Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KlCC3GVGvN8PcKUPyOZXiVMfMU8.cer
File:                     KlCC3GVGvN8PcKUPyOZXiVMfMU8.cer (raw, json)
Hash identifier:          1/KhpQ8jeViN+HPa3JGqQLwbuT7Cd/nOHHeW+0dbVbg=
Subject key identifier:   2A:50:82:DC:65:46:BC:DF:0F:70:A5:0F:C8:E6:57:89:53:1F:31:4F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018FF70B6175F0C90D113C1D87EBC16E1036
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/fd14eed6-48bf-4167-81bb-f675d6f19a3a/0/2A5082DC6546BCDF0F70A50FC8E65789531F314F.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/fd14eed6-48bf-4167-81bb-f675d6f19a3a/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sat 08 Jun 2024 08:51:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214757
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f7:0b:61:75:f0:c9:0d:11:3c:1d:87:eb:c1:6e:10:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  8 08:51:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a5082dc6546bcdf0f70a50fc8e65789531f314f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:30:a4:06:67:08:5c:ba:ce:14:d4:9b:2e:a5:
                    8e:77:58:b6:da:74:af:38:e7:e2:5d:af:92:e3:1a:
                    7d:f0:c2:da:1e:16:bb:37:cc:28:3b:7f:91:d8:7a:
                    f9:c6:a5:56:3d:e7:bf:fb:00:66:bb:66:ca:10:63:
                    ca:df:6e:da:92:5f:7c:26:1d:eb:89:00:06:76:8f:
                    04:f0:24:88:1b:4c:5f:eb:5b:f2:94:7a:40:28:9e:
                    2b:6f:47:d9:51:d2:40:ec:11:fc:b0:1e:d2:78:3f:
                    6e:3b:cd:91:b5:82:18:83:f4:ce:4b:27:be:a3:49:
                    78:96:a3:2c:a8:2c:aa:29:b0:7d:88:34:be:86:f1:
                    81:0d:4b:27:04:f9:53:5b:04:d2:53:50:c5:2d:64:
                    fb:e4:f9:b9:23:fd:59:69:f0:ff:13:4c:45:f5:1d:
                    2a:7b:c0:72:13:94:2e:0e:ce:3d:90:b3:ad:4e:0e:
                    3c:46:c8:cc:4f:b5:e4:b5:dc:12:53:94:88:5f:ca:
                    fa:7d:c8:81:8a:ea:16:3a:59:c8:3d:a6:68:38:5d:
                    a1:3c:7d:60:99:a4:de:b9:10:73:8b:03:1d:90:6a:
                    73:e2:40:3d:12:8a:89:e8:06:83:d7:45:96:84:e6:
                    70:05:29:c4:09:89:db:ad:82:30:74:76:f4:9a:dd:
                    a4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:50:82:DC:65:46:BC:DF:0F:70:A5:0F:C8:E6:57:89:53:1F:31:4F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/fd14eed6-48bf-4167-81bb-f675d6f19a3a/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/fd14eed6-48bf-4167-81bb-f675d6f19a3a/0/2A5082DC6546BCDF0F70A50FC8E65789531F314F.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214757

    Signature Algorithm: sha256WithRSAEncryption
         a7:7d:c6:71:ea:be:73:db:e9:20:32:15:fd:76:e0:6e:a1:19:
         f3:f6:69:a1:6e:dc:42:26:dd:72:cd:b6:8e:aa:da:37:50:d9:
         a1:31:22:d3:e4:a6:8e:a2:6d:51:7a:08:b1:c3:23:ac:cd:ed:
         d8:24:4e:aa:da:ae:f4:31:f1:91:d6:18:7d:9d:e0:ca:c0:9e:
         55:fe:7c:28:32:c2:a9:5b:4d:bf:bd:e0:8d:cc:d6:04:60:f0:
         4a:47:bb:32:84:5f:7a:4b:d3:eb:7c:8b:61:85:a7:cd:66:8b:
         50:6d:d3:d3:b1:40:d7:d0:e4:08:1e:2a:7f:9e:fc:52:da:3a:
         36:f6:30:e5:92:79:aa:11:e6:16:0b:be:ce:56:04:0b:0f:9a:
         fa:1a:bf:56:1c:30:dd:43:76:f4:b7:c6:38:2c:d9:9a:92:1e:
         4d:bb:ac:d7:34:a2:da:13:c9:6c:7c:d5:f8:c3:63:13:88:f9:
         42:b5:18:3b:25:07:33:55:4f:ce:f5:f2:09:90:e1:25:07:ae:
         b6:52:d9:9e:b9:97:77:7a:9a:f5:25:74:41:4c:5b:19:b5:99:
         81:02:64:ee:f2:7c:e7:a3:26:e7:28:e4:b3:a2:60:c4:00:c9:
         ad:78:51:df:80:48:83:fe:fe:e5:c4:18:84:f8:65:9e:b5:93:
         36:35:28:8c
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAY/3C2F18MkNETwdh+vBbhA2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjA4MDg1MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTUwODJkYzY1NDZiY2RmMGY3MGE1MGZjOGU2NTc4OTUzMWYzMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTCkBmcIXLrOFNSbLqWOd1i22nSv
OOfiXa+S4xp98MLaHha7N8woO3+R2Hr5xqVWPee/+wBmu2bKEGPK327akl98Jh3r
iQAGdo8E8CSIG0xf61vylHpAKJ4rb0fZUdJA7BH8sB7SeD9uO82RtYIYg/TOSye+
o0l4lqMsqCyqKbB9iDS+hvGBDUsnBPlTWwTSU1DFLWT75Pm5I/1ZafD/E0xF9R0q
e8ByE5QuDs49kLOtTg48RsjMT7XktdwSU5SIX8r6fciBiuoWOlnIPaZoOF2hPH1g
maTeuRBziwMdkGpz4kA9EoqJ6AaD10WWhOZwBSnECYnbrYIwdHb0mt2kBQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFCpQgtxlRrzfD3ClD8jmV4lTHzFPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZkMTRl
ZWQ2LTQ4YmYtNDE2Ny04MWJiLWY2NzVkNmYxOWEzYS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmQx
NGVlZDYtNDhiZi00MTY3LTgxYmItZjY3NWQ2ZjE5YTNhLzAvMkE1MDgyREM2NTQ2
QkNERjBGNzBBNTBGQzhFNjU3ODk1MzFGMzE0Ri5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDRuUw
DQYJKoZIhvcNAQELBQADggEBAKd9xnHqvnPb6SAyFf124G6hGfP2aaFu3EIm3XLN
to6q2jdQ2aExItPkpo6ibVF6CLHDI6zN7dgkTqrarvQx8ZHWGH2d4MrAnlX+fCgy
wqlbTb+94I3M1gRg8EpHuzKEX3pL0+t8i2GFp81mi1Bt09OxQNfQ5AgeKn+e/FLa
Ojb2MOWSeaoR5hYLvs5WBAsPmvoav1YcMN1DdvS3xjgs2ZqSHk27rNc0otoTyWx8
1fjDYxOI+UK1GDslBzNVT8718gmQ4SUHrrZS2Z65l3d6mvUldEFMWxm1mYECZO7y
fOejJuco5LOiYMQAya14Ud+ASIP+/uXEGIT4ZZ61kzY1KIw=
-----END CERTIFICATE-----