Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/y9lC2W7pSnpaZS73rIVdyUAUFd8.cer
File:                     y9lC2W7pSnpaZS73rIVdyUAUFd8.cer (raw, json)
Hash identifier:          x7vDrNF1ZXH/Mbw1Hon8mcAyPkV+/HQ/XEbq9B+GtM8=
Subject key identifier:   CB:D9:42:D9:6E:E9:4A:7A:5A:65:2E:F7:AC:85:5D:C9:40:14:15:DF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266C39682BEF0FA9DC0D1C44104EF667
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/y9lC2W7pSnpaZS73rIVdyUAUFd8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:50:14 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 64404
                          IP: 2001:678:814::/48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:39:68:2b:ef:0f:a9:dc:0d:1c:44:10:4e:f6:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:50:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbd942d96ee94a7a5a652ef7ac855dc9401415df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:52:49:1b:02:0d:d5:5d:4b:7d:2f:dc:85:1d:
                    87:6e:b5:22:9f:cd:82:a8:0c:3d:72:6b:dc:f7:a2:
                    a3:01:5f:fe:43:00:b5:5f:43:87:40:64:3f:dc:f3:
                    07:74:6c:5e:35:57:86:d1:84:d2:84:da:40:12:77:
                    3b:73:08:8c:44:3a:2d:c6:b2:6d:d0:43:48:df:70:
                    c9:c6:ea:ea:1e:69:04:c3:8a:72:4b:fe:cc:9b:bd:
                    5e:3e:d1:3f:9e:29:f1:13:1a:a8:4f:ee:36:0c:23:
                    62:58:48:28:a3:2a:a0:72:4a:54:a3:ca:7d:21:2d:
                    2a:97:8a:49:dc:a9:07:a9:fd:ca:5c:43:86:d4:41:
                    92:27:6c:e2:fd:e6:9f:96:b5:15:b3:38:b4:ff:30:
                    29:b3:d0:9d:b2:07:65:75:ed:c2:78:05:04:ae:b2:
                    9c:98:29:ae:4c:7f:fa:c3:15:d1:29:73:8b:d1:c6:
                    a0:f0:8b:2f:93:a5:51:d5:65:6d:5c:c8:fb:19:bc:
                    0c:29:76:3a:de:d1:a0:55:06:b7:09:dd:b3:bf:6f:
                    12:22:82:c9:0f:8e:cb:e5:9b:fa:e8:f5:dd:1e:24:
                    fe:f1:94:2c:dc:e1:3c:bb:df:eb:39:27:18:6d:f6:
                    dd:9c:be:34:88:76:f0:43:7a:91:37:62:4e:22:4d:
                    7f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:D9:42:D9:6E:E9:4A:7A:5A:65:2E:F7:AC:85:5D:C9:40:14:15:DF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/y9lC2W7pSnpaZS73rIVdyUAUFd8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:814::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  64404

    Signature Algorithm: sha256WithRSAEncryption
         9f:d3:ff:ba:93:99:33:77:01:92:75:16:39:70:f5:d4:03:90:
         92:24:24:e6:37:07:b3:97:6e:8a:f3:e2:5d:8c:f8:08:8b:a3:
         0d:45:8e:09:fc:1d:ab:3c:6d:cc:71:8a:05:b0:3f:cd:13:9d:
         5b:c2:09:62:ef:8a:96:52:a6:c6:90:b3:a1:de:38:c9:01:50:
         ba:20:9a:77:f0:27:03:7f:75:ee:31:9e:57:9e:55:ae:dd:08:
         b6:d4:24:c7:d5:6b:ab:91:ac:08:77:ca:c4:9a:ed:30:42:e4:
         37:ee:ec:24:48:8b:f7:4c:d0:3b:81:b1:8f:68:9b:f6:94:78:
         e8:e2:b0:b4:bc:e1:94:33:8e:29:a5:4a:82:7f:bc:6d:0e:d8:
         a8:2a:25:3d:c0:fa:1b:99:b8:f6:33:a2:6f:9f:ab:fe:6c:bf:
         37:f3:f3:d7:d2:34:d9:89:71:4b:55:5d:f4:01:21:51:90:93:
         8a:d7:a2:d9:66:f5:76:54:55:10:98:ef:df:36:e4:4c:2d:ee:
         98:e4:94:a5:90:9a:18:5f:fd:27:5a:6a:26:37:a2:95:7e:13:
         c5:d5:45:ff:21:e0:ef:81:21:2e:bf:3b:0e:52:ff:43:54:fa:
         2f:7b:0f:8e:fa:eb:39:bf:92:0c:1c:c3:7a:bf:cb:2a:2e:7d:
         04:87:41:d8
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQmbDloK+8PqdwNHEQQTvZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmQ5NDJkOTZlZTk0YTdhNWE2NTJlZjdhYzg1NWRjOTQwMTQxNWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1JJGwIN1V1LfS/chR2HbrUin82C
qAw9cmvc96KjAV/+QwC1X0OHQGQ/3PMHdGxeNVeG0YTShNpAEnc7cwiMRDotxrJt
0ENI33DJxurqHmkEw4pyS/7Mm71ePtE/ninxExqoT+42DCNiWEgooyqgckpUo8p9
IS0ql4pJ3KkHqf3KXEOG1EGSJ2zi/eaflrUVszi0/zAps9Cdsgdlde3CeAUErrKc
mCmuTH/6wxXRKXOL0cag8Isvk6VR1WVtXMj7GbwMKXY63tGgVQa3Cd2zv28SIoLJ
D47L5Zv66PXdHiT+8ZQs3OE8u9/rOScYbfbdnL40iHbwQ3qRN2JOIk1/GQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFMvZQtlu6Up6WmUu96yFXclAFBXfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc3LzA4MmYx
Mi01MTNiLTRlYjktYTE3MS1jNmY2ZDQ0NDkxNWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzcvMDgyZjEy
LTUxM2ItNGViOS1hMTcxLWM2ZjZkNDQ0OTE1Zi8xL3k5bEMyVzdwU25wYVpTNzNy
SVZkeVVBVUZkOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAgUMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwD7lDANBgkqhkiG9w0BAQsFAAOCAQEAn9P/upOZM3cBknUWOXD11AOQkiQk
5jcHs5duivPiXYz4CIujDUWOCfwdqzxtzHGKBbA/zROdW8IJYu+KllKmxpCzod44
yQFQuiCad/AnA3917jGeV55Vrt0IttQkx9Vrq5GsCHfKxJrtMELkN+7sJEiL90zQ
O4Gxj2ib9pR46OKwtLzhlDOOKaVKgn+8bQ7YqColPcD6G5m49jOib5+r/my/N/Pz
19I02YlxS1Vd9AEhUZCTitei2Wb1dlRVEJjv3zbkTC3umOSUpZCaGF/9J1pqJjei
lX4TxdVF/yHg74EhLr87DlL/Q1T6L3sPjvrrOb+SDBzDer/LKi59BIdB2A==
-----END CERTIFICATE-----