Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xYe5zadWA-sNnjdxZ79-DI5EBAM.cer
File:                     xYe5zadWA-sNnjdxZ79-DI5EBAM.cer (raw, json)
Hash identifier:          CY+IdhcM88qc6orIEWiJ18CsOKTY2v7GxkJTGbBrXoQ=
Subject key identifier:   C5:87:B9:CD:A7:56:03:EB:0D:9E:37:71:67:BF:7E:0C:8E:44:04:03
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942068484420F8A2E0D2CB21DC8EDBB5E1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9f/50d48e-494f-4d14-9f05-e753cf768c14/1/xYe5zadWA-sNnjdxZ79-DI5EBAM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9f/50d48e-494f-4d14-9f05-e753cf768c14/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:12 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 35673
                          IP: 82.115.36.0/22
                          IP: 194.187.244.0/22
                          IP: 2a11:aa80::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:48:44:20:f8:a2:e0:d2:cb:21:dc:8e:db:b5:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c587b9cda75603eb0d9e377167bf7e0c8e440403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3f:97:cc:aa:43:ae:92:62:0d:5d:86:72:b6:
                    e3:6c:b6:40:c4:b7:6b:11:e4:40:0a:30:d8:6d:7e:
                    45:73:bd:00:b6:fa:a2:04:5a:24:1c:89:55:4c:a5:
                    30:a3:d3:0d:63:00:a2:ce:1e:d3:1c:c8:8b:9c:58:
                    7d:f6:f7:9a:bb:91:fe:b9:32:d5:a3:9e:d1:2b:ec:
                    0f:65:e3:2c:e4:94:28:5e:96:f3:f0:0e:b5:5c:10:
                    8b:1f:a8:d1:d0:45:eb:8d:48:23:0f:2e:1e:87:ed:
                    96:9e:c8:fd:01:25:8d:8f:90:c0:7a:13:59:55:f9:
                    41:b4:b2:90:04:3d:ff:d6:ca:2f:64:c6:86:53:63:
                    35:c2:10:97:8d:73:fa:40:79:c7:8a:6b:7d:4a:a1:
                    1a:28:c3:d9:07:66:99:5c:d2:a8:a6:7c:ac:1e:91:
                    0d:c8:54:62:00:f3:cb:b5:f4:37:f2:68:3f:7d:36:
                    64:6c:19:69:3b:e7:07:1f:6d:e5:59:ac:2d:59:78:
                    4d:4c:0e:1a:90:6f:28:4d:85:f2:5e:85:57:5d:2e:
                    55:55:9f:e7:38:4f:1e:af:91:c8:ff:32:06:03:8e:
                    a8:e1:52:6e:ac:b7:d6:03:5a:4b:7a:11:06:94:d9:
                    7c:4b:29:66:59:2c:e7:0c:8f:91:b5:a9:3d:12:a8:
                    a6:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:87:B9:CD:A7:56:03:EB:0D:9E:37:71:67:BF:7E:0C:8E:44:04:03
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/50d48e-494f-4d14-9f05-e753cf768c14/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/50d48e-494f-4d14-9f05-e753cf768c14/1/xYe5zadWA-sNnjdxZ79-DI5EBAM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.36.0/22
                  194.187.244.0/22
                IPv6:
                  2a11:aa80::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  35673

    Signature Algorithm: sha256WithRSAEncryption
         4b:40:1b:55:fc:0c:37:77:f9:e1:85:06:ec:12:fc:0d:34:15:
         9c:15:ec:3a:97:f5:66:a9:4c:c9:e4:68:39:bb:c8:e7:c3:38:
         61:26:a0:b0:45:81:8d:13:73:27:5b:dd:5b:e0:36:30:3a:e0:
         83:c6:5a:5f:55:c9:0d:c0:de:63:58:9b:69:56:ab:16:19:5a:
         3c:33:e0:4e:81:90:94:cd:42:91:1e:2c:53:29:f1:c2:7f:ff:
         ef:6b:27:d7:82:f3:9d:41:4d:c2:e2:47:67:6b:99:4a:fc:6f:
         dd:cb:3b:f9:97:57:a7:fc:6a:87:85:bc:8c:af:22:a3:a4:4f:
         0a:3e:a7:e6:7a:ba:a4:23:c8:09:ec:8f:f3:94:93:7c:e0:04:
         c7:b5:df:e4:3c:6a:b0:71:e0:0d:b5:75:d5:90:c3:8f:10:69:
         b2:0a:2d:e1:9f:9d:44:dd:ab:0e:47:af:51:64:8c:2b:4b:4e:
         2a:97:e0:bb:d2:c6:e8:7b:72:fe:99:c2:e9:f7:3b:60:c5:9c:
         8a:29:5f:31:59:38:36:ef:a5:1b:fe:52:27:fe:0f:12:3f:db:
         94:6a:8d:6f:62:89:70:00:a3:df:ab:6d:ff:73:18:1f:2f:8f:
         1f:44:74:f8:65:bb:f0:d7:fa:ed:a8:94:0b:6f:be:23:a7:2c:
         0a:fa:f6:3e
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZQgaEhEIPii4NLLIdyO27XhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTg3YjljZGE3NTYwM2ViMGQ5ZTM3NzE2N2JmN2UwYzhlNDQwNDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyD+XzKpDrpJiDV2GcrbjbLZAxLdr
EeRACjDYbX5Fc70AtvqiBFokHIlVTKUwo9MNYwCizh7THMiLnFh99veau5H+uTLV
o57RK+wPZeMs5JQoXpbz8A61XBCLH6jR0EXrjUgjDy4eh+2Wnsj9ASWNj5DAehNZ
VflBtLKQBD3/1sovZMaGU2M1whCXjXP6QHnHimt9SqEaKMPZB2aZXNKopnysHpEN
yFRiAPPLtfQ38mg/fTZkbBlpO+cHH23lWawtWXhNTA4akG8oTYXyXoVXXS5VVZ/n
OE8er5HI/zIGA46o4VJurLfWA1pLehEGlNl8SylmWSznDI+Rtak9EqimEQIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFMWHuc2nVgPrDZ43cWe/fgyORAQDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlmLzUwZDQ4
ZS00OTRmLTRkMTQtOWYwNS1lNzUzY2Y3NjhjMTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWYvNTBkNDhl
LTQ5NGYtNGQxNC05ZjA1LWU3NTNjZjc2OGMxNC8xL3hZZTV6YWRXQS1zTm5qZHha
NzktREk1RUJBTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCUnMkAwQCwrv0MA0EAgACMAcDBQAqEaqAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwCLWTANBgkqhkiG9w0BAQsFAAOCAQEAS0Ab
VfwMN3f54YUG7BL8DTQVnBXsOpf1ZqlMyeRoObvI58M4YSagsEWBjRNzJ1vdW+A2
MDrgg8ZaX1XJDcDeY1ibaVarFhlaPDPgToGQlM1CkR4sUynxwn//72sn14LznUFN
wuJHZ2uZSvxv3cs7+ZdXp/xqh4W8jK8io6RPCj6n5nq6pCPICeyP85STfOAEx7Xf
5DxqsHHgDbV11ZDDjxBpsgot4Z+dRN2rDkevUWSMK0tOKpfgu9LG6Hty/pnC6fc7
YMWciilfMVk4Nu+lG/5SJ/4PEj/blGqNb2KJcACj36tt/3MYHy+PH0R0+GW78Nf6
7aiUC2++I6csCvr2Pg==
-----END CERTIFICATE-----