Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zO__wVqDo4vdqM_hIMM1Jn3OUPM.cer
File:                     zO__wVqDo4vdqM_hIMM1Jn3OUPM.cer (raw, json)
Hash identifier:          Vo1LQKmoRXs0I3eVLz/BOaT0nUtEZQpF61vz/PNhc80=
Subject key identifier:   CC:EF:FF:C1:5A:83:A3:8B:DD:A8:CF:E1:20:C3:35:26:7D:CE:50:F3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FC77182B033724CD8F223FB4CC1C86
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/zO__wVqDo4vdqM_hIMM1Jn3OUPM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:48:10 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 41041
                          IP: 89.207.16.0/21
                          IP: 2a02:fa8::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:77:18:2b:03:37:24:cd:8f:22:3f:b4:cc:1c:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccefffc15a83a38bdda8cfe120c335267dce50f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:bc:83:45:93:be:70:6e:26:ed:f6:96:dd:72:
                    ed:cf:b6:09:71:2c:9f:9d:1d:9a:84:89:9b:11:1b:
                    db:5a:12:57:f7:54:61:23:07:47:a6:0b:20:f2:6b:
                    78:d5:1a:58:d2:40:8d:cb:d8:4b:02:88:29:1b:c0:
                    a3:63:a1:cc:2c:d6:c1:21:c4:b1:15:30:a9:fa:21:
                    bd:9c:63:a2:f3:23:d5:8a:01:a2:24:c9:d7:ee:1a:
                    41:ef:b3:3f:c3:e1:31:a4:93:54:ac:42:93:f9:c1:
                    9b:fe:1c:9c:4c:ee:1e:28:ce:6c:95:91:58:93:64:
                    db:a6:2b:10:09:83:86:72:42:75:79:8f:75:e0:20:
                    d2:0a:83:06:0e:ba:25:59:58:3e:7a:91:32:66:ae:
                    5b:be:db:a7:0c:67:b7:83:e1:90:3b:81:d9:6d:f1:
                    8c:6e:14:57:2e:94:8f:2a:39:0a:47:5a:ac:c8:47:
                    ca:f0:f0:4e:ce:98:7d:ae:58:13:73:82:b7:7b:03:
                    04:3f:70:a0:9b:82:c0:95:a0:f3:7d:1c:6f:66:aa:
                    ca:88:4f:b6:ca:0b:f9:94:1b:cc:b1:a0:41:fe:ec:
                    ea:cf:55:4b:31:12:bb:22:c7:4b:54:f3:b2:2f:f8:
                    88:39:dc:7c:19:37:a1:49:28:a0:0c:15:29:6b:c5:
                    a8:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EF:FF:C1:5A:83:A3:8B:DD:A8:CF:E1:20:C3:35:26:7D:CE:50:F3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/zO__wVqDo4vdqM_hIMM1Jn3OUPM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.16.0/21
                IPv6:
                  2a02:fa8::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41041

    Signature Algorithm: sha256WithRSAEncryption
         5f:04:07:b6:4f:13:9e:bc:c3:21:d1:a2:a6:d1:9e:a0:ba:12:
         df:4c:c0:4c:77:2e:de:0f:7c:1d:59:78:6f:f3:bd:a4:06:dd:
         82:57:3c:65:8a:06:88:42:fa:21:0e:13:1e:d1:c8:03:cf:d1:
         80:9c:01:0f:ce:02:0d:ab:a2:cd:f5:81:0d:19:c6:75:9c:e0:
         a7:4f:31:d3:17:25:a0:d1:54:44:f7:69:b2:9b:a5:a4:00:d4:
         f9:cc:46:9a:0e:f9:04:6c:c4:7e:94:21:a8:fe:81:df:93:92:
         0a:b8:e7:cf:22:2b:c5:1d:46:6a:ec:00:28:e1:05:6a:ff:8d:
         05:ce:13:c3:45:05:55:59:72:33:f8:a5:c1:ad:3f:74:de:3a:
         37:6d:ad:a8:c7:4b:6f:39:e9:f7:68:37:9a:3b:01:b2:c1:95:
         c3:18:ec:35:ed:a7:db:2c:b4:5a:99:6e:e0:e2:8f:cf:5c:03:
         30:91:f9:f5:52:6a:93:1c:20:25:60:82:3e:17:f6:74:5a:f5:
         2f:75:b8:a4:c8:2d:04:cb:6e:27:2b:e2:9b:7f:8c:7f:05:47:
         2c:69:c6:2a:3d:ed:d4:7b:d3:7f:da:5d:02:de:fc:4a:08:04:
         98:89:d9:14:a0:2e:4e:3f:e3:e1:87:a1:7c:e8:b5:b0:8f:4e:
         de:23:a7:f6
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQl/HcYKwM3JM2PIj+0zByGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2VmZmZjMTVhODNhMzhiZGRhOGNmZTEyMGMzMzUyNjdkY2U1MGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobyDRZO+cG4m7faW3XLtz7YJcSyf
nR2ahImbERvbWhJX91RhIwdHpgsg8mt41RpY0kCNy9hLAogpG8CjY6HMLNbBIcSx
FTCp+iG9nGOi8yPVigGiJMnX7hpB77M/w+ExpJNUrEKT+cGb/hycTO4eKM5slZFY
k2TbpisQCYOGckJ1eY914CDSCoMGDrolWVg+epEyZq5bvtunDGe3g+GQO4HZbfGM
bhRXLpSPKjkKR1qsyEfK8PBOzph9rlgTc4K3ewMEP3Cgm4LAlaDzfRxvZqrKiE+2
ygv5lBvMsaBB/uzqz1VLMRK7IsdLVPOyL/iIOdx8GTehSSigDBUpa8WoDQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFMzv/8Fag6OL3ajP4SDDNSZ9zlDzMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU0L2NmZDQ4
OC1hMjVkLTQzOWEtYmQxNy00YmViNWRmZjE3MDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvY2ZkNDg4
LWEyNWQtNDM5YS1iZDE3LTRiZWI1ZGZmMTcwMS8xL3pPX193VnFEbzR2ZHFNX2hJ
TU0xSm4zT1VQTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQDWc8QMA0EAgACMAcDBQAqAg+oMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCgUTANBgkqhkiG9w0BAQsFAAOCAQEAXwQHtk8TnrzD
IdGiptGeoLoS30zATHcu3g98HVl4b/O9pAbdglc8ZYoGiEL6IQ4THtHIA8/RgJwB
D84CDauizfWBDRnGdZzgp08x0xcloNFURPdpspulpADU+cxGmg75BGzEfpQhqP6B
35OSCrjnzyIrxR1GauwAKOEFav+NBc4Tw0UFVVlyM/ilwa0/dN46N22tqMdLbznp
92g3mjsBssGVwxjsNe2n2yy0Wplu4OKPz1wDMJH59VJqkxwgJWCCPhf2dFr1L3W4
pMgtBMtuJyvim3+MfwVHLGnGKj3t1HvTf9pdAt78SggEmInZFKAuTj/j4YehfOi1
sI9O3iOn9g==
-----END CERTIFICATE-----