Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gNHAtO8JDETXi3zLC_cvCdCDHzQ.cer
File:                     gNHAtO8JDETXi3zLC_cvCdCDHzQ.cer (raw, json)
Hash identifier:          amWbgRTgwK5hcvg/mbv1FUXwPxsy9Rreo2aKnAhoUGs=
Subject key identifier:   80:D1:C0:B4:EF:09:0C:44:D7:8B:7C:CB:0B:F7:2F:09:D0:83:1F:34
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5AA08986F5EFE8AEB371B1C36AC36
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/gNHAtO8JDETXi3zLC_cvCdCDHzQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:41 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 25099
                          IP: 194.0.157.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:aa:08:98:6f:5e:fe:8a:eb:37:1b:1c:36:ac:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80d1c0b4ef090c44d78b7ccb0bf72f09d0831f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:66:4b:28:17:2e:32:6c:6d:6d:5e:d7:d1:2b:
                    0f:2e:a2:b6:e8:25:03:c4:6d:ce:94:e4:e0:e4:b0:
                    e7:ae:e7:3e:23:11:a4:d2:b0:c2:9a:12:24:03:03:
                    4e:7b:53:71:90:58:15:78:7f:d4:83:65:b8:05:c0:
                    92:e0:a2:cd:d9:e7:ef:dc:37:0f:38:2b:4e:7f:9c:
                    da:b0:72:80:ba:37:0c:a1:80:88:15:6f:24:d4:a3:
                    0c:bd:1a:ff:c7:bf:c5:ba:c3:92:9a:cd:05:e1:2b:
                    74:fc:07:bc:25:6f:ef:e0:ca:79:0c:12:4c:f1:ad:
                    5e:0b:48:0c:9a:22:35:a2:b3:1b:37:c4:cc:7d:00:
                    31:48:c9:e7:81:65:b0:b7:a9:21:46:a4:ce:bb:59:
                    7e:34:cb:45:d2:fb:78:c2:12:22:18:c6:7f:29:71:
                    4e:2b:1d:02:f7:42:a4:d5:76:db:ce:c7:1e:24:b3:
                    b9:ac:55:54:56:e5:d2:bd:9a:4c:90:b3:31:c2:f2:
                    94:de:e5:99:90:a7:18:fd:66:1b:57:da:39:69:72:
                    00:05:34:a7:61:86:fe:33:58:b9:21:5f:4f:ac:3e:
                    f6:00:49:f3:1f:d8:ef:7d:39:62:98:44:ba:0b:7b:
                    16:cf:0c:f4:c4:fe:19:24:73:21:ae:a7:4d:29:b9:
                    e7:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:D1:C0:B4:EF:09:0C:44:D7:8B:7C:CB:0B:F7:2F:09:D0:83:1F:34
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/gNHAtO8JDETXi3zLC_cvCdCDHzQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.157.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25099

    Signature Algorithm: sha256WithRSAEncryption
         22:a4:43:07:9d:a0:dc:83:09:ad:f3:12:a5:1a:27:9a:ab:e0:
         5b:3d:7f:c4:46:ba:aa:be:6f:72:3f:8b:3c:71:02:4e:13:07:
         e5:f1:49:26:b1:ae:12:4f:79:16:15:ff:f7:51:0a:20:bd:05:
         8b:fe:b5:66:68:a4:a1:f5:73:e2:f5:1f:b6:ab:19:70:f3:5c:
         30:94:47:0a:04:68:46:28:41:d2:bf:42:bd:ae:72:f5:ab:77:
         1c:a3:84:df:62:d5:3f:6c:f9:46:7e:72:79:17:76:b4:76:1c:
         af:0d:60:55:cd:79:fa:3e:2c:55:fc:be:cf:86:b1:94:d8:ff:
         3c:cb:10:04:53:47:43:4c:c0:de:e8:6a:f1:75:c4:b6:b9:c9:
         aa:17:ad:76:49:a9:32:82:cd:85:3d:81:d1:68:8f:2c:8e:a2:
         a3:1b:0d:61:34:d8:e7:e7:72:21:dc:62:52:7b:85:af:a4:4d:
         82:13:7c:ea:02:0b:81:4b:95:43:c3:ac:58:f2:f5:ec:81:ab:
         5d:7f:8a:14:b0:66:fc:04:1f:99:ef:22:86:01:22:00:e9:ff:
         26:fa:f1:55:e6:67:e7:fc:41:8f:8d:a1:05:68:62:e8:7a:4a:
         5f:42:9c:7e:aa:10:12:96:ad:7f:41:4b:57:72:bf:dc:32:29:
         13:ad:7f:b0
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQg1aoImG9e/orrNxscNqw2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGQxYzBiNGVmMDkwYzQ0ZDc4YjdjY2IwYmY3MmYwOWQwODMxZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2ZLKBcuMmxtbV7X0SsPLqK26CUD
xG3OlOTg5LDnruc+IxGk0rDCmhIkAwNOe1NxkFgVeH/Ug2W4BcCS4KLN2efv3DcP
OCtOf5zasHKAujcMoYCIFW8k1KMMvRr/x7/FusOSms0F4St0/Ae8JW/v4Mp5DBJM
8a1eC0gMmiI1orMbN8TMfQAxSMnngWWwt6khRqTOu1l+NMtF0vt4whIiGMZ/KXFO
Kx0C90Kk1XbbzsceJLO5rFVUVuXSvZpMkLMxwvKU3uWZkKcY/WYbV9o5aXIABTSn
YYb+M1i5IV9PrD72AEnzH9jvfTlimES6C3sWzwz0xP4ZJHMhrqdNKbnnpwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFIDRwLTvCQxE14t8ywv3LwnQgx80MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwL2RlNjRm
Ny0zOWQ5LTRiYmQtYjAyMy1iZWRjYmM1YTAxNzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvZGU2NGY3
LTM5ZDktNGJiZC1iMDIzLWJlZGNiYzVhMDE3NC8xL2dOSEF0TzhKREVUWGkzekxD
X2N2Q2RDREh6US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwgCdMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AmILMA0GCSqGSIb3DQEBCwUAA4IBAQAipEMHnaDcgwmt8xKlGieaq+BbPX/ERrqq
vm9yP4s8cQJOEwfl8Ukmsa4ST3kWFf/3UQogvQWL/rVmaKSh9XPi9R+2qxlw81ww
lEcKBGhGKEHSv0K9rnL1q3cco4TfYtU/bPlGfnJ5F3a0dhyvDWBVzXn6PixV/L7P
hrGU2P88yxAEU0dDTMDe6GrxdcS2ucmqF612Sakygs2FPYHRaI8sjqKjGw1hNNjn
53Ih3GJSe4WvpE2CE3zqAguBS5VDw6xY8vXsgatdf4oUsGb8BB+Z7yKGASIA6f8m
+vFV5mfn/EGPjaEFaGLoekpfQpx+qhASlq1/QUtXcr/cMikTrX+w
-----END CERTIFICATE-----