Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bosCjRgnTSGnMWrqPMzpFYtU9IE.cer
File:                     bosCjRgnTSGnMWrqPMzpFYtU9IE.cer (raw, json)
Hash identifier:          FPRl04qZ2g3DGOkQV6rcQ61G1vQoE+NcXBXyGGnFvfU=
Subject key identifier:   6E:8B:02:8D:18:27:4D:21:A7:31:6A:EA:3C:CC:E9:15:8B:54:F4:81
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228D7AA284FE893F86A133D3A2FAFEA7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fb/096eaf-634b-4c49-b68e-c2c61518589f/1/bosCjRgnTSGnMWrqPMzpFYtU9IE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fb/096eaf-634b-4c49-b68e-c2c61518589f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198913
                          AS: 211292
                          IP: 31.220.147.0/24
                          IP: 46.243.120.0/21
                          IP: 185.132.24.0/22
                          IP: 185.173.228.0/22
                          IP: 185.216.228.0/23
                          IP: 213.163.250.0/23
                          IP: 217.19.13.0/24
                          IP: 2a03:d400::/32
                          IP: 2a0b:6f00::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:7a:a2:84:fe:89:3f:86:a1:33:d3:a2:fa:fe:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e8b028d18274d21a7316aea3ccce9158b54f481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e5:75:68:a6:04:c0:3b:57:86:4a:1b:18:6f:
                    ef:9c:c4:8a:e9:d7:82:76:86:50:f6:65:0c:07:1d:
                    4d:f0:48:a9:90:ab:74:9a:0f:17:51:1b:13:a2:72:
                    fd:3c:ce:dd:01:e2:bc:ea:77:50:02:1c:b8:6f:80:
                    d8:26:25:46:16:04:c1:92:bd:5b:e9:dc:e3:82:4d:
                    df:c7:54:5f:51:bc:27:ef:43:77:96:27:86:34:f7:
                    b0:f2:b3:c4:f6:bf:f6:c5:76:95:89:9a:e9:e0:62:
                    89:6c:ba:3c:1b:89:ef:9b:7a:a1:9b:52:e4:d8:6e:
                    26:24:ce:5f:e3:43:70:6c:3c:6f:7b:0c:25:18:27:
                    ee:da:e3:b3:4f:61:50:24:a6:95:7b:f5:cb:8a:de:
                    f6:3d:a8:54:3c:33:1b:65:bf:73:60:c8:96:af:17:
                    3e:7c:fb:fd:70:5e:34:c3:be:f5:9a:36:b5:30:ac:
                    b3:33:d5:40:11:b2:5d:e8:00:66:bb:05:3d:29:da:
                    f1:16:08:e6:4f:80:c3:a4:c3:a5:89:3e:bc:67:85:
                    9e:34:bf:22:bf:e6:79:f8:01:94:81:ab:10:4f:5a:
                    2e:d8:29:29:1c:8f:bd:cd:00:e5:00:fd:f8:85:3d:
                    04:b7:4f:4e:db:0e:3e:29:86:19:1d:ce:4f:e6:62:
                    30:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:8B:02:8D:18:27:4D:21:A7:31:6A:EA:3C:CC:E9:15:8B:54:F4:81
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/096eaf-634b-4c49-b68e-c2c61518589f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/096eaf-634b-4c49-b68e-c2c61518589f/1/bosCjRgnTSGnMWrqPMzpFYtU9IE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.147.0/24
