Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.cer
File:                     1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.cer (raw, json)
Hash identifier:          1WS3nwqoQd0IWOgrSt8bqxOnylVMFbeilDrejHBi7Uk=
Subject key identifier:   F9:8D:FF:F7:F3:CD:AA:79:AA:8C:51:F5:CE:12:B2:38:70:64:40:81
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D6025134BDE07611E559D28CD0F697
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:03 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 216170
                          IP: 195.62.50.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:02:51:34:bd:e0:76:11:e5:59:d2:8c:d0:f6:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f98dfff7f3cdaa79aa8c51f5ce12b23870644081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:e8:0d:3b:a3:a2:15:5e:5e:68:8e:c5:e5:de:
                    b3:9a:de:48:8a:15:62:bf:d6:61:40:64:96:82:a4:
                    45:b3:85:c3:d0:6e:1b:ed:ed:19:96:3d:35:4b:9c:
                    55:a5:1a:d3:5b:fc:b0:ab:e4:8f:2d:f3:42:e5:46:
                    10:f5:a1:00:7f:3e:87:e4:e1:39:30:89:f0:85:5f:
                    c6:35:46:82:d2:fa:8a:1e:f8:4b:df:a9:48:07:e3:
                    ae:1c:dd:7d:1f:56:cb:36:01:00:ce:73:52:a1:90:
                    94:84:58:85:ac:4a:ee:93:1b:c1:91:24:53:cb:96:
                    65:f8:9c:b2:6c:81:34:f1:6e:f0:7f:b6:94:ec:51:
                    70:f8:4a:88:37:87:92:18:bb:96:8d:26:91:70:a6:
                    ec:45:ff:2e:db:d6:64:e3:ea:c3:22:b0:8f:3c:0e:
                    30:dc:81:7d:76:ec:3d:e7:39:67:53:9e:94:b5:95:
                    c5:fa:cd:c8:4c:ac:62:b7:4c:95:63:28:91:55:40:
                    35:3f:e0:0e:a7:2b:f5:da:bb:94:d2:d3:a6:21:83:
                    22:65:5f:d1:b2:23:f6:12:16:e9:79:04:0a:a9:a6:
                    bd:cc:e9:98:ff:e6:ef:a6:6d:5c:f9:e0:70:d2:84:
                    de:2c:87:c2:0f:14:4b:7c:a9:c2:81:d0:3e:26:3d:
                    71:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:8D:FF:F7:F3:CD:AA:79:AA:8C:51:F5:CE:12:B2:38:70:64:40:81
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.50.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216170

    Signature Algorithm: sha256WithRSAEncryption
         a9:94:7f:5c:a0:40:51:27:47:99:a3:ac:58:93:df:c9:f6:b0:
         30:e4:3d:e5:b5:db:52:72:0b:e5:c8:5e:15:00:56:e2:36:7c:
         7e:e4:b0:49:46:02:9d:87:3f:bf:24:7b:3a:dc:3a:96:d0:fb:
         62:c2:7a:24:75:ab:1d:b6:b1:41:d8:ee:35:ad:d2:92:ad:9f:
         0a:9f:b7:01:56:e3:ae:8f:be:ec:67:14:ee:a5:b6:63:15:7e:
         e0:c4:f7:43:02:c8:f7:21:94:2e:53:8a:79:73:cd:47:bc:87:
         e7:d0:41:7a:48:4e:a9:14:ad:fe:7c:02:b1:27:66:8c:ba:be:
         f8:f8:00:48:8f:39:0a:68:ea:d3:0d:66:21:c0:0d:da:5b:9e:
         14:a9:f3:62:6e:c2:8c:9e:dd:00:9d:69:a4:2f:70:ff:24:6f:
         7e:d4:08:fe:d0:1f:e2:9d:77:e9:91:a9:c7:47:f7:34:8f:43:
         73:c7:13:f5:54:4f:1e:c8:13:e8:da:d9:15:3a:5b:f2:d6:43:
         a5:5b:0a:64:df:4b:0e:0f:93:eb:25:85:6b:0f:78:ad:eb:0d:
         4c:c2:76:bc:80:89:a5:b6:37:cf:41:3d:71:34:73:27:4f:1e:
         69:7a:6a:bb:25:b4:66:65:ac:86:1d:73:09:c3:a1:2d:71:03:
         1c:bd:ad:c2
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZQg1gJRNL3gdhHlWdKM0PaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOThkZmZmN2YzY2RhYTc5YWE4YzUxZjVjZTEyYjIzODcwNjQ0MDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8OgNO6OiFV5eaI7F5d6zmt5IihVi
v9ZhQGSWgqRFs4XD0G4b7e0Zlj01S5xVpRrTW/ywq+SPLfNC5UYQ9aEAfz6H5OE5
MInwhV/GNUaC0vqKHvhL36lIB+OuHN19H1bLNgEAznNSoZCUhFiFrErukxvBkSRT
y5Zl+JyybIE08W7wf7aU7FFw+EqIN4eSGLuWjSaRcKbsRf8u29Zk4+rDIrCPPA4w
3IF9duw95zlnU56UtZXF+s3ITKxit0yVYyiRVUA1P+AOpyv12ruU0tOmIYMiZV/R
siP2EhbpeQQKqaa9zOmY/+bvpm1c+eBw0oTeLIfCDxRLfKnCgdA+Jj1xHwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFPmN//fzzap5qoxR9c4SsjhwZECBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY4LzU0NzFh
OC1hZWRmLTRkODYtYTQ2ZC03ODhjNjMwNmJiM2YvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjgvNTQ3MWE4
LWFlZGYtNGQ4Ni1hNDZkLTc4OGM2MzA2YmIzZi8xLzEtWTNfOV9QTnFubXFqRkgx
emhLeU9IQmtRSUUubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMM+MjAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDTGowDQYJKoZIhvcNAQELBQADggEBAKmUf1ygQFEnR5mjrFiT38n2sDDkPeW1
21JyC+XIXhUAVuI2fH7ksElGAp2HP78kezrcOpbQ+2LCeiR1qx22sUHY7jWt0pKt
nwqftwFW466PvuxnFO6ltmMVfuDE90MCyPchlC5TinlzzUe8h+fQQXpITqkUrf58
ArEnZoy6vvj4AEiPOQpo6tMNZiHADdpbnhSp82Juwoye3QCdaaQvcP8kb37UCP7Q
H+Kdd+mRqcdH9zSPQ3PHE/VUTx7IE+ja2RU6W/LWQ6VbCmTfSw4Pk+slhWsPeK3r
DUzCdryAiaW2N89BPXE0cydPHml6arsltGZlrIYdcwnDoS1xAxy9rcI=
-----END CERTIFICATE-----