Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/i-tlpxrwKVknKswA1cTBlYOF3pQ.cer
File:                     i-tlpxrwKVknKswA1cTBlYOF3pQ.cer (raw, json)
Hash identifier:          CCKDssg8/w7KeT3FKvq+lxzX4muc/ttBDOJmxkXLNvU=
Subject key identifier:   8B:EB:65:A7:1A:F0:29:59:27:2A:CC:00:D5:C4:C1:95:83:85:DE:94
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258EB6D27DC4B7E0FC9EF554CFD59FFD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f5/de9957-c7cc-4997-a22b-165a846d481d/1/i-tlpxrwKVknKswA1cTBlYOF3pQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f5/de9957-c7cc-4997-a22b-165a846d481d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:48:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 41676
                          IP: 77.46.0.0/22
                          IP: 80.238.96.0/19
                          IP: 93.174.24.0/21
                          IP: 109.233.88.0/21
                          IP: 176.241.240.0/21
                          IP: 185.25.216.0/22
                          IP: 185.78.132.0/22
                          IP: 185.93.92.0/22
                          IP: 185.102.188.0/22
                          IP: 2a00:64e0::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:b6:d2:7d:c4:b7:e0:fc:9e:f5:54:cf:d5:9f:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8beb65a71af02959272acc00d5c4c1958385de94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:09:ec:22:3b:20:f0:5e:94:d8:17:35:53:13:
                    3c:06:d1:2f:3a:ea:44:40:9e:bf:7f:30:31:73:23:
                    c0:7e:99:62:26:f5:e8:1c:9d:d1:69:a7:14:3e:d0:
                    db:dd:66:6b:c3:a1:af:ea:2a:f3:6e:bf:f9:1b:70:
                    c1:55:0d:93:57:fb:62:0a:ef:f8:7d:00:7f:66:1f:
                    ed:74:0f:6a:9a:b5:ba:10:06:0c:74:af:05:e1:cb:
                    77:b2:30:6d:22:41:cd:a1:f3:44:76:9e:8b:2a:59:
                    54:23:e0:42:51:f9:fd:48:1b:e0:13:c5:34:60:a2:
                    8b:ba:cc:4c:33:ea:ed:62:57:7c:ea:64:74:2b:8b:
                    58:9d:d7:cb:88:05:e3:94:75:b3:47:34:e5:e8:0b:
                    f5:18:1d:11:3f:1f:04:e7:7b:60:a5:cf:28:9c:6b:
                    6b:63:f9:21:a2:c4:7d:48:92:0d:95:00:0d:0d:56:
                    d7:4a:93:0d:c3:e2:ab:51:99:ad:04:36:b2:63:ea:
                    01:fa:63:99:17:ee:2a:f1:b0:71:70:de:39:93:91:
                    86:17:69:c1:51:f2:75:75:7f:57:54:f1:17:cb:f7:
                    28:5c:18:3c:7c:95:d0:b4:9b:6e:4b:f3:42:0f:30:
                    fc:8e:d1:78:c6:e0:76:c2:3a:7b:89:9d:ad:11:89:
                    8a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:EB:65:A7:1A:F0:29:59:27:2A:CC:00:D5:C4:C1:95:83:85:DE:94
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/de9957-c7cc-4997-a22b-165a846d481d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/de9957-c7cc-4997-a22b-165a846d481d/1/i-tlpxrwKVknKswA1cTBlYOF3pQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.46.0.0/22