                  46.243.120.0/21
                  185.132.24.0/22
                  185.173.228.0/22
                  185.216.228.0/23
                  213.163.250.0/23
                  217.19.13.0/24
                IPv6:
                  2a03:d400::/32
                  2a0b:6f00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198913
                  211292

    Signature Algorithm: sha256WithRSAEncryption
         71:24:3c:e4:43:a5:31:58:ac:e7:7f:81:bd:ad:fb:49:b1:36:
         77:c3:9c:62:b5:48:1e:4b:d6:4b:bd:40:98:1e:7a:5f:45:86:
         6b:8d:9e:3f:a1:85:43:ab:1d:5d:70:9d:50:cb:4a:d5:95:46:
         62:d1:14:ad:8a:c2:06:d3:7e:73:ef:f3:ff:f4:0b:46:a4:bc:
         34:f4:65:6c:c3:0d:e1:3c:0d:a4:d4:f8:51:c8:50:63:51:27:
         ea:4a:61:f3:94:39:55:4f:61:0f:58:38:f5:55:5d:5f:a5:88:
         01:54:60:54:1a:e7:ec:fe:98:35:df:03:17:2b:30:86:6e:27:
         0e:ca:d2:ab:3e:00:50:1b:e0:16:a0:69:fd:14:3c:6f:39:3c:
         99:02:2d:07:38:8a:48:d5:b4:1e:a0:6e:90:19:d6:eb:88:85:
         3e:4d:9e:66:24:18:03:96:f3:5b:98:6e:8a:a2:7e:7c:78:32:
         84:57:e2:cc:20:9f:d1:ec:7d:b5:ca:2b:5b:47:49:ff:ce:56:
         89:49:88:fb:cb:28:5a:15:a6:0c:ed:9e:3c:14:aa:f8:8d:33:
         66:1e:1f:bc:06:9f:83:6a:eb:fa:ef:d3:e9:da:71:1b:c5:1d:
         b3:cb:97:22:ea:e5:ff:b0:36:f8:18:58:84:8f:3f:2e:69:c3:
         28:58:22:80
-----BEGIN CERTIFICATE-----
MIIF0zCCBLugAwIBAgISAZQijXqihP6JP4ahM9Oi+v6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZThiMDI4ZDE4Mjc0ZDIxYTczMTZhZWEzY2NjZTkxNThiNTRmNDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluV1aKYEwDtXhkobGG/vnMSK6deC
doZQ9mUMBx1N8EipkKt0mg8XURsTonL9PM7dAeK86ndQAhy4b4DYJiVGFgTBkr1b
6dzjgk3fx1RfUbwn70N3lieGNPew8rPE9r/2xXaViZrp4GKJbLo8G4nvm3qhm1Lk
2G4mJM5f40NwbDxvewwlGCfu2uOzT2FQJKaVe/XLit72PahUPDMbZb9zYMiWrxc+
fPv9cF40w771mja1MKyzM9VAEbJd6ABmuwU9KdrxFgjmT4DDpMOliT68Z4WeNL8i
v+Z5+AGUgasQT1ou2CkpHI+9zQDlAP34hT0Et09O2w4+KYYZHc5P5mIwSwIDAQAB
o4IC3zCCAtswHQYDVR0OBBYEFG6LAo0YJ00hpzFq6jzM6RWLVPSBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZiLzA5NmVh
Zi02MzRiLTRjNDktYjY4ZS1jMmM2MTUxODU4OWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmIvMDk2ZWFm
LTYzNGItNGM0OS1iNjhlLWMyYzYxNTE4NTg5Zi8xL2Jvc0NqUmduVFNHbk1XcnFQ
TXpwRll0VTlJRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFkGCCsGAQUF
BwEHAQH/BEowSDAwBAIAATAqAwQAH9yTAwQDLvN4AwQCuYQYAwQCua3kAwQBudjk
AwQB1aP6AwQA2RMNMBQEAgACMA4DBQAqA9QAAwUDKgtvADAfBggrBgEFBQcBCAEB
/wQQMA6gDDAKAgMDCQECAwM5XDANBgkqhkiG9w0BAQsFAAOCAQEAcSQ85EOlMVis
53+Bva37SbE2d8OcYrVIHkvWS71AmB56X0WGa42eP6GFQ6sdXXCdUMtK1ZVGYtEU
rYrCBtN+c+/z//QLRqS8NPRlbMMN4TwNpNT4UchQY1En6kph85Q5VU9hD1g49VVd
X6WIAVRgVBrn7P6YNd8DFyswhm4nDsrSqz4AUBvgFqBp/RQ8bzk8mQItBziKSNW0
HqBukBnW64iFPk2eZiQYA5bzW5huiqJ+fHgyhFfizCCf0ex9tcorW0dJ/85WiUmI
+8soWhWmDO2ePBSq+I0zZh4fvAafg2rr+u/T6dpxG8Uds8uXIurl/7A2+BhYhI8/
LmnDKFgigA==
-----END CERTIFICATE-----