Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.cer
File:                     EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.cer (raw, json)
Hash identifier:          jwYpsDqKusNNeBgX5RY+lZRC3HSJCmOWYMQ+82MQIN4=
Subject key identifier:   10:51:50:90:F8:50:E3:37:EB:3B:11:8A:15:7E:4E:39:08:3B:77:A6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C2C4F1E95FC597CABD93FED8712A6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 39260
                          IP: 195.238.88.0/23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:2c:4f:1e:95:fc:59:7c:ab:d9:3f:ed:87:12:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10515090f850e337eb3b118a157e4e39083b77a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fe:07:3a:fa:b2:ce:f9:0a:2d:19:c0:ee:cb:
                    4c:b8:db:fb:cb:ca:99:22:04:71:4c:fe:b4:a4:8e:
                    c6:b3:3b:f1:2f:1d:87:d9:1c:56:60:b9:b2:78:59:
                    e3:f1:bb:e7:fa:c9:bc:df:7a:25:ac:70:70:7b:92:
                    01:52:34:45:b3:87:81:cf:dd:48:01:5d:fa:fb:91:
                    1d:57:47:69:e3:b7:67:47:70:3e:f0:fd:b7:97:5a:
                    fa:a2:39:1a:e7:2f:b5:89:b5:af:cb:09:91:be:1f:
                    d8:8e:72:d2:4e:ab:c0:f1:5c:92:a2:72:f5:0b:8d:
                    fb:e2:d6:2e:17:d7:66:2c:6f:82:0a:e2:97:43:3b:
                    2c:77:f2:7e:77:78:68:6c:27:f8:0c:bd:b7:db:93:
                    d2:24:3e:e7:d1:d6:b0:d3:3a:79:53:af:99:5f:ed:
                    32:e5:35:c1:87:50:b4:4d:64:dd:b2:fc:d4:04:94:
                    b4:63:4b:d7:ae:de:02:59:bf:38:cb:df:39:31:89:
                    65:77:79:41:3a:96:03:e5:f4:1e:40:4b:38:a4:3a:
                    ef:6c:17:29:08:57:a1:3c:93:3f:44:65:a0:8d:cf:
                    47:a4:9e:cb:df:e1:c1:3b:3d:99:8f:58:57:1c:54:
                    af:2c:ee:30:74:29:09:0e:ac:dc:82:61:37:ee:ce:
                    8c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:51:50:90:F8:50:E3:37:EB:3B:11:8A:15:7E:4E:39:08:3B:77:A6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.88.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39260

    Signature Algorithm: sha256WithRSAEncryption
         83:3d:b8:22:b8:21:26:a5:f0:5d:b0:2b:2e:f3:13:b1:3e:c4:
         ff:fb:e1:41:8d:56:a7:bc:98:b9:ff:bd:a5:27:bc:70:a3:e6:
         4e:a8:06:7a:62:c9:04:8d:13:ff:83:69:e9:fe:a9:ee:e4:de:
         92:8d:67:07:84:d6:a8:83:27:15:1d:a9:7f:5d:fe:10:8e:74:
         b9:ea:c2:35:4b:a1:39:9a:36:f1:53:6e:62:a6:d8:01:00:7f:
         77:47:1d:b7:4e:2b:dd:0a:5d:79:3b:60:71:ec:8b:4e:66:77:
         0f:e9:89:2e:b3:e1:5f:7f:41:b5:d2:d6:20:b1:7f:ad:a8:10:
         68:cf:17:4f:97:e4:6d:22:fb:25:7b:e6:a2:c3:90:1c:8b:1c:
         0e:8d:36:8a:bb:b8:8e:73:75:5f:90:03:5f:0a:ef:ca:ed:57:
         f8:d3:16:91:3b:8b:82:6c:f7:b7:29:71:80:7c:ec:32:5b:56:
         da:3c:82:4c:c4:2d:6c:0d:74:37:c7:4f:57:dd:6b:70:32:ea:
         9e:ea:7e:9c:71:dd:19:7b:4a:fa:26:5b:86:91:32:f4:cd:af:
         43:3c:15:f0:28:84:0f:3c:c1:b1:9b:2f:4a:b8:aa:10:fc:b0:
         24:5d:c8:c8:2b:3b:ff:e5:7d:f1:2b:99:08:d7:83:9a:86:82:
         22:be:ab:1c
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQfjCxPHpX8WXyr2T/thxKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDUxNTA5MGY4NTBlMzM3ZWIzYjExOGExNTdlNGUzOTA4M2I3N2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/4HOvqyzvkKLRnA7stMuNv7y8qZ
IgRxTP60pI7GszvxLx2H2RxWYLmyeFnj8bvn+sm833olrHBwe5IBUjRFs4eBz91I
AV36+5EdV0dp47dnR3A+8P23l1r6ojka5y+1ibWvywmRvh/YjnLSTqvA8VySonL1
C4374tYuF9dmLG+CCuKXQzssd/J+d3hobCf4DL2325PSJD7n0daw0zp5U6+ZX+0y
5TXBh1C0TWTdsvzUBJS0Y0vXrt4CWb84y985MYlld3lBOpYD5fQeQEs4pDrvbBcp
CFehPJM/RGWgjc9HpJ7L3+HBOz2Zj1hXHFSvLO4wdCkJDqzcgmE37s6M3QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBBRUJD4UOM36zsRihV+TjkIO3emMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU3LzI0ODIy
Yi02MTg0LTQ2YTAtYmNjNS04ZjI5ZjNkOTgyMTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTcvMjQ4MjJi
LTYxODQtNDZhMC1iY2M1LThmMjlmM2Q5ODIxNC8xL0VGRlFrUGhRNHpmck94R0tG
WDVPT1FnN2Q2WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBw+5YMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCZXDANBgkqhkiG9w0BAQsFAAOCAQEAgz24IrghJqXwXbArLvMTsT7E//vhQY1W
p7yYuf+9pSe8cKPmTqgGemLJBI0T/4Np6f6p7uTeko1nB4TWqIMnFR2pf13+EI50
uerCNUuhOZo28VNuYqbYAQB/d0cdt04r3QpdeTtgceyLTmZ3D+mJLrPhX39BtdLW
ILF/ragQaM8XT5fkbSL7JXvmosOQHIscDo02iru4jnN1X5ADXwrvyu1X+NMWkTuL
gmz3tylxgHzsMltW2jyCTMQtbA10N8dPV91rcDLqnup+nHHdGXtK+iZbhpEy9M2v
QzwV8CiEDzzBsZsvSriqEPywJF3IyCs7/+V98SuZCNeDmoaCIr6rHA==
-----END CERTIFICATE-----