Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OfhzzTk5IDx3io6q8Wg-lGSsNAA.cer
File:                     OfhzzTk5IDx3io6q8Wg-lGSsNAA.cer (raw, json)
Hash identifier:          EDvGUyw8lQ6kExgTYx2/owenH9oZQTVUssgm+nf6kjU=
Subject key identifier:   39:F8:73:CD:39:39:20:3C:77:8A:8E:AA:F1:68:3E:94:64:AC:34:00
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01956F0A814D34BD4E84FFC69EACBD31D503
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/OfhzzTk5IDx3io6q8Wg-lGSsNAA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 07 Mar 2025 05:18:34 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 194.32.80.0/23
                          IP: 194.32.148.0/23
                          IP: 2a0f:2c0::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6f:0a:81:4d:34:bd:4e:84:ff:c6:9e:ac:bd:31:d5:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar  7 05:18:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39f873cd3939203c778a8eaaf1683e9464ac3400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e1:1e:2c:cf:52:8f:19:b1:5b:4d:2c:64:b3:
                    c9:0d:0d:cf:a2:85:83:01:4d:00:58:82:e2:4c:90:
                    de:bc:e8:53:76:e8:7c:cc:1f:bd:e3:52:89:b0:3f:
                    1f:82:db:e8:1d:47:e0:77:81:5d:2a:ad:79:e9:b6:
                    26:04:00:9d:d3:08:0f:a0:ae:b4:79:b3:88:83:40:
                    a5:69:8f:b9:f6:a2:ab:ea:e8:64:31:85:d1:ed:5a:
                    31:9f:8c:35:f9:c7:65:11:ad:ab:e4:a1:08:9f:3e:
                    10:48:63:31:14:5c:da:b1:bd:d1:16:34:e8:4e:aa:
                    c8:49:ca:3a:4d:63:6a:23:b4:ca:f0:c2:bb:aa:32:
                    79:5e:f1:94:fa:8c:86:e2:43:30:1f:85:0c:1f:db:
                    70:60:34:5f:91:ae:fd:b3:9a:42:34:50:4e:55:68:
                    e9:07:36:8d:71:9d:ec:2c:a4:1c:cd:89:4f:7e:85:
                    5f:7e:ad:2a:7c:9c:01:a1:ca:e5:41:72:4b:9f:9d:
                    18:43:b0:6f:1a:f6:62:41:e8:bd:d4:e7:64:03:fd:
                    a3:ab:7e:aa:95:a2:25:5f:67:a3:c1:80:01:20:91:
                    48:45:49:c5:6f:cb:83:f8:12:0a:e1:a6:0a:3d:c6:
                    2a:7c:c0:f2:22:2e:f8:9c:3c:c7:1e:be:99:8b:00:
                    43:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:F8:73:CD:39:39:20:3C:77:8A:8E:AA:F1:68:3E:94:64:AC:34:00
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/OfhzzTk5IDx3io6q8Wg-lGSsNAA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.80.0/23
                  194.32.148.0/23
                IPv6:
                  2a0f:2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:d5:04:cd:7a:15:bb:db:10:af:64:c8:95:14:55:70:34:1d:
         4a:69:62:c8:76:0a:da:bf:bd:b1:59:f6:6f:26:32:67:13:53:
         8e:50:87:66:ac:d2:c4:9e:de:01:de:3c:63:96:91:6b:56:12:
         55:07:8b:76:df:f0:ea:51:99:72:6a:87:30:e4:39:dc:fa:99:
         c9:7b:e9:c3:17:f2:af:32:1b:b5:94:71:23:31:8c:1e:ae:45:
         ba:db:ff:32:aa:a2:b7:e5:9e:d3:43:dc:57:8b:46:df:8a:89:
         bb:7b:5b:51:20:79:92:0d:21:5a:a8:52:a9:c7:e3:9a:4a:ec:
         7b:a6:0b:79:42:35:c0:b9:cb:33:8b:58:e0:9c:17:93:86:14:
         b8:d2:4b:5b:d3:ce:ae:21:86:96:f2:a4:56:49:30:88:63:ee:
         72:18:67:46:db:37:7f:b3:df:2e:1c:e7:b0:40:de:54:3d:e6:
         5b:68:f1:b3:7d:b2:1b:ed:0b:dd:14:58:32:cc:bd:81:c4:24:
         7d:45:58:be:f9:3e:91:04:c3:25:27:61:4b:80:9f:8f:40:0d:
         a6:ad:1f:aa:6f:9a:13:85:17:03:8c:c4:61:e1:38:55:73:34:
         1f:76:03:2c:17:0c:a5:08:fc:e4:e1:9d:ad:cd:38:1d:cf:9d:
         c0:63:cf:59
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAZVvCoFNNL1OhP/Gnqy9MdUDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMzA3MDUxODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWY4NzNjZDM5MzkyMDNjNzc4YThlYWFmMTY4M2U5NDY0YWMzNDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOEeLM9SjxmxW00sZLPJDQ3PooWD
AU0AWILiTJDevOhTduh8zB+941KJsD8fgtvoHUfgd4FdKq156bYmBACd0wgPoK60
ebOIg0ClaY+59qKr6uhkMYXR7Voxn4w1+cdlEa2r5KEInz4QSGMxFFzasb3RFjTo
TqrISco6TWNqI7TK8MK7qjJ5XvGU+oyG4kMwH4UMH9twYDRfka79s5pCNFBOVWjp
BzaNcZ3sLKQczYlPfoVffq0qfJwBocrlQXJLn50YQ7BvGvZiQei91OdkA/2jq36q
laIlX2ejwYABIJFIRUnFb8uD+BIK4aYKPcYqfMDyIi74nDzHHr6ZiwBDxwIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFDn4c805OSA8d4qOqvFoPpRkrDQAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMyLzkwZTky
My0yZjJkLTQwODYtODE5Yy00ZTY1NWI1YjY0MjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIvOTBlOTIz
LTJmMmQtNDA4Ni04MTljLTRlNjU1YjViNjQyNy8xL09maHp6VGs1SUR4M2lvNnE4
V2ctbEdTc05BQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQBwiBQAwQBwiCUMA0EAgACMAcDBQMqDwLAMA0G
CSqGSIb3DQEBCwUAA4IBAQB41QTNehW72xCvZMiVFFVwNB1KaWLIdgrav72xWfZv
JjJnE1OOUIdmrNLEnt4B3jxjlpFrVhJVB4t23/DqUZlyaocw5Dnc+pnJe+nDF/Kv
Mhu1lHEjMYwerkW62/8yqqK35Z7TQ9xXi0bfiom7e1tRIHmSDSFaqFKpx+OaSux7
pgt5QjXAucszi1jgnBeThhS40ktb086uIYaW8qRWSTCIY+5yGGdG2zd/s98uHOew
QN5UPeZbaPGzfbIb7QvdFFgyzL2BxCR9RVi++T6RBMMlJ2FLgJ+PQA2mrR+qb5oT
hRcDjMRh4ThVczQfdgMsFwylCPzk4Z2tzTgdz53AY89Z
-----END CERTIFICATE-----