Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Kz1duQDggbIT6h8HHsXAA0em_ZU.cer
File:                     Kz1duQDggbIT6h8HHsXAA0em_ZU.cer (raw, json)
Hash identifier:          Fi+1Veqqg9XDf1UPMBB/UJKJ4+ZkH3CDidDwQ7NB+Og=
Subject key identifier:   2B:3D:5D:B9:00:E0:81:B2:13:EA:1F:07:1E:C5:C0:03:47:A6:FD:95
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942067E8528D452B83B988F47A61D401A5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/Kz1duQDggbIT6h8HHsXAA0em_ZU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 43477
                          IP: 91.198.173.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e8:52:8d:45:2b:83:b9:88:f4:7a:61:d4:01:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b3d5db900e081b213ea1f071ec5c00347a6fd95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f6:5d:47:7e:66:46:7e:73:1b:ad:b1:d1:34:
                    58:b0:7c:b5:3c:5b:e7:93:75:06:58:b9:50:e5:37:
                    0b:40:c4:e4:be:97:95:68:cd:dd:65:54:0f:9d:73:
                    11:f0:eb:21:ee:0f:6f:0f:56:93:27:aa:91:97:a0:
                    2c:4d:be:c4:a4:7c:e1:36:2e:1d:ab:e2:49:60:d4:
                    84:1d:f6:49:d1:38:51:54:e2:d7:ca:1c:13:7b:98:
                    f7:10:e5:c0:f3:5e:e7:a0:f1:4c:30:9f:3c:ca:45:
                    f8:d4:8d:c0:02:a4:0d:35:8c:55:d7:69:07:0c:1c:
                    1d:84:16:8f:79:1c:86:30:c9:32:42:cf:24:08:0d:
                    eb:5d:8a:9e:1f:61:b2:78:c5:48:d4:c4:6b:5d:db:
                    1c:2d:91:11:a5:7e:09:38:7c:f3:2f:e4:2c:2d:cb:
                    10:65:64:f4:e0:3e:69:0b:4e:05:7c:6f:2f:80:08:
                    dc:46:2d:b6:fa:62:b1:ff:53:5b:d9:65:33:5f:40:
                    9e:90:36:9b:8c:95:1e:2d:90:91:8c:80:9a:25:e9:
                    52:b7:a6:9b:03:9a:8b:83:3a:b3:90:95:68:04:64:
                    c0:56:37:73:39:7b:1d:50:11:4b:f1:39:45:13:3c:
                    6e:2c:7c:1f:dd:fb:d5:1e:14:4b:97:36:25:8a:2f:
                    fb:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:3D:5D:B9:00:E0:81:B2:13:EA:1F:07:1E:C5:C0:03:47:A6:FD:95
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/Kz1duQDggbIT6h8HHsXAA0em_ZU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.173.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43477

    Signature Algorithm: sha256WithRSAEncryption
         32:7d:ab:7d:d6:76:f0:a8:46:a1:19:38:c7:c1:47:0d:f3:5d:
         37:2d:c7:c3:f0:12:43:d6:d6:25:1d:b6:0a:85:21:4e:2a:12:
         11:00:58:56:1a:c6:a1:a0:c3:90:4e:d5:bd:78:86:4c:10:75:
         3f:51:3c:ff:04:d3:79:7d:f1:dd:c7:3a:3f:0c:36:24:66:97:
         52:02:e8:ff:b5:3b:91:a6:08:19:85:3a:f1:af:0b:cf:64:d6:
         ff:ff:9e:32:03:8e:82:a9:bf:d4:a0:7a:3c:35:45:5a:cf:f6:
         55:44:7e:21:fe:06:9c:a2:a5:20:23:08:56:6a:b1:c3:fb:52:
         9e:b0:2e:42:52:9d:0c:67:3d:a1:2b:c4:e6:57:10:22:ad:b2:
         fa:fb:da:36:bd:46:df:d8:e7:95:1f:21:96:20:e0:23:61:10:
         a1:d7:6f:75:a4:0e:b8:30:ca:28:5c:8f:23:82:a4:9e:22:a0:
         1a:f6:c4:8a:5d:a1:cf:ee:10:dd:2b:91:5a:82:77:01:c7:67:
         f0:01:09:22:c2:2e:3a:32:ad:27:79:8a:cd:22:83:60:dc:23:
         05:74:ab:4e:d8:ae:c7:45:be:6d:b3:ba:1a:63:fd:95:7e:b7:
         dc:a9:f5:d6:e9:4c:49:f1:28:7f:5a:3f:2d:64:87:4c:b4:dc:
         89:16:84:50
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQgZ+hSjUUrg7mI9Hph1AGlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjNkNWRiOTAwZTA4MWIyMTNlYTFmMDcxZWM1YzAwMzQ3YTZmZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/ZdR35mRn5zG62x0TRYsHy1PFvn
k3UGWLlQ5TcLQMTkvpeVaM3dZVQPnXMR8Osh7g9vD1aTJ6qRl6AsTb7EpHzhNi4d
q+JJYNSEHfZJ0ThRVOLXyhwTe5j3EOXA817noPFMMJ88ykX41I3AAqQNNYxV12kH
DBwdhBaPeRyGMMkyQs8kCA3rXYqeH2GyeMVI1MRrXdscLZERpX4JOHzzL+QsLcsQ
ZWT04D5pC04FfG8vgAjcRi22+mKx/1Nb2WUzX0CekDabjJUeLZCRjICaJelSt6ab
A5qLgzqzkJVoBGTAVjdzOXsdUBFL8TlFEzxuLHwf3fvVHhRLlzYlii/77wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCs9XbkA4IGyE+ofBx7FwANHpv2VMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgxLzY1Zjhl
Mi1mNGVkLTQyNGQtOWI5MS00N2RkMGMwNGI1NTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODEvNjVmOGUy
LWY0ZWQtNDI0ZC05YjkxLTQ3ZGQwYzA0YjU1MC8xL0t6MWR1UURnZ2JJVDZoOEhI
c1hBQTBlbV9aVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8atMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCp1TANBgkqhkiG9w0BAQsFAAOCAQEAMn2rfdZ28KhGoRk4x8FHDfNdNy3Hw/AS
Q9bWJR22CoUhTioSEQBYVhrGoaDDkE7VvXiGTBB1P1E8/wTTeX3x3cc6Pww2JGaX
UgLo/7U7kaYIGYU68a8Lz2TW//+eMgOOgqm/1KB6PDVFWs/2VUR+If4GnKKlICMI
Vmqxw/tSnrAuQlKdDGc9oSvE5lcQIq2y+vvaNr1G39jnlR8hliDgI2EQoddvdaQO
uDDKKFyPI4KkniKgGvbEil2hz+4Q3SuRWoJ3Acdn8AEJIsIuOjKtJ3mKzSKDYNwj
BXSrTtiux0W+bbO6GmP9lX633Kn11ulMSfEof1o/LWSHTLTciRaEUA==
-----END CERTIFICATE-----