Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cTm2kHj5bKuvcYo5u1hniurBzMI.cer
File:                     cTm2kHj5bKuvcYo5u1hniurBzMI.cer (raw, json)
Hash identifier:          nlP7otAdPnb+ZCUt7hxcwanbkmrFtZGkddtGrj5gmxs=
Subject key identifier:   71:39:B6:90:78:F9:6C:AB:AF:71:8A:39:BB:58:67:8A:EA:C1:CC:C2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019428273B531A5764C5F4014D74588D0630
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/cTm2kHj5bKuvcYo5u1hniurBzMI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 17:54:07 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 42871
                          AS: 197999
                          IP: 31.217.216.0/21
                          IP: 193.33.216.0/23
                          IP: 2a03:1a80::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:3b:53:1a:57:64:c5:f4:01:4d:74:58:8d:06:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 17:54:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7139b69078f96cabaf718a39bb58678aeac1ccc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f6:17:cd:ee:41:4c:c2:b3:39:dc:ca:66:71:
                    40:10:8a:ac:99:e3:57:01:34:08:a8:d2:1e:22:fd:
                    9f:83:3f:02:7d:33:41:c5:a3:19:3c:ed:45:a9:44:
                    20:e4:e4:61:5f:ee:b3:7e:a0:32:24:3a:e3:d2:11:
                    42:a2:72:df:0f:62:94:eb:01:36:3d:3a:95:b6:df:
                    fd:d5:f0:eb:01:dc:4a:a8:a0:9a:8c:46:81:81:2e:
                    33:51:cf:00:4b:f7:de:09:e9:11:f9:0a:38:ba:93:
                    13:94:b4:6b:ae:9b:c2:05:5f:c8:e0:6f:08:61:1f:
                    d9:f6:48:d9:47:08:47:86:22:b0:09:a2:71:86:f5:
                    e1:f4:ee:33:74:71:63:d9:43:21:2b:5a:34:17:91:
                    83:86:fe:de:d0:98:63:a9:e1:0e:50:45:4c:21:c9:
                    77:b0:f1:b3:68:7e:46:db:6c:5d:5a:34:24:ee:be:
                    33:2b:89:38:dc:58:16:da:a1:e8:75:ef:81:34:e4:
                    2e:f4:cb:40:f2:2a:02:11:f5:38:7c:a5:de:b4:c6:
                    84:2e:ce:c7:2b:ca:23:a5:94:33:24:55:db:84:22:
                    c5:f5:dc:f1:79:2b:12:a5:57:bf:cd:32:b9:49:6d:
                    d9:e1:da:5d:29:67:9a:88:28:97:63:f1:a1:9d:40:
                    63:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:39:B6:90:78:F9:6C:AB:AF:71:8A:39:BB:58:67:8A:EA:C1:CC:C2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/cTm2kHj5bKuvcYo5u1hniurBzMI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.217.216.0/21
                  193.33.216.0/23
                IPv6:
                  2a03:1a80::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42871
                  197999

    Signature Algorithm: sha256WithRSAEncryption
         04:59:d8:8c:6f:17:ba:bd:11:3e:e3:a9:71:c7:40:f9:dc:ac:
         fc:13:ff:e1:58:cf:f5:7a:28:40:62:c0:c7:a9:04:cb:58:e9:
         3f:b3:98:ce:32:5c:21:a7:e8:95:70:9c:8a:ac:bd:f5:61:da:
         36:18:c5:c9:72:e3:c8:f5:6b:b4:46:ae:32:1b:53:ec:1a:51:
         6f:15:d7:ce:f9:5f:bc:47:60:2c:89:38:5e:24:be:99:20:ff:
         13:55:cc:3e:ad:b4:19:3c:ab:6d:b4:be:03:6f:7c:65:5d:0d:
         3f:a5:d5:8e:0f:db:ef:bc:99:c1:b5:4d:24:02:85:ba:1f:a6:
         b2:31:37:0a:dc:b7:90:0a:78:27:9d:5a:b3:b2:bb:26:e2:b0:
         74:25:83:b1:97:50:20:c5:e8:28:fe:4d:f7:2f:ff:e1:51:99:
         f8:19:09:b3:8b:32:6e:04:e2:1a:c9:0f:bf:af:cf:23:2f:44:
         17:f8:42:df:d3:76:07:a8:e8:ab:36:c5:8d:3b:41:cd:a1:44:
         bd:6a:1d:0d:8b:e7:6d:08:c4:d5:ee:17:12:40:11:2b:7b:5f:
         f1:41:bf:61:28:e7:62:b9:13:a6:bf:45:2c:63:53:a8:e8:a4:
         e9:75:4f:f6:ab:d3:05:36:39:1f:92:79:9e:b5:59:43:c5:68:
         c6:b0:29:64
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgISAZQoJztTGldkxfQBTXRYjQYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTc1NDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTM5YjY5MDc4Zjk2Y2FiYWY3MThhMzliYjU4Njc4YWVhYzFjY2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPYXze5BTMKzOdzKZnFAEIqsmeNX
ATQIqNIeIv2fgz8CfTNBxaMZPO1FqUQg5ORhX+6zfqAyJDrj0hFConLfD2KU6wE2
PTqVtt/91fDrAdxKqKCajEaBgS4zUc8AS/feCekR+Qo4upMTlLRrrpvCBV/I4G8I
YR/Z9kjZRwhHhiKwCaJxhvXh9O4zdHFj2UMhK1o0F5GDhv7e0JhjqeEOUEVMIcl3
sPGzaH5G22xdWjQk7r4zK4k43FgW2qHode+BNOQu9MtA8ioCEfU4fKXetMaELs7H
K8ojpZQzJFXbhCLF9dzxeSsSpVe/zTK5SW3Z4dpdKWeaiCiXY/GhnUBj4wIDAQAB
o4ICujCCArYwHQYDVR0OBBYEFHE5tpB4+Wyrr3GKObtYZ4rqwczCMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VkL2NhYjE0
OS1kNTY3LTQ4ZmMtYWM5Yi0yMGIwMjRjNmZjMmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvY2FiMTQ5
LWQ1NjctNDhmYy1hYzliLTIwYjAyNGM2ZmMyZi8xL2NUbTJrSGo1Ykt1dmNZbzV1
MWhuaXVyQnpNSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQDH9nYAwQBwSHYMA0EAgACMAcDBQAqAxqAMB8G
CCsGAQUFBwEIAQH/BBAwDqAMMAoCAwCndwIDAwVvMA0GCSqGSIb3DQEBCwUAA4IB
AQAEWdiMbxe6vRE+46lxx0D53Kz8E//hWM/1eihAYsDHqQTLWOk/s5jOMlwhp+iV
cJyKrL31Ydo2GMXJcuPI9Wu0Rq4yG1PsGlFvFdfO+V+8R2AsiTheJL6ZIP8TVcw+
rbQZPKtttL4Db3xlXQ0/pdWOD9vvvJnBtU0kAoW6H6ayMTcK3LeQCngnnVqzsrsm
4rB0JYOxl1Agxego/k33L//hUZn4GQmzizJuBOIayQ+/r88jL0QX+ELf03YHqOir
NsWNO0HNoUS9ah0Ni+dtCMTV7hcSQBEre1/xQb9hKOdiuROmv0UsY1Oo6KTpdU/2
q9MFNjkfknmetVlDxWjGsClk
-----END CERTIFICATE-----