Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-XMgliXioD3e7PkbtIBUjlcp1Hk.cer
File:                     1-XMgliXioD3e7PkbtIBUjlcp1Hk.cer (raw, json)
Hash identifier:          iewXl4T9Z5i6HCFpxtOd6chj7WfWlQgh3v1LOFJGx6g=
Subject key identifier:   F9:73:20:96:25:E2:A0:3D:DE:EC:F9:1B:B4:80:54:8E:57:29:D4:79
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA3BB8760BDB655B347682ACA69437
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/1-XMgliXioD3e7PkbtIBUjlcp1Hk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 209323
                          IP: 147.78.144.0/22
                          IP: 2a09:24c0::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3b:b8:76:0b:db:65:5b:34:76:82:ac:a6:94:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f973209625e2a03ddeecf91bb480548e5729d479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:67:c3:7f:43:c3:8d:dd:2c:84:d2:f2:23:e7:
                    04:70:a3:77:77:54:87:27:00:04:fe:14:7c:11:e9:
                    14:e1:18:64:fa:83:be:66:cd:4d:77:e0:ed:36:10:
                    ae:53:14:9b:c1:f8:30:d4:93:e4:4f:49:e8:b6:09:
                    ae:1f:79:77:11:b4:3b:9f:c5:3f:9f:8c:c1:fd:53:
                    ff:8a:0e:30:52:55:63:b2:71:03:74:d5:13:fb:ac:
                    7e:25:95:f9:23:8e:56:70:5b:47:b1:63:47:7e:8b:
                    dd:c3:41:bc:89:73:46:6e:c8:00:58:70:6d:81:a1:
                    03:0b:e0:ef:fe:b7:48:92:e5:58:62:58:f0:7b:7b:
                    ef:1a:2b:16:6b:09:87:28:06:38:b6:bc:86:60:d0:
                    e7:1f:71:32:24:e4:0a:2e:aa:5b:fe:f2:fe:70:c5:
                    6f:fa:51:23:4c:7b:9c:10:b7:41:36:60:60:8a:14:
                    05:34:f3:87:aa:21:e8:f1:7b:00:75:32:38:a6:f5:
                    3d:fa:8c:92:66:30:8e:c3:07:ac:5c:f7:dc:82:a0:
                    6c:8b:e0:e8:a1:87:f6:00:5e:61:62:36:12:ca:49:
                    1b:43:08:fe:3b:bb:c8:78:dd:78:ed:d1:d2:2c:45:
                    a9:fb:3b:38:d2:22:8b:33:00:a9:01:dd:b4:d4:59:
                    88:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:73:20:96:25:E2:A0:3D:DE:EC:F9:1B:B4:80:54:8E:57:29:D4:79
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/1-XMgliXioD3e7PkbtIBUjlcp1Hk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.144.0/22
                IPv6:
                  2a09:24c0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209323

    Signature Algorithm: sha256WithRSAEncryption
         6a:90:c0:27:49:66:d9:89:b7:1d:23:e6:0d:eb:9b:9b:28:7e:
         49:0b:dd:76:35:ca:bb:ab:0f:86:f3:27:e6:63:59:ce:51:be:
         f6:f4:64:f1:07:23:fb:de:65:11:4a:e4:9e:78:da:0a:5a:e8:
         b5:b0:af:5d:ff:88:b6:f4:cc:ea:ac:a7:7b:e1:1c:ec:33:ea:
         ec:e0:9f:85:96:b4:51:0e:46:50:cb:63:57:42:40:16:49:d9:
         f5:39:60:e5:cf:a7:d2:58:dc:bf:4d:61:3b:e7:81:be:b0:5b:
         2c:88:82:a0:d0:14:6f:f6:45:64:f6:dd:dc:ac:43:3c:41:23:
         ef:a3:31:d6:09:d9:a7:d2:b8:be:b0:c1:33:72:01:8b:31:7d:
         4b:4d:0d:a0:1d:bd:4f:f5:d1:46:8a:9b:2b:56:48:65:6e:7c:
         a3:3d:9f:d5:23:19:25:38:69:ea:a3:34:e3:50:81:3d:36:0a:
         e6:3a:d8:5e:0c:44:bb:0b:4c:e5:f5:6b:ed:61:b4:fe:0e:36:
         3c:d2:24:bc:00:1f:4b:55:1f:de:8f:c3:65:93:ee:fc:97:0d:
         52:79:64:38:91:fd:16:b0:21:41:d5:46:ca:10:a8:9c:83:81:
         60:0f:09:ea:59:e7:21:4f:68:a0:6c:3c:e9:e3:f5:5b:ce:88:
         e5:b8:27:5f
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZQf+ju4dgvbZVs0doKsppQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTczMjA5NjI1ZTJhMDNkZGVlY2Y5MWJiNDgwNTQ4ZTU3MjlkNDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWfDf0PDjd0shNLyI+cEcKN3d1SH
JwAE/hR8EekU4Rhk+oO+Zs1Nd+DtNhCuUxSbwfgw1JPkT0notgmuH3l3EbQ7n8U/
n4zB/VP/ig4wUlVjsnEDdNUT+6x+JZX5I45WcFtHsWNHfovdw0G8iXNGbsgAWHBt
gaEDC+Dv/rdIkuVYYljwe3vvGisWawmHKAY4tryGYNDnH3EyJOQKLqpb/vL+cMVv
+lEjTHucELdBNmBgihQFNPOHqiHo8XsAdTI4pvU9+oySZjCOwwesXPfcgqBsi+Do
oYf2AF5hYjYSykkbQwj+O7vIeN147dHSLEWp+zs40iKLMwCpAd201FmIDwIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFPlzIJYl4qA93uz5G7SAVI5XKdR5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVkL2FmNTRl
OC1iZDYzLTQyN2QtOGNjOC1mNGVjZWJiYjFlYzIvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvYWY1NGU4
LWJkNjMtNDI3ZC04Y2M4LWY0ZWNlYmJiMWVjMi8xLzEtWE1nbGlYaW9EM2U3UGti
dElCVWpsY3AxSGsubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEF
BQcBBwEB/wQfMB0wDAQCAAEwBgMEApNOkDANBAIAAjAHAwUAKgkkwDAaBggrBgEF
BQcBCAEB/wQLMAmgBzAFAgMDMaswDQYJKoZIhvcNAQELBQADggEBAGqQwCdJZtmJ
tx0j5g3rm5sofkkL3XY1yrurD4bzJ+ZjWc5Rvvb0ZPEHI/veZRFK5J542gpa6LWw
r13/iLb0zOqsp3vhHOwz6uzgn4WWtFEORlDLY1dCQBZJ2fU5YOXPp9JY3L9NYTvn
gb6wWyyIgqDQFG/2RWT23dysQzxBI++jMdYJ2afSuL6wwTNyAYsxfUtNDaAdvU/1
0UaKmytWSGVufKM9n9UjGSU4aeqjNONQgT02CuY62F4MRLsLTOX1a+1htP4ONjzS
JLwAH0tVH96Pw2WT7vyXDVJ5ZDiR/RawIUHVRsoQqJyDgWAPCepZ5yFPaKBsPOnj
9VvOiOW4J18=
-----END CERTIFICATE-----