Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer
File:                     yikNsvcpBfDbYmsAW6zwiHjRe6w.cer (raw, json)
Hash identifier:          9EX66lybU4PghqJGHbkI3R36FsFw+OaIrcsZa6Nn7A4=
Subject key identifier:   CA:29:0D:B2:F7:29:05:F0:DB:62:6B:00:5B:AC:F0:88:78:D1:7B:AC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942444BE9C9C6A70B5D1CA6303989A4192
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:47:52 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 89.37.101.0/24
                          IP: 89.47.58.0/23
                          IP: 185.131.52.0/22
                          IP: 188.208.140.0/22
                          IP: 188.241.60.0/22
                          IP: 188.241.187.0/24
                          IP: 2a07:ba00::/29
                          IP: 2a0b:200::/29
                          IP: 2a0b:7f40::/29
                          IP: 2a0c:2b00::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:be:9c:9c:6a:70:b5:d1:ca:63:03:98:9a:41:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca290db2f72905f0db626b005bacf08878d17bac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:04:9b:dc:03:7f:d2:fb:fa:e9:93:2d:12:38:
                    e9:86:ff:96:ab:98:8a:42:1d:5e:3e:01:1d:f0:42:
                    46:87:6e:de:1d:3d:d4:3f:bd:8c:b6:77:df:53:ea:
                    9f:63:d7:8c:4f:f8:a1:ea:e4:c9:47:83:7f:e0:4e:
                    c1:c7:92:5f:4f:b2:61:f0:3d:e2:4b:bf:2d:56:bc:
                    be:e4:77:c3:2b:c3:ec:0a:de:f7:95:a7:a7:45:03:
                    bc:2b:f6:4a:38:42:02:99:14:a1:85:66:31:56:66:
                    50:e6:c7:3e:c9:40:3a:30:8d:ca:b8:a9:6b:ed:44:
                    e9:8f:b4:85:12:64:af:c5:20:af:dd:73:f9:fc:ea:
                    18:55:e4:20:2d:07:b1:08:05:bb:df:49:39:0c:f8:
                    ef:f8:c6:0c:53:64:b2:af:5b:c3:2b:b9:11:ab:95:
                    dd:86:90:f8:be:bb:e7:41:d9:99:8d:48:a9:47:ef:
                    fd:f0:a7:90:df:43:ff:07:da:30:06:06:1a:c2:56:
                    41:3c:28:d0:50:68:de:8d:91:ac:1c:7d:34:08:fc:
                    3e:df:1a:36:f6:d7:72:1b:58:31:c3:5c:7d:50:23:
                    61:75:fe:ce:98:21:d5:6b:a3:34:34:91:6a:6d:13:
                    97:da:3f:83:78:f0:34:d8:7b:b0:79:56:b4:84:57:
                    46:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:29:0D:B2:F7:29:05:F0:DB:62:6B:00:5B:AC:F0:88:78:D1:7B:AC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.101.0/24
                  89.47.58.0/23
                  185.131.52.0/22
                  188.208.140.0/22
                  188.241.60.0/22
                  188.241.187.0/24
                IPv6:
                  2a07:ba00::/29
                  2a0b:200::/29
                  2a0b:7f40::/29
                  2a0c:2b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:e5:a7:eb:fd:77:e7:aa:38:1f:be:30:4a:c9:f0:02:49:2e:
         83:f8:3a:97:01:27:e7:a1:a6:c1:26:df:29:b7:d1:e0:e2:ee:
         42:03:a7:41:2c:9f:90:96:f2:df:07:f2:c8:b8:46:94:1e:f2:
         07:0f:5e:20:a3:06:02:85:b1:dc:74:bd:f8:ec:46:af:af:87:
         32:07:13:de:d4:e4:4c:f9:eb:db:ab:58:c4:9a:f7:3b:8f:07:
         fb:c8:38:29:53:fb:4e:48:69:a1:bf:35:c8:80:d5:09:9b:f1:
         39:3a:7f:74:bf:44:7e:5b:a7:7d:b5:f8:2a:39:85:23:d0:29:
         db:94:02:42:6d:ad:8a:4c:dc:a5:47:ed:1c:20:49:8d:49:04:
         cb:b4:b4:2d:0e:84:05:34:a2:69:19:da:43:48:f6:a4:99:be:
         db:5b:35:77:99:d2:11:be:22:36:c9:06:45:c7:35:9d:8b:74:
         b0:35:e2:ee:8a:c2:85:fa:ec:c0:ec:98:29:ee:02:11:c4:99:
         c5:a0:69:26:cd:98:c6:bc:26:cc:ab:bf:23:3a:7d:04:4c:3c:
         5a:a3:7b:7c:e2:b2:3a:44:c7:01:0c:ec:a9:18:d4:c1:9e:25:
         34:ca:26:b6:61:fc:96:71:a5:05:95:c6:7d:a1:70:80:1c:13:
         31:48:d9:ae
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAZQkRL6cnGpwtdHKYwOYmkGSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTI5MGRiMmY3MjkwNWYwZGI2MjZiMDA1YmFjZjA4ODc4ZDE3YmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwSb3AN/0vv66ZMtEjjphv+Wq5iK
Qh1ePgEd8EJGh27eHT3UP72MtnffU+qfY9eMT/ih6uTJR4N/4E7Bx5JfT7Jh8D3i
S78tVry+5HfDK8PsCt73laenRQO8K/ZKOEICmRShhWYxVmZQ5sc+yUA6MI3KuKlr
7UTpj7SFEmSvxSCv3XP5/OoYVeQgLQexCAW730k5DPjv+MYMU2Syr1vDK7kRq5Xd
hpD4vrvnQdmZjUipR+/98KeQ30P/B9owBgYawlZBPCjQUGjejZGsHH00CPw+3xo2
9tdyG1gxw1x9UCNhdf7OmCHVa6M0NJFqbROX2j+DePA02HuweVa0hFdGaQIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFMopDbL3KQXw22JrAFus8Ih40XusMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JlLzIxNjk3
My01MTZmLTQ1MDEtOTE2NC03ZjQzNWJmNTUwMWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUvMjE2OTcz
LTUxNmYtNDUwMS05MTY0LTdmNDM1YmY1NTAxYy8xL3lpa05zdmNwQmZEYlltc0FX
Nnp3aUhqUmU2dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGEGCCsGAQUF
BwEHAQH/BFIwUDAqBAIAATAkAwQAWSVlAwQBWS86AwQCuYM0AwQCvNCMAwQCvPE8
AwQAvPG7MCIEAgACMBwDBQMqB7oAAwUDKgsCAAMFAyoLf0ADBQMqDCsAMA0GCSqG
SIb3DQEBCwUAA4IBAQAw5afr/XfnqjgfvjBKyfACSS6D+DqXASfnoabBJt8pt9Hg
4u5CA6dBLJ+QlvLfB/LIuEaUHvIHD14gowYChbHcdL347Eavr4cyBxPe1ORM+evb
q1jEmvc7jwf7yDgpU/tOSGmhvzXIgNUJm/E5On90v0R+W6d9tfgqOYUj0CnblAJC
ba2KTNylR+0cIEmNSQTLtLQtDoQFNKJpGdpDSPakmb7bWzV3mdIRviI2yQZFxzWd
i3SwNeLuisKF+uzA7Jgp7gIRxJnFoGkmzZjGvCbMq78jOn0ETDxao3t84rI6RMcB
DOypGNTBniU0yia2YfyWcaUFlcZ9oXCAHBMxSNmu
-----END CERTIFICATE-----