Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FnDhvFhpxgK2QkSQMdS3EWyd-iY.cer
File:                     FnDhvFhpxgK2QkSQMdS3EWyd-iY.cer (raw, json)
Hash identifier:          aR/SpLWj/cqJpiRkT9h6TlMhmgtMOCAuGSmyR5MGjqQ=
Subject key identifier:   16:70:E1:BC:58:69:C6:02:B6:42:44:90:31:D4:B7:11:6C:9D:FA:26
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B61D01D149B60F871390DEFCE6D948
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/FnDhvFhpxgK2QkSQMdS3EWyd-iY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:50:33 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 56454
                          IP: 91.223.165.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:1d:01:d1:49:b6:0f:87:13:90:de:fc:e6:d9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:50:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1670e1bc5869c602b642449031d4b7116c9dfa26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ce:4a:e9:17:24:ed:cc:d1:49:c9:21:4a:f6:
                    df:34:98:35:e4:51:5b:bc:96:24:0c:48:ff:0c:8f:
                    ac:1b:ff:d5:6f:65:b7:9f:34:eb:d6:3e:11:c3:e9:
                    e8:a4:da:95:ba:e4:06:a7:15:1c:b4:39:ec:6d:2b:
                    15:62:b5:24:f1:d3:31:ce:11:15:82:c5:26:71:0a:
                    3d:88:e3:26:44:61:21:bc:47:5a:00:82:29:d2:d4:
                    7e:06:89:25:05:94:21:e2:fb:b3:04:61:87:01:d6:
                    f3:bd:cc:f7:c2:8b:5a:2d:54:30:ff:09:d0:ba:68:
                    5e:b8:87:95:86:83:31:d5:5a:70:be:1d:5e:d5:19:
                    c8:e5:ca:d9:43:ab:0a:48:e6:13:e4:ab:d4:22:ff:
                    2f:af:44:8e:dd:85:8a:b9:ec:1e:39:f0:5d:79:49:
                    1a:bc:be:83:cf:3b:90:81:f8:48:ba:a6:ef:8d:27:
                    bc:03:e7:c7:fd:35:9b:d7:3d:ca:cf:ae:25:ed:48:
                    0a:31:34:99:09:81:c1:2e:e8:cc:c4:c1:d8:b7:76:
                    b1:88:f0:47:a2:7e:1d:e8:9e:31:d0:03:86:20:b1:
                    e1:0b:81:19:46:ca:34:6d:94:ff:a4:53:f7:31:04:
                    cb:cc:90:42:10:a4:33:61:10:4f:b9:6b:1f:07:df:
                    d1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:70:E1:BC:58:69:C6:02:B6:42:44:90:31:D4:B7:11:6C:9D:FA:26
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/FnDhvFhpxgK2QkSQMdS3EWyd-iY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.165.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  56454

    Signature Algorithm: sha256WithRSAEncryption
         82:9f:43:1b:f6:70:47:76:5c:2d:1c:e3:62:7b:a4:9c:77:02:
         8f:ed:02:74:da:73:44:97:ee:33:39:d1:39:31:51:93:78:f9:
         ad:d2:ad:d3:cf:7d:77:f2:3f:71:1c:d7:14:ca:6c:49:82:68:
         e0:d4:bd:13:b7:6f:b2:84:f3:16:7f:00:c3:c3:ef:32:82:dd:
         a3:37:f3:56:86:d6:fa:8e:27:c8:b4:c7:b4:31:83:c0:de:c0:
         7a:af:0e:62:f1:cb:5c:4d:3e:26:b7:8d:44:d1:e1:68:6a:cc:
         4d:0b:50:c4:19:5e:51:a0:d0:8f:46:a2:53:94:88:68:cf:44:
         35:84:09:2d:17:4b:93:43:e5:6b:1f:29:8b:b7:e6:c0:9b:40:
         1f:10:b0:86:7c:29:95:fe:1c:47:cb:32:11:2f:d9:f4:e4:44:
         5e:ac:dd:73:f7:00:b0:e9:4b:47:db:88:0c:70:15:53:e2:e9:
         6b:8b:1a:43:7c:b2:15:83:9d:8c:1a:fa:82:6f:f0:b3:83:33:
         64:52:5a:1c:42:dd:63:d1:ee:ea:db:d3:25:8f:ef:18:19:1a:
         89:f1:a1:17:b7:95:2d:3e:f2:c7:b3:96:61:2d:d4:f6:dc:e7:
         2f:a1:82:85:ed:d9:c8:97:0f:6f:a7:54:de:f2:38:88:f9:68:
         b4:91:9e:e9
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQnth0B0Um2D4cTkN785tlIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU1MDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjcwZTFiYzU4NjljNjAyYjY0MjQ0OTAzMWQ0YjcxMTZjOWRmYTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc5K6Rck7czRSckhSvbfNJg15FFb
vJYkDEj/DI+sG//Vb2W3nzTr1j4Rw+nopNqVuuQGpxUctDnsbSsVYrUk8dMxzhEV
gsUmcQo9iOMmRGEhvEdaAIIp0tR+BoklBZQh4vuzBGGHAdbzvcz3wotaLVQw/wnQ
umheuIeVhoMx1Vpwvh1e1RnI5crZQ6sKSOYT5KvUIv8vr0SO3YWKueweOfBdeUka
vL6DzzuQgfhIuqbvjSe8A+fH/TWb1z3Kz64l7UgKMTSZCYHBLujMxMHYt3axiPBH
on4d6J4x0AOGILHhC4EZRso0bZT/pFP3MQTLzJBCEKQzYRBPuWsfB9/RUQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBZw4bxYacYCtkJEkDHUtxFsnfomMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJiL2VjYjJh
YS01ZTVjLTRmZWYtYmM4ZC1jMGVhMjhhYzM2N2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIvZWNiMmFh
LTVlNWMtNGZlZi1iYzhkLWMwZWEyOGFjMzY3YS8xL0ZuRGh2RmhweGdLMlFrU1FN
ZFMzRVd5ZC1pWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9+lMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDchjANBgkqhkiG9w0BAQsFAAOCAQEAgp9DG/ZwR3ZcLRzjYnuknHcCj+0CdNpz
RJfuMznROTFRk3j5rdKt0899d/I/cRzXFMpsSYJo4NS9E7dvsoTzFn8Aw8PvMoLd
ozfzVobW+o4nyLTHtDGDwN7Aeq8OYvHLXE0+JreNRNHhaGrMTQtQxBleUaDQj0ai
U5SIaM9ENYQJLRdLk0Plax8pi7fmwJtAHxCwhnwplf4cR8syES/Z9OREXqzdc/cA
sOlLR9uIDHAVU+Lpa4saQ3yyFYOdjBr6gm/ws4MzZFJaHELdY9Hu6tvTJY/vGBka
ifGhF7eVLT7yx7OWYS3U9tznL6GChe3ZyJcPb6dU3vI4iPlotJGe6Q==
-----END CERTIFICATE-----