Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8WsoQW3b85-ySwmWaGrPrOdsmNU.cer
File:                     8WsoQW3b85-ySwmWaGrPrOdsmNU.cer (raw, json)
Hash identifier:          YOOHcyi1dEiQE3s7QJESXR/SwLdVmwfs4PoFFxbwvFM=
Subject key identifier:   F1:6B:28:41:6D:DB:F3:9F:B2:4B:09:96:68:6A:CF:AC:E7:6C:98:D5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FCC5BC738BC54F885462E099DDCAD7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/8WsoQW3b85-ySwmWaGrPrOdsmNU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:48:30 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 85.119.104.0/21
                          IP: 185.85.112.0/22
                          IP: 2a01:9780::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:c5:bc:73:8b:c5:4f:88:54:62:e0:99:dd:ca:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f16b28416ddbf39fb24b0996686acface76c98d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:59:69:55:1d:8e:6d:9d:88:b2:f1:84:31:d6:
                    d4:18:93:70:1b:27:82:f8:ff:91:96:99:3d:33:78:
                    2d:c7:ec:dc:ff:6d:9a:c4:0d:78:6a:97:a5:a2:17:
                    35:15:01:3f:c3:0d:ff:51:29:4d:a8:af:c6:31:87:
                    f2:84:d7:fe:bb:2b:8b:e7:0c:b5:20:bc:e7:45:57:
                    ab:97:15:07:a5:69:dd:52:f3:f0:ab:01:66:64:83:
                    b6:cd:26:a3:2a:c5:55:af:74:f7:9f:47:f9:e3:50:
                    56:6f:3c:ef:b5:ad:54:8d:51:82:4b:8b:c2:5f:9b:
                    30:0c:46:9d:04:23:b9:d2:24:8c:ec:b0:d5:03:24:
                    b7:a0:f8:f6:f3:c7:71:f4:a1:92:85:2e:78:7d:12:
                    da:d6:b7:41:91:fd:c2:75:6f:66:47:8f:cb:4a:38:
                    a5:89:8f:27:92:fc:52:d4:3c:8f:74:81:cb:8a:5d:
                    cb:4a:da:08:74:d9:d2:dc:68:db:0b:07:85:d6:92:
                    69:1e:62:bc:5a:e1:fa:e2:ad:b5:19:1a:11:ca:c2:
                    70:0f:03:af:8c:59:e5:43:6d:4c:32:d0:91:80:85:
                    fc:f2:37:5f:42:9c:72:b8:f3:ad:90:24:35:00:96:
                    5b:ce:c9:f0:04:9d:ae:cc:01:0e:95:6f:c3:3f:51:
                    05:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:6B:28:41:6D:DB:F3:9F:B2:4B:09:96:68:6A:CF:AC:E7:6C:98:D5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/8WsoQW3b85-ySwmWaGrPrOdsmNU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.119.104.0/21
                  185.85.112.0/22
                IPv6:
                  2a01:9780::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:c1:28:99:7d:de:a6:5e:5e:40:79:6c:6c:01:f6:6f:8b:be:
         31:75:6a:99:da:04:ee:f0:d5:9f:62:2f:6b:d9:c0:e6:5c:a6:
         3e:85:8e:67:ba:99:4b:7a:3e:11:38:04:9a:16:d3:93:f7:c7:
         c3:c6:fa:7b:b9:08:d7:87:a6:96:fa:5b:b7:99:bc:5e:cb:21:
         e2:71:a6:55:90:b9:2b:70:ef:02:29:84:30:db:53:46:a0:64:
         d3:78:70:fa:35:28:36:ce:fe:e1:57:f7:3f:a0:98:9f:8f:cc:
         21:65:2c:35:20:68:8d:a6:32:17:ad:9c:e3:e9:cd:b3:00:e4:
         b9:bc:77:00:c1:6d:75:50:98:dc:00:94:eb:49:90:44:f7:02:
         19:8e:65:b2:ab:6a:d0:3b:fd:df:17:c4:47:c5:21:11:27:bd:
         db:f3:bc:43:71:fc:d9:4b:92:b0:0a:55:43:3f:80:69:26:47:
         bc:43:38:d6:df:f8:2c:92:c3:b3:ab:39:1b:8e:96:40:54:85:
         c0:42:0e:4e:84:4c:86:55:62:58:6c:df:a3:7a:b2:21:31:6b:
         c9:eb:96:5a:50:47:f5:c6:99:3f:e1:30:0c:a0:ed:aa:df:4a:
         85:73:20:8f:51:db:92:e2:03:48:ec:a2:1e:28:e4:dd:f9:00:
         f8:95:c7:48
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAZQl/MW8c4vFT4hUYuCZ3crXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTZiMjg0MTZkZGJmMzlmYjI0YjA5OTY2ODZhY2ZhY2U3NmM5OGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzllpVR2ObZ2IsvGEMdbUGJNwGyeC
+P+Rlpk9M3gtx+zc/22axA14apelohc1FQE/ww3/USlNqK/GMYfyhNf+uyuL5wy1
ILznRVerlxUHpWndUvPwqwFmZIO2zSajKsVVr3T3n0f541BWbzzvta1UjVGCS4vC
X5swDEadBCO50iSM7LDVAyS3oPj288dx9KGShS54fRLa1rdBkf3CdW9mR4/LSjil
iY8nkvxS1DyPdIHLil3LStoIdNnS3GjbCweF1pJpHmK8WuH64q21GRoRysJwDwOv
jFnlQ21MMtCRgIX88jdfQpxyuPOtkCQ1AJZbzsnwBJ2uzAEOlW/DP1EFmQIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFPFrKEFt2/OfsksJlmhqz6znbJjVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I5L2IxNjVj
YS0yZjMzLTRlOGUtYTg5Ni1jZGFhNTgxNTE4ZjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkvYjE2NWNh
LTJmMzMtNGU4ZS1hODk2LWNkYWE1ODE1MThmMy8xLzhXc29RVzNiODUteVN3bVdh
R3JQck9kc21OVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQDVXdoAwQCuVVwMA0EAgACMAcDBQAqAZeAMA0G
CSqGSIb3DQEBCwUAA4IBAQCwwSiZfd6mXl5AeWxsAfZvi74xdWqZ2gTu8NWfYi9r
2cDmXKY+hY5nuplLej4ROASaFtOT98fDxvp7uQjXh6aW+lu3mbxeyyHicaZVkLkr
cO8CKYQw21NGoGTTeHD6NSg2zv7hV/c/oJifj8whZSw1IGiNpjIXrZzj6c2zAOS5
vHcAwW11UJjcAJTrSZBE9wIZjmWyq2rQO/3fF8RHxSERJ73b87xDcfzZS5KwClVD
P4BpJke8QzjW3/gsksOzqzkbjpZAVIXAQg5OhEyGVWJYbN+jerIhMWvJ65ZaUEf1
xpk/4TAMoO2q30qFcyCPUduS4gNI7KIeKOTd+QD4lcdI
-----END CERTIFICATE-----