c:07:
         3e:90:46:8e:68:3f:b8:9d:e4:71:f9:4e:bf:39:96:16:80:2c:
         b8:d4:30:94:7e:b0:b5:ab:2e:68:08:b8:21:66:c9:69:aa:96:
         17:e8:0f:e9:d8:db:fa:2f:16:9e:49:a6:57:81:1e:74:82:16:
         f4:b4:f4:42:36:f8:b5:a7:cb:e7:4c:f0:cd:ee:c7:61:3b:c8:
         6b:ce:07:d0:8b:5f:41:1d:b0:8a:8c:21:a5:ae:79:54:30:0e:
         a6:0b:3f:8e:4c:10:c2:f6:d7:43:4f:d9:ed:e1:b8:ed:ae:07:
         c4:34:73:c2:ea:bf:58:48:a5:3c:a3:4a:80:6d:10:0a:32:5b:
         1e:65:11:99:0b:42:87:2a:1b:ed:92:8f:09:cb:2d:41:d6:b7:
         c7:a1:39:84:1f:57:f6:96:85:e0:dd:10:5b:6f:82:c9:0c:0b:
         c0:43:bb:23:ec:0b:c7:d3:06:bb:8f:47:27:d5:32:8b:a9:8d:
         10:cb:a1:91
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgISAZQjaMciuhNHnZCChZHr3bD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQ5YWVkYThhOGFjZTdlYzU5NmZjMTg3YTJmZTEwNTgyYTY3MDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49AHKBTPbQ82o3isOuyOkrxRTTxP
52OejBuM4q38sszUV8wFmKD2cmRyS2z50+g/CPId67lTyVRo3UPwSJch0kG9w8F4
oHJjjFre/4r+aSd8tNWsiBIvq1/yg2ZuFKZvaL9AoAlUfIAYJVxH/Ug2QdcM4vjE
cAnRDZMqkZHqQL0dT0hUC84u4sR8CE3ZsOD4C5qaKFP1zSD28zXcWA4afdaX2yPv
0L/ZmMANpOU6igrEaK3+dIaNyDXyFd3EXcSsP9kge+BlnCVTmzDuBQdorczr0Dmw
QpAe/R6y9gatOgTNmvKb6PfKkc2TGRw2CegL81TlGSW4olDh+h7AyQ4wvQIDAQAB
o4IC2TCCAtUwHQYDVR0OBBYEFGdJrtqKis5+xZb8GHov4QWCpnBNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I0LzJkMzZh
Yi1kZWU1LTQ2OWQtOTIxNi02NjYzZmFiYTFkZDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjQvMmQzNmFi
LWRlZTUtNDY5ZC05MjE2LTY2NjNmYWJhMWRkMC8xL1owbXUyb3FLem43Rmx2d1ll
aV9oQllLbWNFMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFkGCCsGAQUF
BwEHAQH/BEowSDA3BAIAATAxAwQGPm1AAwMDTjADAwBQqwMDA1WwAwMCWQwDAwNc
4AMEArld7AMEB9UngAMEBdW/QDANBAIAAjAHAwUGKgEMADAZBggrBgEFBQcBCAEB
/wQKMAigBjAEAgIzgDANBgkqhkiG9w0BAQsFAAOCAQEAfvzxlZbYQpCwMzLBcltc
H6Wn/vKFvQDAlGUlk43y7OulJnWP66k9CXSQ1w2pqHj0AMa6Svq+GuIv/ZL6Qb4m
D7xELF/kJYwHPpBGjmg/uJ3kcflOvzmWFoAsuNQwlH6wtasuaAi4IWbJaaqWF+gP
6djb+i8WnkmmV4EedIIW9LT0Qjb4tafL50zwze7HYTvIa84H0ItfQR2wiowhpa55
VDAOpgs/jkwQwvbXQ0/Z7eG47a4HxDRzwuq/WEilPKNKgG0QCjJbHmURmQtChyob
7ZKPCcstQda3x6E5hB9X9paF4N0QW2+CyQwLwEO7I+wLx9MGu49HJ9Uyi6mNEMuh
kQ==
-----END CERTIFICATE-----