Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rKcX8QfgYizkyz71KwFU-n-baS0.cer
File:                     rKcX8QfgYizkyz71KwFU-n-baS0.cer (raw, json)
Hash identifier:          /w/IAfRo4qIdaeSVVXiTBgJ8G07aYMtmInI9jc/FRK0=
Subject key identifier:   AC:A7:17:F1:07:E0:62:2C:E4:CB:3E:F5:2B:01:54:FA:7F:9B:69:2D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D6EE5AEEB388F193F3431F549DA719
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/rKcX8QfgYizkyz71KwFU-n-baS0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:47:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 203533
                          IP: 91.197.52.0/23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ee:5a:ee:b3:88:f1:93:f3:43:1f:54:9d:a7:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aca717f107e0622ce4cb3ef52b0154fa7f9b692d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:85:16:42:53:5b:45:01:50:80:1a:bc:65:e2:
                    2b:2a:2e:55:1b:39:1d:d3:a7:d2:1b:f9:66:b1:e5:
                    cf:9d:b0:58:e0:f3:27:b2:21:55:6d:ef:9b:0a:6f:
                    c7:13:67:26:49:01:b6:9c:a9:08:2e:6c:89:92:40:
                    0f:18:bd:06:61:e6:1e:70:e5:df:63:a8:06:0f:e6:
                    80:c1:04:02:f2:63:6b:53:e8:d7:a2:2b:03:ae:e2:
                    68:ea:df:0e:f9:49:b2:56:a5:63:ce:90:20:ba:ed:
                    e4:6f:a5:1b:bf:4d:42:e9:d6:bd:50:69:6a:ab:28:
                    19:fc:8b:b0:f2:ba:3e:1a:d3:92:ad:7d:83:d9:5d:
                    13:7d:30:50:27:56:3c:d5:6f:e6:de:93:06:b2:20:
                    82:f4:af:17:dd:4e:f9:ae:58:3f:94:e9:48:52:18:
                    bd:01:3b:fe:b7:49:3d:3e:a6:10:08:8f:a6:b9:a7:
                    29:4b:07:7e:e3:88:73:65:68:fc:a7:67:85:60:32:
                    a8:02:7b:e6:3e:0f:12:0c:f8:12:df:cb:78:fc:6c:
                    82:62:10:ef:ee:f0:eb:a1:1c:98:5e:06:1d:30:78:
                    ae:23:4d:eb:a7:f7:eb:88:b8:4a:8b:04:53:ac:fe:
                    f0:49:e9:3a:31:37:be:3e:d2:26:ce:c8:70:2a:c7:
                    92:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:A7:17:F1:07:E0:62:2C:E4:CB:3E:F5:2B:01:54:FA:7F:9B:69:2D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/rKcX8QfgYizkyz71KwFU-n-baS0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.52.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203533

    Signature Algorithm: sha256WithRSAEncryption
         9f:3b:ee:25:38:f2:3d:67:b1:99:2c:64:5f:46:a5:90:d3:59:
         87:3e:3e:6e:31:93:ed:0a:5f:18:f6:a2:7a:b3:87:0a:3b:50:
         2e:f7:8b:8b:34:96:43:ca:a0:ba:19:2c:56:4a:95:32:95:2a:
         9e:ab:26:8e:17:79:d4:35:ed:db:9e:8f:fc:73:88:79:b2:bd:
         3f:c8:59:a0:b2:51:d6:1e:0c:d5:e2:10:e1:cc:7a:5f:a6:1e:
         b8:ff:42:e0:2e:22:d9:0b:86:5f:19:12:73:80:b2:6c:df:7e:
         cc:a3:7a:25:67:2b:87:b5:d4:4b:fe:1a:4a:fb:c0:04:a8:e1:
         31:39:bf:cb:cd:2e:58:81:18:d3:1a:6c:7b:46:9b:56:64:8d:
         29:f4:94:16:f2:a7:b4:c8:28:7d:1d:ae:eb:b2:95:c5:0e:24:
         15:b0:54:eb:f8:1d:57:6a:5b:20:7d:e7:f0:c5:56:a1:c5:f1:
         bc:62:42:be:fa:58:08:5b:34:7c:0f:85:91:87:0b:83:d6:a4:
         a6:c9:07:6c:d1:d4:c9:8f:66:fd:90:67:21:21:09:4a:31:42:
         2d:48:0d:14:25:c6:2c:c8:64:e7:b1:11:0e:4b:8f:bc:22:2c:
         5f:6c:46:e3:98:fd:4a:43:a8:66:ef:3c:7a:00:af:71:93:75:
         20:bf:0f:d6
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQj1u5a7rOI8ZPzQx9UnacZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2E3MTdmMTA3ZTA2MjJjZTRjYjNlZjUyYjAxNTRmYTdmOWI2OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7YUWQlNbRQFQgBq8ZeIrKi5VGzkd
06fSG/lmseXPnbBY4PMnsiFVbe+bCm/HE2cmSQG2nKkILmyJkkAPGL0GYeYecOXf
Y6gGD+aAwQQC8mNrU+jXoisDruJo6t8O+UmyVqVjzpAguu3kb6Ubv01C6da9UGlq
qygZ/Iuw8ro+GtOSrX2D2V0TfTBQJ1Y81W/m3pMGsiCC9K8X3U75rlg/lOlIUhi9
ATv+t0k9PqYQCI+muacpSwd+44hzZWj8p2eFYDKoAnvmPg8SDPgS38t4/GyCYhDv
7vDroRyYXgYdMHiuI03rp/friLhKiwRTrP7wSek6MTe+PtImzshwKseS4wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKynF/EH4GIs5Ms+9SsBVPp/m2ktMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M1LzA5NDJl
Yy0yZTlmLTQxNzItOGM1My1jNDk0NmI4ZTYzMGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUvMDk0MmVj
LTJlOWYtNDE3Mi04YzUzLWM0OTQ2YjhlNjMwZC8xL3JLY1g4UWZnWWl6a3l6NzFL
d0ZVLW4tYmFTMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBW8U0MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMbDTANBgkqhkiG9w0BAQsFAAOCAQEAnzvuJTjyPWexmSxkX0alkNNZhz4+bjGT
7QpfGPaierOHCjtQLveLizSWQ8qguhksVkqVMpUqnqsmjhd51DXt256P/HOIebK9
P8hZoLJR1h4M1eIQ4cx6X6YeuP9C4C4i2QuGXxkSc4CybN9+zKN6JWcrh7XUS/4a
SvvABKjhMTm/y80uWIEY0xpse0abVmSNKfSUFvKntMgofR2u67KVxQ4kFbBU6/gd
V2pbIH3n8MVWocXxvGJCvvpYCFs0fA+FkYcLg9akpskHbNHUyY9m/ZBnISEJSjFC
LUgNFCXGLMhk57ERDkuPvCIsX2xG45j9SkOoZu88egCvcZN1IL8P1g==
-----END CERTIFICATE-----