Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nHLoTFLlxJCdvHAqodIS1HiHX60.cer
File:                     nHLoTFLlxJCdvHAqodIS1HiHX60.cer (raw, json)
Hash identifier:          pn+qcgoEYQHkLc0QSlpQtlqHzeWJc35nzY1YleEkPd0=
Subject key identifier:   9C:72:E8:4C:52:E5:C4:90:9D:BC:70:2A:A1:D2:12:D4:78:87:5F:AD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C58E329DD203A345A048AF6AE752B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/nHLoTFLlxJCdvHAqodIS1HiHX60.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 49924
                          IP: 91.109.192.0/21
                          IP: 109.73.176.0/20
                          IP: 176.101.171.0/24
                          IP: 185.123.232.0/22
                          IP: 2a06:be40::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:58:e3:29:dd:20:3a:34:5a:04:8a:f6:ae:75:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c72e84c52e5c4909dbc702aa1d212d478875fad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:50:5b:66:02:2e:c6:c5:89:d0:40:9b:a2:96:
                    d0:5a:93:f8:3e:98:01:76:b6:50:1d:c7:83:c1:16:
                    b4:eb:6d:41:9d:13:0a:18:12:ab:f7:3a:3d:d8:c4:
                    dc:af:05:1e:7c:7b:2f:3d:96:3f:9b:e3:92:cf:3e:
                    ff:4e:ac:94:49:8b:1b:73:a5:75:36:83:a8:3d:6e:
                    fd:1d:47:6b:98:48:be:14:4f:0a:a6:f8:46:c0:ff:
                    e4:db:4c:1c:e0:82:7e:fa:7b:24:b9:16:fb:ae:e6:
                    7f:29:fd:9f:a7:6c:7a:af:e5:4f:a9:ae:a2:2a:8d:
                    b0:37:5a:9f:ec:1a:6a:dc:74:aa:40:63:22:fd:18:
                    9e:a2:36:1b:d6:89:1d:f6:78:ac:aa:6d:53:c5:ec:
                    99:4f:02:7d:33:82:1f:d7:2c:eb:3d:11:85:d8:ba:
                    6c:68:f3:9a:98:8c:b4:18:14:02:d6:f0:61:e5:02:
                    ef:d6:31:c0:d9:09:3f:1b:23:bd:5c:1c:06:08:3c:
                    55:ef:51:2f:15:40:06:de:ba:8e:65:da:e2:dc:29:
                    7a:6c:04:9c:97:ca:da:05:15:ff:13:e1:ac:2f:d8:
                    00:77:62:b4:51:74:f0:a7:f2:27:86:33:62:db:62:
                    ec:78:2b:0a:0d:d7:10:15:4a:fb:a9:16:29:3a:1b:
                    6d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:72:E8:4C:52:E5:C4:90:9D:BC:70:2A:A1:D2:12:D4:78:87:5F:AD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/nHLoTFLlxJCdvHAqodIS1HiHX60.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.192.0/21
                  109.73.176.0/20
                  176.101.171.0/24
                  185.123.232.0/22
                IPv6:
                  2a06:be40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49924

    Signature Algorithm: sha256WithRSAEncryption
         9f:6f:ed:cd:0e:1e:20:5c:13:cb:d8:a0:6e:25:a8:bf:f4:0a:
         a2:38:27:14:8b:d7:23:52:88:c5:4a:e5:36:6a:af:b6:43:bc:
         a4:e5:21:c9:04:5a:1d:e0:75:d8:bd:79:a9:4e:2b:d1:68:7d:
         4f:c9:05:e4:ce:ea:29:95:91:7d:63:4f:81:55:b8:aa:8d:6e:
         2e:56:da:c6:ad:cd:73:95:2e:7f:da:9a:bd:f8:16:fe:0a:be:
         c7:4a:9e:80:f8:2a:6a:f1:b6:48:52:d9:2f:6e:27:bc:25:86:
         45:78:22:b1:33:ea:d0:1f:5f:df:a4:9e:08:e4:16:5c:fc:8f:
         76:91:5b:84:05:14:af:f1:4c:c8:ce:89:37:77:41:09:fc:15:
         3d:12:6e:2b:79:23:d1:32:c6:48:10:3c:02:5a:e8:9e:6b:f9:
         c3:02:24:75:85:7e:61:1d:0b:bb:5a:6b:09:3e:fa:e1:b7:cc:
         95:0b:ec:69:36:86:86:c1:27:07:57:ca:da:11:96:a3:bd:51:
         1d:30:cc:b7:41:71:bb:62:e6:bf:e6:43:76:b0:ec:83:70:9c:
         52:d1:c6:96:86:15:20:68:ed:ce:df:57:f3:61:3d:9f:2c:fc:
         50:88:4c:45:b7:38:20:3c:cd:30:12:28:86:c2:aa:e4:d4:73:
         7b:7a:1a:58
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAZQfjFjjKd0gOjRaBIr2rnUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzcyZTg0YzUyZTVjNDkwOWRiYzcwMmFhMWQyMTJkNDc4ODc1ZmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFBbZgIuxsWJ0ECbopbQWpP4PpgB
drZQHceDwRa0621BnRMKGBKr9zo92MTcrwUefHsvPZY/m+OSzz7/TqyUSYsbc6V1
NoOoPW79HUdrmEi+FE8KpvhGwP/k20wc4IJ++nskuRb7ruZ/Kf2fp2x6r+VPqa6i
Ko2wN1qf7Bpq3HSqQGMi/RieojYb1okd9nisqm1TxeyZTwJ9M4If1yzrPRGF2Lps
aPOamIy0GBQC1vBh5QLv1jHA2Qk/GyO9XBwGCDxV71EvFUAG3rqOZdri3Cl6bASc
l8raBRX/E+GsL9gAd2K0UXTwp/InhjNi22LseCsKDdcQFUr7qRYpOhtt2QIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFJxy6ExS5cSQnbxwKqHSEtR4h1+tMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI5L2RhY2Nj
NC0zNmM4LTRkNGMtOGM0ZS01NzYwYjVkNTRkZjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkvZGFjY2M0
LTM2YzgtNGQ0Yy04YzRlLTU3NjBiNWQ1NGRmOS8xL25ITG9URkxseEpDZHZIQXFv
ZElTMUhpSFg2MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAGCCsGAQUF
BwEHAQH/BDEwLzAeBAIAATAYAwQDW23AAwQEbUmwAwQAsGWrAwQCuXvoMA0EAgAC
MAcDBQMqBr5AMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwDDBDANBgkqhkiG9w0B
AQsFAAOCAQEAn2/tzQ4eIFwTy9igbiWov/QKojgnFIvXI1KIxUrlNmqvtkO8pOUh
yQRaHeB12L15qU4r0Wh9T8kF5M7qKZWRfWNPgVW4qo1uLlbaxq3Nc5Uuf9qavfgW
/gq+x0qegPgqavG2SFLZL24nvCWGRXgisTPq0B9f36SeCOQWXPyPdpFbhAUUr/FM
yM6JN3dBCfwVPRJuK3kj0TLGSBA8Alronmv5wwIkdYV+YR0Lu1prCT764bfMlQvs
aTaGhsEnB1fK2hGWo71RHTDMt0Fxu2Lmv+ZDdrDsg3CcUtHGloYVIGjtzt9X82E9
nyz8UIhMRbc4IDzNMBIohsKq5NRze3oaWA==
-----END CERTIFICATE-----