Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Hi6q16hwZhXRyENtzgGVSV8hSoc.cer
File:                     Hi6q16hwZhXRyENtzgGVSV8hSoc.cer (raw, json)
Hash identifier:          0cUzpNiDCk748qqFZvGiehAzFQEMvGFtBOlVG9R2jwY=
Subject key identifier:   1E:2E:AA:D7:A8:70:66:15:D1:C8:43:6D:CE:01:95:49:5F:21:4A:87
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FC3C34857744E1DA9FA3A6125B7270
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1e/08cb62-39df-432e-8a76-2c98f17b8eb3/1/Hi6q16hwZhXRyENtzgGVSV8hSoc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1e/08cb62-39df-432e-8a76-2c98f17b8eb3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:47:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 29001
                          IP: 2001:678:a1c::/48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:3c:34:85:77:44:e1:da:9f:a3:a6:12:5b:72:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e2eaad7a8706615d1c8436dce0195495f214a87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:be:0d:8d:ce:96:45:fa:b1:50:fc:2d:9a:27:
                    ca:cb:1a:74:03:16:17:fb:37:33:40:03:f4:57:8d:
                    18:a5:55:ec:4b:a4:5f:4b:2c:00:9c:2d:fe:01:29:
                    1e:a7:61:21:0b:f8:96:33:ad:02:f3:12:b8:e1:3e:
                    4e:3d:03:5d:2b:5a:cf:c1:ef:38:b8:20:74:5c:61:
                    d6:21:2d:e8:30:93:96:e0:03:fa:65:63:00:81:2f:
                    62:39:fd:88:73:60:75:6a:2c:fc:f5:df:16:d7:a3:
                    f0:8c:27:c7:c0:09:28:ca:03:01:6a:0a:b4:29:45:
                    26:8b:28:5f:bb:f2:a8:ad:d4:27:c1:73:03:11:c6:
                    65:14:2c:04:27:1d:b1:69:dc:e5:52:98:bb:92:cf:
                    60:24:98:f6:98:7f:15:f3:47:21:02:dc:64:13:4b:
                    d9:0d:40:55:97:7d:8e:49:1b:71:1f:27:a9:66:60:
                    f1:ee:fd:b0:5e:34:63:40:e7:bd:cd:3c:2e:be:04:
                    95:ab:77:d8:7c:1c:9e:29:c5:53:23:ae:20:bb:77:
                    b0:d8:a0:2e:83:11:17:56:7d:de:14:2d:f6:28:31:
                    d4:67:94:10:b0:1e:56:fc:b5:3b:70:07:35:cf:f6:
                    bd:7a:36:2b:d0:98:90:1d:08:3d:a2:ff:3c:af:40:
                    3d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:2E:AA:D7:A8:70:66:15:D1:C8:43:6D:CE:01:95:49:5F:21:4A:87
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/08cb62-39df-432e-8a76-2c98f17b8eb3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/08cb62-39df-432e-8a76-2c98f17b8eb3/1/Hi6q16hwZhXRyENtzgGVSV8hSoc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a1c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  29001

    Signature Algorithm: sha256WithRSAEncryption
         8f:d4:07:48:83:0a:ed:1e:2e:0e:de:71:37:53:82:e2:c6:d7:
         a1:e9:6c:bd:98:c5:9f:1d:f5:6e:08:f8:38:7c:fe:72:7c:7f:
         ff:66:77:38:76:87:22:a9:48:3a:87:e4:31:cc:a6:84:95:06:
         d6:24:4d:be:f6:b2:f9:ab:80:c9:39:7e:d4:8a:e8:e0:19:1e:
         10:a6:c4:8f:ea:8f:36:3a:ef:55:2c:61:24:26:00:24:87:74:
         a8:2a:1c:cc:11:ba:e6:90:74:38:4b:93:b9:60:e8:bf:bc:b3:
         c4:8b:00:4b:be:2d:b7:78:5d:75:b0:fd:40:7b:a1:37:d5:a8:
         7d:a2:2e:0d:a6:66:57:f0:a3:79:90:9e:91:12:a0:f7:7e:62:
         a5:1d:be:55:83:3c:3e:48:f1:83:46:f6:a7:e6:0f:8e:e6:7f:
         8c:7f:96:63:68:9f:93:a3:1f:cf:8d:b7:fe:88:6c:d4:f4:99:
         ee:2c:3f:f8:92:5b:2c:84:a1:1a:a6:33:66:58:79:8b:01:f4:
         56:44:23:15:f0:de:8c:a0:0d:00:2a:06:37:fc:bc:30:a0:f1:
         d0:94:f6:7b:02:a8:d2:f4:06:9a:2a:be:a2:c8:df:4a:d6:80:
         5d:ce:65:28:6c:3a:91:2c:e7:37:fa:84:91:2d:bb:37:f7:e0:
         ed:9c:5f:2c
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAZQl/Dw0hXdE4dqfo6YSW3JwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTJlYWFkN2E4NzA2NjE1ZDFjODQzNmRjZTAxOTU0OTVmMjE0YTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmb4Njc6WRfqxUPwtmifKyxp0AxYX
+zczQAP0V40YpVXsS6RfSywAnC3+ASkep2EhC/iWM60C8xK44T5OPQNdK1rPwe84
uCB0XGHWIS3oMJOW4AP6ZWMAgS9iOf2Ic2B1aiz89d8W16PwjCfHwAkoygMBagq0
KUUmiyhfu/KordQnwXMDEcZlFCwEJx2xadzlUpi7ks9gJJj2mH8V80chAtxkE0vZ
DUBVl32OSRtxHyepZmDx7v2wXjRjQOe9zTwuvgSVq3fYfByeKcVTI64gu3ew2KAu
gxEXVn3eFC32KDHUZ5QQsB5W/LU7cAc1z/a9ejYr0JiQHQg9ov88r0A9IwIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFB4uqteocGYV0chDbc4BlUlfIUqHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFlLzA4Y2I2
Mi0zOWRmLTQzMmUtOGE3Ni0yYzk4ZjE3YjhlYjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUvMDhjYjYy
LTM5ZGYtNDMyZS04YTc2LTJjOThmMTdiOGViMy8xL0hpNnExNmh3WmhYUnlFTnR6
Z0dWU1Y4aFNvYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAocMBkGCCsGAQUFBwEIAQH/BAowCKAG
MAQCAnFJMA0GCSqGSIb3DQEBCwUAA4IBAQCP1AdIgwrtHi4O3nE3U4Lixteh6Wy9
mMWfHfVuCPg4fP5yfH//Znc4dociqUg6h+QxzKaElQbWJE2+9rL5q4DJOX7Uiujg
GR4QpsSP6o82Ou9VLGEkJgAkh3SoKhzMEbrmkHQ4S5O5YOi/vLPEiwBLvi23eF11
sP1Ae6E31ah9oi4NpmZX8KN5kJ6REqD3fmKlHb5Vgzw+SPGDRvan5g+O5n+Mf5Zj
aJ+Tox/Pjbf+iGzU9JnuLD/4klsshKEapjNmWHmLAfRWRCMV8N6MoA0AKgY3/Lww
oPHQlPZ7AqjS9AaaKr6iyN9K1oBdzmUobDqRLOc3+oSRLbs39+DtnF8s
-----END CERTIFICATE-----