Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.cer
File:                     KFjS8TFxXLrzzdkgZFkk9TUI4Gc.cer (raw, json)
Hash identifier:          Y4B2kFtmH0mRI2IaKVTf7lGbNjcujSe2GOPOljAZ9dw=
Subject key identifier:   28:58:D2:F1:31:71:5C:BA:F3:CD:D9:20:64:59:24:F5:35:08:E0:67
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019464F76420E7F4C14AF442FC39DFAE7C2E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 14 Jan 2025 13:18:42 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 52221
                          IP: 188.92.26.0/24
                          IP: 2a07:7ac0::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:64:f7:64:20:e7:f4:c1:4a:f4:42:fc:39:df:ae:7c:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 14 13:18:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2858d2f131715cbaf3cdd920645924f53508e067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ad:ea:d5:df:de:69:e2:09:e7:1d:59:b0:cc:
                    16:6b:24:c3:ad:c2:65:03:47:91:92:c9:f4:a2:62:
                    f8:32:3d:c9:af:7d:76:90:89:db:7f:2e:1a:ba:8f:
                    5c:de:00:ca:49:ef:43:19:da:b9:c3:84:24:1b:9d:
                    17:47:b5:e5:c4:26:fa:1c:95:a1:6e:a3:2a:6e:38:
                    15:52:d7:9d:2c:35:47:d6:d1:e3:68:8c:df:ce:47:
                    fd:b7:e5:50:64:fd:12:d1:40:06:8e:9e:69:6e:26:
                    c4:11:7c:12:4e:e3:6a:c6:01:f1:c0:89:04:1b:1f:
                    65:e4:5d:0a:1b:69:65:17:b1:3c:70:68:c5:5a:9c:
                    07:fb:6d:1b:bc:cb:be:90:7c:d4:30:57:a2:2e:5b:
                    ff:95:6f:02:b1:48:c8:41:cc:52:19:43:4e:72:a2:
                    03:19:bc:4c:65:c4:81:75:09:e3:54:c3:1e:46:67:
                    5c:fa:5d:59:71:3a:29:9b:77:1e:a8:f8:82:1a:4f:
                    86:b5:ae:b5:97:3d:25:2f:d4:58:60:9a:84:42:b9:
                    39:0b:f2:c5:a5:4c:62:41:0c:8d:22:e3:a0:29:57:
                    47:92:0a:5a:6f:bf:47:f9:ca:a4:60:00:da:36:5f:
                    71:9f:dd:7e:e8:86:5a:aa:8f:f7:82:74:91:26:8a:
                    f8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:58:D2:F1:31:71:5C:BA:F3:CD:D9:20:64:59:24:F5:35:08:E0:67
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.26.0/24
                IPv6:
                  2a07:7ac0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  52221

    Signature Algorithm: sha256WithRSAEncryption
         37:0f:05:bf:b3:3a:dc:cb:af:95:ba:72:b5:74:e9:84:59:dd:
         59:64:b9:53:42:07:14:76:6e:b8:95:78:a6:42:94:35:cc:4a:
         61:93:da:28:60:1f:45:0c:4c:8c:b6:67:c0:5a:1c:f0:e7:19:
         3f:1f:2f:3d:1c:41:10:8b:b0:00:29:30:bf:e7:c9:ae:4d:cc:
         ae:4c:9d:e7:a0:03:19:a7:1b:0f:88:f8:a5:f4:96:eb:10:a0:
         a0:5b:8b:44:a9:bb:ca:52:d5:a7:22:68:65:0e:7d:05:92:3d:
         df:62:7c:db:39:63:60:86:59:59:47:a3:6b:37:ca:5e:9b:e3:
         ef:1e:b3:54:55:bb:35:5d:16:ba:e1:8d:3a:59:ea:fc:20:28:
         17:2e:cd:ad:36:d1:1b:9a:63:3f:8d:82:cb:b2:98:1f:7b:ef:
         c7:8f:21:1c:3c:3b:8c:d3:d4:f2:ff:b9:0a:73:e1:e9:72:23:
         f8:54:5e:5c:bd:8f:3c:dd:85:05:8b:5b:3f:8e:6e:d7:e7:dc:
         54:5b:0d:15:52:ef:f4:27:ef:23:7d:2d:7c:b8:d0:43:8e:0c:
         be:f7:24:fa:b1:7e:f7:16:6a:90:a6:e2:9e:75:6e:3e:08:7d:
         86:9d:d2:16:ca:b3:0a:5e:ba:35:ad:6f:e6:c6:91:8b:06:1c:
         1c:67:c3:96
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZRk92Qg5/TBSvRC/DnfrnwuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTE0MTMxODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODU4ZDJmMTMxNzE1Y2JhZjNjZGQ5MjA2NDU5MjRmNTM1MDhlMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj63q1d/eaeIJ5x1ZsMwWayTDrcJl
A0eRksn0omL4Mj3Jr312kInbfy4auo9c3gDKSe9DGdq5w4QkG50XR7XlxCb6HJWh
bqMqbjgVUtedLDVH1tHjaIzfzkf9t+VQZP0S0UAGjp5pbibEEXwSTuNqxgHxwIkE
Gx9l5F0KG2llF7E8cGjFWpwH+20bvMu+kHzUMFeiLlv/lW8CsUjIQcxSGUNOcqID
GbxMZcSBdQnjVMMeRmdc+l1ZcTopm3ceqPiCGk+Gta61lz0lL9RYYJqEQrk5C/LF
pUxiQQyNIuOgKVdHkgpab79H+cqkYADaNl9xn91+6IZaqo/3gnSRJor4WwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFChY0vExcVy6883ZIGRZJPU1COBnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEyLzc1ZGJj
NC1hZTIyLTQ5NzEtOWVmNS1hM2YzNTViZWVlZGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIvNzVkYmM0
LWFlMjItNDk3MS05ZWY1LWEzZjM1NWJlZWVkZC8xL0tGalM4VEZ4WExyenpka2da
RmtrOVRVSTRHYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAvFwaMA0EAgACMAcDBQMqB3rAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDL/TANBgkqhkiG9w0BAQsFAAOCAQEANw8Fv7M63Muv
lbpytXTphFndWWS5U0IHFHZuuJV4pkKUNcxKYZPaKGAfRQxMjLZnwFoc8OcZPx8v
PRxBEIuwACkwv+fJrk3Mrkyd56ADGacbD4j4pfSW6xCgoFuLRKm7ylLVpyJoZQ59
BZI932J82zljYIZZWUejazfKXpvj7x6zVFW7NV0WuuGNOlnq/CAoFy7NrTbRG5pj
P42Cy7KYH3vvx48hHDw7jNPU8v+5CnPh6XIj+FReXL2PPN2FBYtbP45u1+fcVFsN
FVLv9CfvI30tfLjQQ44Mvvck+rF+9xZqkKbinnVuPgh9hp3SFsqzCl66Na1v5saR
iwYcHGfDlg==
-----END CERTIFICATE-----