Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9QG54gYW1oa0BdqQavpZdjUGNkA.cer
File:                     9QG54gYW1oa0BdqQavpZdjUGNkA.cer (raw, json)
Hash identifier:          O8Qfvw3IPOWnSdBIwpTXW/dEr9EjGdKl4gABYl/4NZw=
Subject key identifier:   F5:01:B9:E2:06:16:D6:86:B4:05:DA:90:6A:FA:59:76:35:06:36:40
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221FDF29A8AFFD0C075DAEC7FB2BA1E7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/9QG54gYW1oa0BdqQavpZdjUGNkA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:21 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 34204
                          IP: 195.95.222.0/23
                          IP: 195.135.244.0/22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:df:29:a8:af:fd:0c:07:5d:ae:c7:fb:2b:a1:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f501b9e20616d686b405da906afa597635063640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ac:1d:a7:42:df:ee:c9:b6:3b:8d:e7:a9:31:
                    b1:bd:15:b9:e4:c3:db:51:3c:b4:1d:de:4f:bf:78:
                    fe:35:06:1c:5f:85:41:c8:3f:c0:0a:45:e8:0a:83:
                    79:dd:7e:e3:ee:26:02:02:38:97:3d:3c:9e:ce:59:
                    9d:29:5c:a6:7f:76:bb:c8:1d:26:f3:cb:5d:d2:39:
                    47:76:a6:29:fd:6f:02:5b:a6:24:10:0c:a0:cd:ce:
                    36:c4:93:be:9e:ae:c4:d3:89:7f:52:80:0e:9c:b8:
                    91:6f:f4:56:d6:cb:76:76:7b:c9:79:b3:72:7a:76:
                    4f:8b:1a:0a:64:64:20:8a:69:0a:0d:86:aa:7b:52:
                    ad:20:e4:b1:de:fd:88:d0:10:1d:ce:a7:4b:81:d7:
                    b6:bf:ea:c1:2f:fd:00:62:47:e8:85:4b:f4:9c:bb:
                    16:44:c5:24:ed:12:dd:b1:46:8f:ff:ac:eb:dd:91:
                    7a:03:2a:57:d0:dd:21:a5:5a:9c:c7:50:65:59:8f:
                    72:6e:15:56:c2:c6:61:15:f6:cd:7a:b0:29:aa:19:
                    fb:3d:c6:a3:63:6a:e6:ea:24:57:5e:d4:f8:e6:02:
                    43:d9:a2:c0:30:e3:8e:63:a1:4e:6c:43:2c:f1:1a:
                    99:c8:e7:66:45:88:df:a5:d8:13:9d:f6:7c:c6:06:
                    7d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:01:B9:E2:06:16:D6:86:B4:05:DA:90:6A:FA:59:76:35:06:36:40
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/9QG54gYW1oa0BdqQavpZdjUGNkA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.222.0/23
                  195.135.244.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34204

    Signature Algorithm: sha256WithRSAEncryption
         aa:3f:43:1d:48:b3:95:2c:c6:c4:40:d2:19:2c:da:f9:57:2f:
         96:e3:a1:d8:3c:01:06:d4:0a:99:7b:05:2f:e0:65:2d:43:73:
         fc:50:57:ae:7d:f7:3a:1d:1e:be:7d:ac:36:dc:4c:31:60:4f:
         74:79:1c:b7:c5:93:2a:c8:64:3d:38:8c:08:1a:46:52:98:5d:
         af:39:3e:76:c9:51:76:4a:d0:8d:1b:3d:78:bf:40:4d:69:89:
         30:3d:e1:a5:a3:29:30:90:a9:da:9b:8b:42:2c:9b:c7:c2:81:
         aa:3d:b3:3e:9f:2c:0f:68:75:44:0d:4e:e6:5d:72:e4:f2:35:
         24:b8:c0:a6:6e:db:41:88:7f:16:11:cb:c7:3a:69:cf:ac:fe:
         92:be:86:ca:6e:5d:c4:e5:13:82:f7:3b:61:0d:6b:1d:af:c3:
         71:e1:58:6f:0b:d8:87:90:2f:28:ea:54:21:4d:b1:b6:4b:04:
         65:89:5d:0a:14:3b:75:48:ba:3e:d5:bf:88:a9:73:97:e9:9f:
         30:6b:b8:29:57:7c:7a:5c:0c:45:4d:88:98:fa:0a:84:a4:3d:
         f1:50:96:27:cc:0d:a3:39:29:15:1d:f6:a6:d8:af:a9:76:dc:
         5a:4a:46:06:d1:9b:37:37:37:78:e6:48:0f:6d:71:8d:45:95:
         44:c6:b0:8b
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAZQiH98pqK/9DAddrsf7K6HnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTAxYjllMjA2MTZkNjg2YjQwNWRhOTA2YWZhNTk3NjM1MDYzNjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxawdp0Lf7sm2O43nqTGxvRW55MPb
UTy0Hd5Pv3j+NQYcX4VByD/ACkXoCoN53X7j7iYCAjiXPTyezlmdKVymf3a7yB0m
88td0jlHdqYp/W8CW6YkEAygzc42xJO+nq7E04l/UoAOnLiRb/RW1st2dnvJebNy
enZPixoKZGQgimkKDYaqe1KtIOSx3v2I0BAdzqdLgde2v+rBL/0AYkfohUv0nLsW
RMUk7RLdsUaP/6zr3ZF6AypX0N0hpVqcx1BlWY9ybhVWwsZhFfbNerApqhn7Pcaj
Y2rm6iRXXtT45gJD2aLAMOOOY6FObEMs8RqZyOdmRYjfpdgTnfZ8xgZ95wIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFPUBueIGFtaGtAXakGr6WXY1BjZAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ0LzdhZmNl
NC0yMThiLTQ3ZWQtOTVhYi03NWQ1ODQzYWE0ODkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvN2FmY2U0
LTIxOGItNDdlZC05NWFiLTc1ZDU4NDNhYTQ4OS8xLzlRRzU0Z1lXMW9hMEJkcVFh
dnBaZGpVR05rQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBw1/eAwQCw4f0MBoGCCsGAQUFBwEIAQH/BAsw
CaAHMAUCAwCFnDANBgkqhkiG9w0BAQsFAAOCAQEAqj9DHUizlSzGxEDSGSza+Vcv
luOh2DwBBtQKmXsFL+BlLUNz/FBXrn33Oh0evn2sNtxMMWBPdHkct8WTKshkPTiM
CBpGUphdrzk+dslRdkrQjRs9eL9ATWmJMD3hpaMpMJCp2puLQiybx8KBqj2zPp8s
D2h1RA1O5l1y5PI1JLjApm7bQYh/FhHLxzppz6z+kr6Gym5dxOUTgvc7YQ1rHa/D
ceFYbwvYh5AvKOpUIU2xtksEZYldChQ7dUi6PtW/iKlzl+mfMGu4KVd8elwMRU2I
mPoKhKQ98VCWJ8wNozkpFR32ptivqXbcWkpGBtGbNzc3eOZID21xjUWVRMawiw==
-----END CERTIFICATE-----