Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/S0iUlRKz97-akbi8iX5-GKQSfN0.cer
File:                     S0iUlRKz97-akbi8iX5-GKQSfN0.cer (raw, json)
Hash identifier:          m/QSr2r1qZoMPzVJ4hIVRtjaobd+Jwyf9N/01cbHNbQ=
Subject key identifier:   4B:48:94:95:12:B3:F7:BF:9A:91:B8:BC:89:7E:7E:18:A4:12:7C:DD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221FB9E8C9C80335E201763FBDDCE56F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/7/4B48949512B3F7BF9A91B8BC897E7E18A4127CDD.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/7/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:12 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213915
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b9:e8:c9:c8:03:35:e2:01:76:3f:bd:dc:e5:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b48949512b3f7bf9a91b8bc897e7e18a4127cdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:36:10:02:06:a0:fb:b5:0e:16:f9:92:e8:ec:
                    80:bd:f8:11:5f:2f:1a:ff:38:ef:71:92:fe:e3:96:
                    a6:65:07:b6:56:d5:b3:8d:03:06:b4:26:e5:7c:d4:
                    f3:2c:8a:c4:8f:80:4d:b6:4a:15:b6:51:e2:ec:c3:
                    b0:52:2f:75:84:e5:7e:16:09:60:48:a9:21:c2:ad:
                    af:57:a2:a2:2f:ec:bb:fb:41:77:85:56:50:22:ac:
                    0c:5a:5d:ea:c0:8c:aa:b2:46:78:e9:33:15:40:b7:
                    72:85:34:4a:99:f8:3d:0c:01:6e:09:d0:14:ad:86:
                    cb:2e:cd:00:62:2f:e2:46:fd:00:a3:61:26:14:c6:
                    09:d0:52:b1:ac:4a:3d:5a:48:72:d9:81:ee:2c:ad:
                    d1:91:4d:79:fd:70:a4:67:bd:dd:3f:7b:2b:ac:86:
                    f4:05:d9:81:e4:bd:94:09:84:56:d5:cd:a5:df:00:
                    f5:8d:0a:68:6a:0d:0c:70:4e:7d:04:cf:6f:01:41:
                    95:44:a5:19:1e:15:e4:23:b6:20:2d:75:8b:56:af:
                    50:c0:a8:69:15:cf:48:f2:0d:08:c8:cd:72:d7:0d:
                    42:ea:2d:28:93:4c:60:34:30:12:7f:fb:da:7c:ab:
                    e7:2f:0f:21:fe:af:f1:70:23:bc:2e:86:b7:47:b4:
                    e7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:48:94:95:12:B3:F7:BF:9A:91:B8:BC:89:7E:7E:18:A4:12:7C:DD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/7/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/7/4B48949512B3F7BF9A91B8BC897E7E18A4127CDD.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213915

    Signature Algorithm: sha256WithRSAEncryption
         02:73:5e:cf:2e:31:f4:b5:9b:0d:c4:ac:89:26:3a:ad:e6:03:
         1a:7d:f5:db:9e:98:08:6f:fd:0c:15:62:51:4b:e4:09:54:64:
         da:6f:07:bb:c8:8d:3f:96:05:22:ff:4a:1f:f8:4b:c5:be:17:
         c3:f0:69:7c:41:1e:51:66:d9:a5:3d:58:73:66:19:1d:9b:69:
         b6:02:b5:79:4a:fa:64:7c:fd:c8:54:6a:17:d8:58:da:f8:7b:
         19:3e:6e:aa:89:e3:a3:22:48:86:27:5c:0e:44:93:91:1a:69:
         7b:bc:e4:b7:7f:0b:30:d5:bf:aa:ff:5f:fb:8b:ac:de:f1:65:
         df:37:7d:d7:f4:a6:14:3d:f9:dd:31:fc:76:78:b4:d9:fe:c0:
         8d:44:e3:49:76:fb:e5:46:f1:b2:e3:2e:9f:6f:83:65:24:e6:
         39:29:c8:3f:b5:40:d9:bd:a4:4d:6b:7f:3d:71:13:83:d7:07:
         21:ef:c9:92:c8:dd:86:36:b9:bb:8c:70:3f:33:8a:aa:ec:5f:
         44:89:8f:61:f7:8c:0b:28:b9:70:44:5b:05:c2:f2:64:c4:30:
         af:9d:97:b5:06:c4:37:58:c8:01:7f:0a:79:99:29:e7:1b:cb:
         1d:ec:94:33:45:1b:a2:a4:0b:80:bd:7f:f5:a2:80:fb:e3:92:
         44:ee:23:91
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZQiH7noycgDNeIBdj+93OVvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQ4OTQ5NTEyYjNmN2JmOWE5MWI4YmM4OTdlN2UxOGE0MTI3Y2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzYQAgag+7UOFvmS6OyAvfgRXy8a
/zjvcZL+45amZQe2VtWzjQMGtCblfNTzLIrEj4BNtkoVtlHi7MOwUi91hOV+Fglg
SKkhwq2vV6KiL+y7+0F3hVZQIqwMWl3qwIyqskZ46TMVQLdyhTRKmfg9DAFuCdAU
rYbLLs0AYi/iRv0Ao2EmFMYJ0FKxrEo9Wkhy2YHuLK3RkU15/XCkZ73dP3srrIb0
BdmB5L2UCYRW1c2l3wD1jQpoag0McE59BM9vAUGVRKUZHhXkI7YgLXWLVq9QwKhp
Fc9I8g0IyM1y1w1C6i0ok0xgNDASf/vafKvnLw8h/q/xcCO8Loa3R7TneQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFEtIlJUSs/e/mpG4vIl+fhikEnzdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljMGVk
MDQ2LWZhOTUtNDVjMy05MTQ2LTk3MWRiOGE5ZThiYi83LzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWMw
ZWQwNDYtZmE5NS00NWMzLTkxNDYtOTcxZGI4YTllOGJiLzcvNEI0ODk0OTUxMkIz
RjdCRjlBOTFCOEJDODk3RTdFMThBNDEyN0NERC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDQ5sw
DQYJKoZIhvcNAQELBQADggEBAAJzXs8uMfS1mw3ErIkmOq3mAxp99duemAhv/QwV
YlFL5AlUZNpvB7vIjT+WBSL/Sh/4S8W+F8PwaXxBHlFm2aU9WHNmGR2babYCtXlK
+mR8/chUahfYWNr4exk+bqqJ46MiSIYnXA5Ek5EaaXu85Ld/CzDVv6r/X/uLrN7x
Zd83fdf0phQ9+d0x/HZ4tNn+wI1E40l2++VG8bLjLp9vg2Uk5jkpyD+1QNm9pE1r
fz1xE4PXByHvyZLI3YY2ubuMcD8ziqrsX0SJj2H3jAsouXBEWwXC8mTEMK+dl7UG
xDdYyAF/CnmZKecbyx3slDNFG6KkC4C9f/WigPvjkkTuI5E=
-----END CERTIFICATE-----