Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bWjTPT2hTTu8_PwuSS3BZzhJqmw.cer
File:                     bWjTPT2hTTu8_PwuSS3BZzhJqmw.cer (raw, json)
Hash identifier:          vyXBTNOTZ4LzAY5MQN+1i5EnrZUN8RvP018p39cwCjE=
Subject key identifier:   6D:68:D3:3D:3D:A1:4D:3B:BC:FC:FC:2E:49:2D:C1:67:38:49:AA:6C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422201E89FEB784787A14A15D5996805B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/52/d63178-5d53-41e4-a70e-2a1e39dd633c/1/bWjTPT2hTTu8_PwuSS3BZzhJqmw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/52/d63178-5d53-41e4-a70e-2a1e39dd633c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:37 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 200723
                          IP: 217.26.219.0/24
                          IP: 2a13:4a40::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1e:89:fe:b7:84:78:7a:14:a1:5d:59:96:80:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d68d33d3da14d3bbcfcfc2e492dc1673849aa6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:59:42:55:64:91:4c:15:45:0c:f2:6c:79:12:
                    a0:67:97:d2:f8:8b:35:a4:c6:4a:4c:3d:96:1b:25:
                    32:8c:1b:89:e6:71:1b:62:4c:a1:4d:4b:99:bd:9c:
                    07:69:0c:8d:4d:7f:03:d8:93:00:13:35:29:b2:dc:
                    f6:ef:25:48:1f:6c:4f:98:b6:41:bd:1e:b6:64:a5:
                    7e:78:60:0e:77:21:45:6f:d7:23:ee:26:2d:9b:f5:
                    ee:2e:f8:ef:9f:f7:45:30:08:08:9f:c6:00:a0:bc:
                    66:f8:dd:d8:2c:ef:26:12:92:8d:5e:57:6e:67:98:
                    9d:91:47:a1:04:c5:4a:50:9a:cb:2e:73:c6:7e:03:
                    cf:18:93:04:a5:b6:ae:83:45:1a:c2:7c:06:68:8f:
                    98:69:60:b2:55:9f:01:53:8c:e0:fb:4d:4c:42:60:
                    63:8d:0d:16:8d:31:3f:c2:f0:41:4b:33:3f:52:dc:
                    d3:2c:e5:50:2f:49:52:e2:b7:be:2f:33:1a:5b:28:
                    b7:c2:08:8f:0f:16:9f:48:d1:c7:d0:54:81:74:62:
                    f2:c4:ba:b4:bc:36:92:e9:c4:84:d4:88:90:21:cd:
                    4b:6b:ee:10:74:e8:0b:a7:ae:5b:85:57:47:60:a1:
                    c5:05:be:4a:e2:e5:98:9d:fd:35:3e:a0:6e:79:3c:
                    60:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:68:D3:3D:3D:A1:4D:3B:BC:FC:FC:2E:49:2D:C1:67:38:49:AA:6C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/d63178-5d53-41e4-a70e-2a1e39dd633c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/d63178-5d53-41e4-a70e-2a1e39dd633c/1/bWjTPT2hTTu8_PwuSS3BZzhJqmw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.26.219.0/24
                IPv6:
                  2a13:4a40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200723

    Signature Algorithm: sha256WithRSAEncryption
         43:41:85:ec:9a:d4:6e:ec:90:a2:4b:8f:63:be:ac:d4:62:fb:
         32:62:9b:f0:8f:a7:4a:0d:2c:87:66:63:84:35:b8:48:86:c0:
         2e:34:6e:f8:b0:14:9b:fe:87:2a:8d:68:88:ed:06:8d:1c:66:
         fe:78:ef:e7:79:97:c4:2e:1d:be:4f:1d:15:14:e9:65:b5:34:
         30:8f:93:fe:d6:b8:c2:25:ef:5a:3e:3b:cd:c5:c5:59:6d:81:
         2c:60:66:e5:9f:1a:09:d4:45:c0:e8:18:a4:ab:48:6a:9a:d7:
         9a:f9:da:f5:88:b0:f3:ff:3d:6f:15:97:18:77:f8:77:77:b7:
         3e:a3:d2:3f:64:ef:21:de:dc:9d:1a:71:ab:2c:41:e8:f7:8c:
         3d:ff:9b:08:54:49:f1:8c:f7:b3:e6:45:5a:cf:11:84:ba:3c:
         d6:45:50:5c:aa:9a:3e:35:42:97:04:29:d1:1c:ea:1c:0d:a6:
         fb:c0:a0:4a:6f:aa:cf:e2:d1:ce:9b:4a:97:c0:6c:44:83:40:
         4e:90:40:8a:e1:0b:d8:d0:20:a9:62:8c:f1:e6:eb:ec:88:c8:
         ac:d8:17:fb:73:77:be:1c:fa:3a:23:d5:53:3c:04:d1:8e:e2:
         69:4c:f6:4f:01:ef:36:14:f7:ef:ee:bf:53:70:b9:1d:0f:78:
         3e:68:38:64
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQiIB6J/reEeHoUoV1ZloBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDY4ZDMzZDNkYTE0ZDNiYmNmY2ZjMmU0OTJkYzE2NzM4NDlhYTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFlCVWSRTBVFDPJseRKgZ5fS+Is1
pMZKTD2WGyUyjBuJ5nEbYkyhTUuZvZwHaQyNTX8D2JMAEzUpstz27yVIH2xPmLZB
vR62ZKV+eGAOdyFFb9cj7iYtm/XuLvjvn/dFMAgIn8YAoLxm+N3YLO8mEpKNXldu
Z5idkUehBMVKUJrLLnPGfgPPGJMEpbaug0UawnwGaI+YaWCyVZ8BU4zg+01MQmBj
jQ0WjTE/wvBBSzM/UtzTLOVQL0lS4re+LzMaWyi3wgiPDxafSNHH0FSBdGLyxLq0
vDaS6cSE1IiQIc1La+4QdOgLp65bhVdHYKHFBb5K4uWYnf01PqBueTxgpwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFG1o0z09oU07vPz8LkktwWc4SapsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUyL2Q2MzE3
OC01ZDUzLTQxZTQtYTcwZS0yYTFlMzlkZDYzM2MvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTIvZDYzMTc4
LTVkNTMtNDFlNC1hNzBlLTJhMWUzOWRkNjMzYy8xL2JXalRQVDJoVFR1OF9Qd3VT
UzNCWnpoSnFtdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQA2RrbMA0EAgACMAcDBQMqE0pAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMQEzANBgkqhkiG9w0BAQsFAAOCAQEAQ0GF7JrUbuyQ
okuPY76s1GL7MmKb8I+nSg0sh2ZjhDW4SIbALjRu+LAUm/6HKo1oiO0GjRxm/njv
53mXxC4dvk8dFRTpZbU0MI+T/ta4wiXvWj47zcXFWW2BLGBm5Z8aCdRFwOgYpKtI
aprXmvna9Yiw8/89bxWXGHf4d3e3PqPSP2TvId7cnRpxqyxB6PeMPf+bCFRJ8Yz3
s+ZFWs8RhLo81kVQXKqaPjVClwQp0RzqHA2m+8CgSm+qz+LRzptKl8BsRINATpBA
iuEL2NAgqWKM8ebr7IjIrNgX+3N3vhz6OiPVUzwE0Y7iaUz2TwHvNhT37+6/U3C5
HQ94Pmg4ZA==
-----END CERTIFICATE-----