Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
File:                     J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer (raw, json)
Hash identifier:          d76CbwcLxBPzvGyUEciCVybmGf8Dz46weFvxxahq4+k=
Subject key identifier:   27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942747894B95DD25F7274B67016F672578
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:49:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 203512
                          IP: 185.129.120.0/22
                          IP: 2a04:73c0::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:89:4b:95:dd:25:f7:27:4b:67:01:6f:67:25:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:05:bf:b5:07:b6:9e:d8:21:1a:4b:0f:60:04:
                    b2:20:6a:96:98:22:8f:3a:2e:c4:ac:b2:d1:79:0b:
                    cb:ff:95:2b:d1:6a:a4:da:0f:e1:75:4c:64:f2:d2:
                    9a:d4:5f:b8:a8:a3:0d:4a:e0:57:ba:28:9f:37:72:
                    b6:e0:c4:1d:7c:a1:6e:d9:4d:d9:a6:15:ce:c0:b5:
                    f2:11:05:34:9a:34:36:e2:28:6f:69:60:23:bd:22:
                    2f:33:7f:75:76:b0:3a:ba:71:6a:15:de:2a:7f:6e:
                    55:8b:76:2e:b9:b2:a1:3b:22:53:64:56:52:31:a6:
                    af:38:93:6c:51:d7:d2:ca:cc:37:87:df:7d:6c:0f:
                    12:90:43:76:64:ed:58:65:e6:12:e2:db:a9:6e:f1:
                    6c:19:22:12:c5:67:ef:e9:dd:c2:c7:1b:c6:ac:59:
                    d6:67:2a:5e:76:9a:32:cb:7e:f5:d1:44:93:32:4b:
                    68:0d:11:71:14:60:6b:10:f7:11:6d:77:7b:5c:b4:
                    b3:ee:91:98:ce:64:65:d3:9a:ab:05:13:bd:dd:32:
                    0b:a6:df:0c:45:a7:22:35:84:c2:87:fc:01:70:10:
                    53:ea:a4:f3:c3:0f:64:0a:f5:16:1b:a2:6c:ba:c6:
                    a6:5e:d3:00:fb:37:0a:d0:ac:88:6b:8d:72:54:89:
                    2d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.120.0/22
                IPv6:
                  2a04:73c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203512

    Signature Algorithm: sha256WithRSAEncryption
         4e:65:ab:6b:50:de:5f:68:83:2f:e0:d3:d5:9d:89:fe:7d:dc:
         9f:08:24:ee:d7:e7:0d:db:76:fa:96:b9:31:42:0f:0d:9b:6a:
         8d:ec:81:59:25:a5:ac:09:9a:86:0c:b0:0f:3b:a9:13:85:4a:
         da:c4:d9:77:b4:ca:1a:66:77:be:20:73:42:06:1b:87:91:64:
         04:1d:00:3b:46:c3:00:7c:39:49:d9:6f:88:9e:69:92:31:c3:
         71:96:21:e0:0a:28:b4:16:7b:ae:eb:8a:3c:eb:ec:7c:c0:ad:
         c6:36:3b:f9:8a:5e:95:04:bb:51:70:55:75:b4:98:95:53:a3:
         b5:0e:25:3c:10:91:2c:97:1b:9e:be:37:83:fd:a0:74:64:b9:
         63:d8:7b:b4:15:2f:bb:3c:2c:5a:f4:7f:0b:d3:df:b4:65:1b:
         65:f3:da:f5:e5:d9:3a:d8:e7:9c:dd:a5:db:d1:d8:e2:6f:49:
         b1:0d:0c:89:d4:76:cf:27:6c:df:5b:13:d2:63:93:51:f9:df:
         04:ee:88:b1:83:4c:39:4e:db:f7:11:84:1c:74:b0:27:5b:5e:
         3b:a4:92:40:b8:9c:3b:62:ba:6e:4e:a1:6c:0c:55:9a:49:fa:
         c2:83:56:2c:70:0a:a4:4f:4a:5c:1c:2d:6e:34:f6:e5:c0:aa:
         37:64:2f:cc
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQnR4lLld0l9ydLZwFvZyV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzk2Njk1NzliM2NlNjFlZThlZTdkNmFmN2UzMTRiMGY3MjYzNjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAW/tQe2ntghGksPYASyIGqWmCKP
Oi7ErLLReQvL/5Ur0Wqk2g/hdUxk8tKa1F+4qKMNSuBXuiifN3K24MQdfKFu2U3Z
phXOwLXyEQU0mjQ24ihvaWAjvSIvM391drA6unFqFd4qf25Vi3YuubKhOyJTZFZS
MaavOJNsUdfSysw3h999bA8SkEN2ZO1YZeYS4tupbvFsGSISxWfv6d3CxxvGrFnW
Zypedpoyy3710USTMktoDRFxFGBrEPcRbXd7XLSz7pGYzmRl05qrBRO93TILpt8M
RaciNYTCh/wBcBBT6qTzww9kCvUWG6JsusamXtMA+zcK0KyIa41yVIktLwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFCeWaVebPOYe6O59avfjFLD3JjYfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhhLzExODQx
My1iN2FhLTQ1OWMtOTlmYS00ZGUxYjUyMGE1OTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEvMTE4NDEz
LWI3YWEtNDU5Yy05OWZhLTRkZTFiNTIwYTU5NC8xL0o1WnBWNXM4NWg3bzduMXE5
LU1Vc1BjbU5oOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuYF4MA0EAgACMAcDBQMqBHPAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMa+DANBgkqhkiG9w0BAQsFAAOCAQEATmWra1DeX2iD
L+DT1Z2J/n3cnwgk7tfnDdt2+pa5MUIPDZtqjeyBWSWlrAmahgywDzupE4VK2sTZ
d7TKGmZ3viBzQgYbh5FkBB0AO0bDAHw5SdlviJ5pkjHDcZYh4AootBZ7ruuKPOvs
fMCtxjY7+YpelQS7UXBVdbSYlVOjtQ4lPBCRLJcbnr43g/2gdGS5Y9h7tBUvuzws
WvR/C9PftGUbZfPa9eXZOtjnnN2l29HY4m9JsQ0MidR2zyds31sT0mOTUfnfBO6I
sYNMOU7b9xGEHHSwJ1teO6SSQLicO2K6bk6hbAxVmkn6woNWLHAKpE9KXBwtbjT2
5cCqN2QvzA==
-----END CERTIFICATE-----