Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CkjASBaqYfk14Upkw-u6kQumUfQ.cer
File:                     CkjASBaqYfk14Upkw-u6kQumUfQ.cer (raw, json)
Hash identifier:          pmsGs2NQ1T6/FnrSrPp5zM0KQf7H756LdIggeUPBcgY=
Subject key identifier:   0A:48:C0:48:16:AA:61:F9:35:E1:4A:64:C3:EB:BA:91:0B:A6:51:F4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C431B99D1B4E223109B923F9C1E62
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/CkjASBaqYfk14Upkw-u6kQumUfQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:53 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214743
                          IP: 91.198.23.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:43:1b:99:d1:b4:e2:23:10:9b:92:3f:9c:1e:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a48c04816aa61f935e14a64c3ebba910ba651f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ce:a8:3c:3b:9b:c7:92:94:e9:fd:22:a2:c1:
                    08:28:25:62:f5:db:47:dc:3c:ec:32:e8:75:98:42:
                    d6:ef:7c:53:c0:09:b1:54:e0:39:a8:07:b7:3d:86:
                    60:b4:e9:ad:31:b3:28:8e:6d:47:e7:32:dc:00:b0:
                    bc:c4:97:6b:95:0f:46:10:98:24:a1:19:e5:1f:82:
                    0a:6a:bb:d3:2f:bd:51:5e:35:53:b2:a6:bf:1b:ef:
                    6c:40:d0:d6:a9:10:be:c2:be:b5:4d:c0:1d:ff:ea:
                    fe:f9:83:6a:8c:6e:13:bb:63:ea:3a:89:c8:06:a3:
                    58:63:58:fe:79:63:39:57:6a:79:20:a4:08:45:a1:
                    96:07:72:00:6c:76:65:b6:32:b5:18:b5:fe:42:ff:
                    7a:bc:26:ac:90:e7:00:60:f6:58:f0:ef:0c:cb:0f:
                    70:22:5a:75:60:06:9c:1e:e9:cb:05:c0:88:b9:20:
                    58:9e:aa:71:05:d2:50:66:e7:eb:06:b9:62:26:0b:
                    97:bc:df:ac:b0:aa:91:2d:cd:7d:bb:fc:38:9a:cf:
                    55:0a:1d:6a:5e:63:35:66:f3:fe:7f:99:c8:c2:17:
                    32:73:90:29:7e:c1:7d:97:23:6b:fb:17:01:89:12:
                    5a:df:4f:9e:55:b8:ba:03:d5:c9:4d:bd:4b:41:ac:
                    7e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:48:C0:48:16:AA:61:F9:35:E1:4A:64:C3:EB:BA:91:0B:A6:51:F4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/CkjASBaqYfk14Upkw-u6kQumUfQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.23.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214743

    Signature Algorithm: sha256WithRSAEncryption
         7b:19:84:c9:a5:96:13:4e:9f:a5:f5:13:71:ae:16:63:59:81:
         e4:5e:d8:6d:24:a3:23:5a:6d:67:b2:5f:0f:95:2d:e2:f0:b5:
         74:87:e9:c8:d8:10:6d:c6:30:0c:1d:62:ac:1a:5f:d8:96:4d:
         27:70:6d:f6:b2:e5:43:65:5f:fb:a9:d7:c2:22:f9:e2:10:fa:
         d2:cd:b9:a8:5b:21:ab:7f:81:33:ce:b4:83:77:7b:d9:af:34:
         8b:be:71:ad:ab:82:87:19:17:a2:b9:87:2c:c8:e5:03:c5:29:
         1d:17:43:f3:33:96:cc:00:b5:7a:ca:5d:5f:f7:f9:e3:17:e4:
         fb:96:97:22:ed:56:93:e5:f6:83:fb:db:91:50:9c:68:79:f1:
         a5:b9:fa:bf:40:1f:7b:db:ed:c2:5b:e9:3a:d5:5d:0b:0b:8b:
         82:e5:54:d3:6f:33:61:41:6a:46:86:f3:d9:a3:d9:7a:d6:93:
         7a:bc:b8:39:97:ef:2c:bb:7c:32:1e:1f:10:d4:16:4f:68:60:
         a4:bc:00:7b:17:9f:84:8f:f0:e7:87:43:0a:9e:4e:fc:65:69:
         1b:76:a1:10:9c:bc:2f:8b:0f:45:3b:75:9d:1c:7d:75:04:80:
         8e:83:7a:1b:42:ef:fa:73:a4:3d:b0:9d:f9:40:7e:b4:01:83:
         e9:cc:28:8f
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQfjEMbmdG04iMQm5I/nB5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQ4YzA0ODE2YWE2MWY5MzVlMTRhNjRjM2ViYmE5MTBiYTY1MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns6oPDubx5KU6f0iosEIKCVi9dtH
3DzsMuh1mELW73xTwAmxVOA5qAe3PYZgtOmtMbMojm1H5zLcALC8xJdrlQ9GEJgk
oRnlH4IKarvTL71RXjVTsqa/G+9sQNDWqRC+wr61TcAd/+r++YNqjG4Tu2PqOonI
BqNYY1j+eWM5V2p5IKQIRaGWB3IAbHZltjK1GLX+Qv96vCaskOcAYPZY8O8Myw9w
Ilp1YAacHunLBcCIuSBYnqpxBdJQZufrBrliJguXvN+ssKqRLc19u/w4ms9VCh1q
XmM1ZvP+f5nIwhcyc5ApfsF9lyNr+xcBiRJa30+eVbi6A9XJTb1LQax+QwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFApIwEgWqmH5NeFKZMPrupELplH0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RmLzA2OWVh
Yi1mODBkLTQ5NTMtYWJjMS0zMWFlYzA3ZTk0NWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYvMDY5ZWFi
LWY4MGQtNDk1My1hYmMxLTMxYWVjMDdlOTQ1YS8xL0NrakFTQmFxWWZrMTRVcGt3
LXU2a1F1bVVmUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8YXMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNG1zANBgkqhkiG9w0BAQsFAAOCAQEAexmEyaWWE06fpfUTca4WY1mB5F7YbSSj
I1ptZ7JfD5Ut4vC1dIfpyNgQbcYwDB1irBpf2JZNJ3Bt9rLlQ2Vf+6nXwiL54hD6
0s25qFshq3+BM860g3d72a80i75xrauChxkXormHLMjlA8UpHRdD8zOWzAC1espd
X/f54xfk+5aXIu1Wk+X2g/vbkVCcaHnxpbn6v0Afe9vtwlvpOtVdCwuLguVU028z
YUFqRobz2aPZetaTery4OZfvLLt8Mh4fENQWT2hgpLwAexefhI/w54dDCp5O/GVp
G3ahEJy8L4sPRTt1nRx9dQSAjoN6G0Lv+nOkPbCd+UB+tAGD6cwojw==
-----END CERTIFICATE-----