Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OJwTxrPB3GsiFQNaZC8e-5sA3fU.cer
File:                     OJwTxrPB3GsiFQNaZC8e-5sA3fU.cer (raw, json)
Hash identifier:          TdT8Gn96MZP1/bJdp8bLNdy/ZNvc8nmL6yts0RriFTE=
Subject key identifier:   38:9C:13:C6:B3:C1:DC:6B:22:15:03:5A:64:2F:1E:FB:9B:00:DD:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266BCF8588B34851596B35679280031C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/OJwTxrPB3GsiFQNaZC8e-5sA3fU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:49:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 206125
                          IP: 2001:67c:ecc::/48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:cf:85:88:b3:48:51:59:6b:35:67:92:80:03:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=389c13c6b3c1dc6b2215035a642f1efb9b00ddf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:30:19:08:53:f9:53:d1:20:43:be:3f:21:59:
                    12:11:6d:88:53:30:46:82:58:95:74:9b:aa:0e:2c:
                    92:4e:7a:17:b3:e3:c5:00:c1:17:6a:f6:a1:43:5f:
                    b0:be:d3:f1:9f:d3:2c:ad:8d:af:a4:4e:6d:d0:0e:
                    47:37:c0:2c:24:cd:ad:1d:97:af:a2:79:f2:9c:13:
                    fa:2b:9d:b8:6f:3e:d7:40:62:49:01:eb:5a:b0:77:
                    67:0f:ef:f5:b1:90:fd:57:30:26:9f:9e:00:72:2e:
                    a5:c9:3b:5f:9c:b5:9a:f1:2c:de:2d:0d:1a:34:63:
                    8c:6b:50:ee:20:3f:6e:50:26:e0:4a:38:21:c7:48:
                    cc:4e:65:18:9c:a2:c3:b5:b2:8d:ef:52:af:34:3e:
                    59:29:35:83:31:9b:87:2d:a6:f2:8a:cd:c0:8e:5c:
                    f1:77:86:49:f9:34:09:ab:0b:33:8e:bb:d4:41:bf:
                    28:33:56:2e:15:df:b4:44:d2:b8:68:fb:f4:ee:19:
                    9b:ef:f5:09:84:1c:a1:b8:92:88:65:2c:43:cd:d2:
                    d6:b5:c7:92:33:40:5e:cb:df:cd:0a:d5:4e:47:dc:
                    fe:36:c3:fc:0a:7f:27:c5:ea:01:c7:f1:15:c4:c0:
                    ea:8a:f4:b8:1d:22:08:73:88:de:e8:34:d9:e1:af:
                    6d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:9C:13:C6:B3:C1:DC:6B:22:15:03:5A:64:2F:1E:FB:9B:00:DD:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/80eb21-af20-48eb-a2dc-6210eab05b70/1/OJwTxrPB3GsiFQNaZC8e-5sA3fU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ecc::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206125

    Signature Algorithm: sha256WithRSAEncryption
         53:af:5e:44:c1:4c:80:2d:38:44:7d:7a:e5:a0:42:9c:4a:02:
         c2:b6:f3:a6:6d:0c:aa:84:55:5d:73:4e:5b:e0:49:16:e0:b1:
         64:a9:4f:f9:0c:9b:71:6a:22:ff:e8:91:7c:c2:ec:20:c8:30:
         04:98:3e:2d:df:54:88:2e:4b:4e:fd:93:df:5e:45:70:cb:b6:
         ce:73:98:8d:f4:18:d0:db:80:2d:ad:28:bc:2f:6f:c4:dc:b7:
         c2:ac:33:50:78:92:ed:80:d9:a7:99:1c:fa:e2:83:2d:55:c0:
         2e:73:ed:f4:8e:dd:88:ef:34:16:20:4d:01:b2:b5:07:d1:a8:
         75:bd:02:5b:a2:de:23:21:1e:91:95:a2:1a:c4:e2:13:5d:80:
         58:0e:35:8a:c2:e3:5c:f3:34:90:ff:d4:3c:d0:9c:7b:45:88:
         71:a7:24:b0:aa:db:64:4f:fa:7b:a0:3d:11:ff:51:c2:68:13:
         1c:0b:43:28:87:0e:a2:1d:09:b2:c3:bf:a2:ad:f3:e0:39:39:
         b9:2b:fd:d4:a8:41:fd:83:0f:b8:ea:21:c2:82:da:ed:2e:54:
         63:24:60:59:40:d7:46:b2:91:e8:5d:c7:6f:3a:e7:54:f5:2a:
         cf:13:50:e0:f8:1c:2c:64:d9:af:94:17:de:2c:42:7c:6a:32:
         11:4f:b3:47
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQma8+FiLNIUVlrNWeSgAMcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODljMTNjNmIzYzFkYzZiMjIxNTAzNWE2NDJmMWVmYjliMDBkZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8DAZCFP5U9EgQ74/IVkSEW2IUzBG
gliVdJuqDiySTnoXs+PFAMEXavahQ1+wvtPxn9MsrY2vpE5t0A5HN8AsJM2tHZev
onnynBP6K524bz7XQGJJAetasHdnD+/1sZD9VzAmn54Aci6lyTtfnLWa8SzeLQ0a
NGOMa1DuID9uUCbgSjghx0jMTmUYnKLDtbKN71KvND5ZKTWDMZuHLabyis3Ajlzx
d4ZJ+TQJqwszjrvUQb8oM1YuFd+0RNK4aPv07hmb7/UJhByhuJKIZSxDzdLWtceS
M0Bey9/NCtVOR9z+NsP8Cn8nxeoBx/EVxMDqivS4HSIIc4je6DTZ4a9t3wIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFDicE8azwdxrIhUDWmQvHvubAN31MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJkLzgwZWIy
MS1hZjIwLTQ4ZWItYTJkYy02MjEwZWFiMDViNzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvODBlYjIx
LWFmMjAtNDhlYi1hMmRjLTYyMTBlYWIwNWI3MC8xL09Kd1R4clBCM0dzaUZRTmFa
QzhlLTVzQTNmVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA7MMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMlLTANBgkqhkiG9w0BAQsFAAOCAQEAU69eRMFMgC04RH165aBCnEoCwrbz
pm0MqoRVXXNOW+BJFuCxZKlP+QybcWoi/+iRfMLsIMgwBJg+Ld9UiC5LTv2T315F
cMu2znOYjfQY0NuALa0ovC9vxNy3wqwzUHiS7YDZp5kc+uKDLVXALnPt9I7diO80
FiBNAbK1B9Godb0CW6LeIyEekZWiGsTiE12AWA41isLjXPM0kP/UPNCce0WIcack
sKrbZE/6e6A9Ef9RwmgTHAtDKIcOoh0JssO/oq3z4Dk5uSv91KhB/YMPuOohwoLa
7S5UYyRgWUDXRrKR6F3HbzrnVPUqzxNQ4PgcLGTZr5QX3ixCfGoyEU+zRw==
-----END CERTIFICATE-----