                  80.238.96.0/19
                  93.174.24.0/21
                  109.233.88.0/21
                  176.241.240.0/21
                  185.25.216.0/22
                  185.78.132.0/22
                  185.93.92.0/22
                  185.102.188.0/22
                IPv6:
                  2a00:64e0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41676

    Signature Algorithm: sha256WithRSAEncryption
         ac:0b:44:3a:43:8d:ba:04:63:d2:ae:90:76:6f:93:e4:29:ba:
         b6:98:b8:4b:21:35:30:ec:c6:a2:d6:91:49:f2:27:55:7d:55:
         2c:3e:82:43:de:f2:0b:12:77:c6:c7:65:d8:55:a6:b6:6b:3c:
         dc:4e:34:8c:32:80:b3:0e:ba:d1:56:c6:12:75:cc:4a:f3:67:
         07:36:ac:7f:c3:cc:7b:be:7b:e2:44:f5:48:65:64:68:d8:e2:
         50:e0:e9:68:72:3d:53:79:53:78:94:d7:4f:20:22:be:7a:bf:
         a6:b4:63:e1:76:72:57:57:33:c5:1e:06:46:ab:25:b9:44:2c:
         dc:ca:2b:71:f0:4c:0d:32:51:6d:70:6a:e9:e6:d1:2f:ec:f2:
         85:05:6b:9e:47:9e:76:9b:b5:cb:2a:b8:64:cf:a6:7f:75:69:
         8d:9f:7e:94:fd:e6:f3:2a:08:d8:76:7c:0b:d3:83:38:d8:6b:
         66:6a:a7:cd:74:db:57:2e:e2:6a:40:3e:71:ef:f2:44:6b:78:
         90:e3:94:cc:04:55:d8:4a:2d:34:e0:29:3e:1b:35:bd:67:2a:
         30:6c:b5:79:29:bd:e2:55:b4:bd:a6:5f:93:3c:09:da:80:0e:
         ca:94:b3:f7:30:6a:6f:4e:f0:11:3f:ee:71:a1:03:22:57:51:
         2b:e3:60:76
-----BEGIN CERTIFICATE-----
MIIF0zCCBLugAwIBAgISAZQljrbSfcS34Pye9VTP1Z/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmViNjVhNzFhZjAyOTU5MjcyYWNjMDBkNWM0YzE5NTgzODVkZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQnsIjsg8F6U2Bc1UxM8BtEvOupE
QJ6/fzAxcyPAfpliJvXoHJ3RaacUPtDb3WZrw6Gv6irzbr/5G3DBVQ2TV/tiCu/4
fQB/Zh/tdA9qmrW6EAYMdK8F4ct3sjBtIkHNofNEdp6LKllUI+BCUfn9SBvgE8U0
YKKLusxMM+rtYld86mR0K4tYndfLiAXjlHWzRzTl6Av1GB0RPx8E53tgpc8onGtr
Y/khosR9SJINlQANDVbXSpMNw+KrUZmtBDayY+oB+mOZF+4q8bBxcN45k5GGF2nB
UfJ1dX9XVPEXy/coXBg8fJXQtJtuS/NCDzD8jtF4xuB2wjp7iZ2tEYmKjwIDAQAB
o4IC3zCCAtswHQYDVR0OBBYEFIvrZaca8ClZJyrMANXEwZWDhd6UMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y1L2RlOTk1
Ny1jN2NjLTQ5OTctYTIyYi0xNjVhODQ2ZDQ4MWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjUvZGU5OTU3
LWM3Y2MtNDk5Ny1hMjJiLTE2NWE4NDZkNDgxZC8xL2ktdGxweHJ3S1Zrbktzd0Ex
Y1RCbFlPRjNwUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF4GCCsGAQUF
BwEHAQH/BE8wTTA8BAIAATA2AwQCTS4AAwQFUO5gAwQDXa4YAwQDbelYAwQDsPHw
AwQCuRnYAwQCuU6EAwQCuV1cAwQCuWa8MA0EAgACMAcDBQAqAGTgMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCizDANBgkqhkiG9w0BAQsFAAOCAQEArAtEOkONugRj
0q6Qdm+T5Cm6tpi4SyE1MOzGotaRSfInVX1VLD6CQ97yCxJ3xsdl2FWmtms83E40
jDKAsw660VbGEnXMSvNnBzasf8PMe7574kT1SGVkaNjiUODpaHI9U3lTeJTXTyAi
vnq/prRj4XZyV1czxR4GRqsluUQs3MorcfBMDTJRbXBq6ebRL+zyhQVrnkeedpu1
yyq4ZM+mf3VpjZ9+lP3m8yoI2HZ8C9ODONhrZmqnzXTbVy7iakA+ce/yRGt4kOOU
zARV2EotNOApPhs1vWcqMGy1eSm94lW0vaZfkzwJ2oAOypSz9zBqb07wET/ucaED
IldRK+Ngdg==
-----END CERTIFICATE-----