Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer
File:                     u5tW2NluvLX8-H3i7CtSwZTM-fk.cer (raw, json)
Hash identifier:          JbHRwfHa43zxQqKkAVeGk3dTLf6Wqpx6Lr0ImL7Lmb8=
Subject key identifier:   BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228D52E60C814C9E6A2B4FCC0B98BE0A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:47:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 57461
                          IP: 91.232.72.0/22
                          IP: 185.222.120.0/22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:52:e6:0c:81:4c:9e:6a:2b:4f:cc:0b:98:be:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb9b56d8d96ebcb5fcf87de2ec2b52c194ccf9f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:9e:68:a3:01:24:0e:ea:b0:2b:00:09:56:47:
                    7b:6a:8e:24:32:e7:a1:9f:80:7d:db:70:b0:21:11:
                    01:b7:7b:50:ad:50:97:ec:fc:66:d3:24:0a:78:6d:
                    dd:94:c6:8e:c7:e9:a3:35:dc:09:a2:9d:8e:c8:e8:
                    bd:44:27:1a:81:52:3b:95:a2:80:de:c1:e8:ae:05:
                    7c:1f:b1:fa:e7:8c:f6:91:8c:1f:db:a7:25:09:d1:
                    a1:e0:48:34:b4:f6:c5:d3:03:8e:54:11:b3:e0:90:
                    b5:6f:24:73:11:24:ef:2c:8d:fc:0e:2c:ca:4a:e6:
                    55:6c:e5:55:39:43:2b:6c:26:3a:68:cb:ff:2d:0d:
                    b7:5e:35:0c:ce:e7:9a:8e:f7:b5:9d:19:e4:85:3f:
                    f0:16:87:d6:73:0f:a5:0d:76:24:12:f0:f0:86:06:
                    4b:1e:a1:e5:7a:62:96:83:19:ee:2f:f9:ac:3b:7f:
                    9a:0c:67:65:c8:65:61:9d:b7:ab:3c:37:f7:03:d5:
                    21:c9:2d:b5:0d:ec:01:0c:a7:b2:31:24:aa:f9:1f:
                    1f:b1:84:15:95:0a:52:aa:66:96:89:7b:6e:ea:84:
                    7c:9c:93:6e:0c:19:ed:2b:10:39:9f:5d:93:4c:0e:
                    12:58:72:25:b5:29:08:62:93:76:43:fc:bd:a8:7a:
                    2d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.72.0/22
                  185.222.120.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57461

    Signature Algorithm: sha256WithRSAEncryption
         74:33:5d:37:9a:f7:b1:b8:aa:fb:5b:87:7f:09:20:f6:60:f1:
         f7:30:93:a2:4f:2a:34:27:ae:18:56:0b:45:b4:b3:06:af:31:
         99:66:91:91:a2:78:31:e1:d4:20:f9:6b:c5:32:da:0d:61:b1:
         e3:a4:a5:23:f1:52:6d:a4:0d:2a:c7:0e:eb:1c:b4:e7:dd:34:
         eb:c3:26:26:61:b9:08:2c:ed:e4:d2:6f:97:72:41:d1:d9:8e:
         b8:24:52:bc:0e:98:a4:a3:69:e9:0a:d9:8d:ee:29:62:1c:50:
         f8:28:0a:c4:64:a2:32:3f:76:42:05:d4:c7:f7:8d:75:91:02:
         d4:32:18:a9:5d:0b:cc:36:77:57:d1:21:30:36:c9:0a:65:85:
         3a:8f:27:05:f0:34:57:ae:c9:9d:d2:94:23:6d:fe:da:6b:cd:
         eb:b4:e9:d1:78:83:3a:b4:d2:46:f3:68:07:f6:c6:bb:2b:90:
         ed:5f:19:ec:6c:d8:cb:f6:40:b1:51:f1:96:11:85:bf:d8:ea:
         d1:cb:7e:88:4a:f1:37:07:2f:d0:cb:c4:4d:bb:a9:a1:11:59:
         1a:11:43:69:5f:d9:2f:ae:88:61:38:d2:62:19:b1:70:57:14:
         16:46:e8:5e:27:dc:ea:25:35:ba:4f:38:46:88:d0:c0:52:90:
         37:5a:9c:fd
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAZQijVLmDIFMnmorT8wLmL4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjliNTZkOGQ5NmViY2I1ZmNmODdkZTJlYzJiNTJjMTk0Y2NmOWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA455oowEkDuqwKwAJVkd7ao4kMueh
n4B923CwIREBt3tQrVCX7Pxm0yQKeG3dlMaOx+mjNdwJop2OyOi9RCcagVI7laKA
3sHorgV8H7H654z2kYwf26clCdGh4Eg0tPbF0wOOVBGz4JC1byRzESTvLI38DizK
SuZVbOVVOUMrbCY6aMv/LQ23XjUMzueajve1nRnkhT/wFofWcw+lDXYkEvDwhgZL
HqHlemKWgxnuL/msO3+aDGdlyGVhnberPDf3A9UhyS21DewBDKeyMSSq+R8fsYQV
lQpSqmaWiXtu6oR8nJNuDBntKxA5n12TTA4SWHIltSkIYpN2Q/y9qHotbQIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFLubVtjZbry1/Ph94uwrUsGUzPn5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJhLzhmMzk0
Mi0xN2Y3LTQ5M2MtYmM2Yi00ZjRmZTgwM2IwMTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEvOGYzOTQy
LTE3ZjctNDkzYy1iYzZiLTRmNGZlODAzYjAxNS8xL3U1dFcyTmx1dkxYOC1IM2k3
Q3RTd1pUTS1may5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQCW+hIAwQCud54MBoGCCsGAQUFBwEIAQH/BAsw
CaAHMAUCAwDgdTANBgkqhkiG9w0BAQsFAAOCAQEAdDNdN5r3sbiq+1uHfwkg9mDx
9zCTok8qNCeuGFYLRbSzBq8xmWaRkaJ4MeHUIPlrxTLaDWGx46SlI/FSbaQNKscO
6xy0590068MmJmG5CCzt5NJvl3JB0dmOuCRSvA6YpKNp6QrZje4pYhxQ+CgKxGSi
Mj92QgXUx/eNdZEC1DIYqV0LzDZ3V9EhMDbJCmWFOo8nBfA0V67JndKUI23+2mvN
67Tp0XiDOrTSRvNoB/bGuyuQ7V8Z7GzYy/ZAsVHxlhGFv9jq0ct+iErxNwcv0MvE
TbupoRFZGhFDaV/ZL66IYTjSYhmxcFcUFkboXifc6iU1uk84RojQwFKQN1qc/Q==
-----END CERTIFICATE-----