Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.cer
File:                     ZK7IAkyqEDqEEmlsfnL3eAPNhpU.cer (raw, json)
Hash identifier:          yPaEceqB4u9fDiylVHIw20300+5NU96UmHi+65WLytg=
Subject key identifier:   64:AE:C8:02:4C:AA:10:3A:84:12:69:6C:7E:72:F7:78:03:CD:86:95
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194236920B823A5C067460B7E275ED7AE7E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:47:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 211273
                          IP: 193.43.40.0/24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:20:b8:23:a5:c0:67:46:0b:7e:27:5e:d7:ae:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64aec8024caa103a8412696c7e72f77803cd8695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:39:0f:ad:82:3b:8e:2f:f1:ea:7f:bf:a8:1f:
                    35:d5:bd:eb:39:31:60:e5:9f:d7:f7:a6:be:85:e9:
                    be:91:90:31:47:12:35:8c:6d:25:5c:97:73:d0:a2:
                    c6:79:93:88:ea:7e:f1:33:db:ee:fd:e4:0c:64:b1:
                    99:c3:11:43:20:18:58:81:80:b3:43:a5:b0:78:78:
                    ef:6d:30:6c:68:d7:6d:a3:7d:bd:a6:aa:3b:c8:38:
                    8f:05:b8:64:42:a3:17:2f:6e:1f:bd:4d:db:40:ab:
                    3f:6a:5b:1e:57:0a:05:85:54:5f:c7:a2:6a:45:e1:
                    67:6f:12:b7:74:13:5e:a0:55:30:02:f2:05:2e:d9:
                    45:90:54:43:b2:7b:4b:38:52:86:f1:ef:e2:5b:0f:
                    09:ae:ed:3e:38:a2:b6:95:0a:9c:c7:ed:35:9b:c5:
                    43:6a:9a:63:ce:5e:e1:6a:eb:90:e2:32:cb:2a:93:
                    85:69:2b:73:1f:55:d4:4e:37:49:43:16:7f:2b:03:
                    6f:e0:6e:ec:72:82:f0:b9:eb:9e:12:96:1f:9f:43:
                    fe:37:c5:17:93:da:a9:8c:40:6a:e8:28:46:a6:0e:
                    13:bd:34:dc:8c:40:86:b2:e4:a1:e4:4e:f2:d3:1b:
                    fc:b8:e0:e9:04:cf:2f:09:6c:74:7f:cb:0d:a9:c6:
                    6f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:AE:C8:02:4C:AA:10:3A:84:12:69:6C:7E:72:F7:78:03:CD:86:95
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.40.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211273

    Signature Algorithm: sha256WithRSAEncryption
         85:a0:05:a9:11:ad:e6:d5:e6:b7:a5:6b:ac:35:72:5e:2d:4d:
         9b:03:93:18:55:25:ee:96:d0:21:76:2b:9c:7e:cc:b2:c2:d7:
         34:4e:f6:61:6a:69:0b:70:ef:82:eb:35:5c:b0:cd:52:ac:6e:
         1a:45:e6:70:4a:18:31:9c:04:67:04:c2:8f:a2:f2:2f:e6:1a:
         32:e3:33:f6:f4:5b:f7:38:a0:4a:2e:ac:d6:a8:38:87:af:d6:
         0d:81:52:70:6d:02:eb:e5:14:71:92:23:36:ad:77:62:aa:8b:
         76:49:f1:04:db:a3:a9:df:66:d9:c8:fd:78:7f:89:3c:d8:e3:
         ca:f5:cd:8a:19:86:91:f7:66:58:9b:96:bd:6b:e4:90:53:44:
         e5:ee:75:a3:95:8f:7f:58:ba:b6:99:6d:13:c6:da:fd:e4:d9:
         19:18:7d:ed:72:9c:65:ea:37:2f:2e:36:d7:91:b1:50:0f:65:
         38:0e:2f:6b:63:a9:9e:70:fd:0b:f3:d3:c0:ae:e8:c8:dc:92:
         74:dc:d4:89:3d:b1:8a:70:55:bb:1d:56:f9:43:5e:85:aa:bf:
         ab:88:9e:92:fc:9e:84:98:96:75:3c:20:68:92:7e:f3:c5:98:
         01:09:bf:9e:ee:e1:53:d8:2a:ea:b7:6e:da:f5:af:79:48:6a:
         66:e5:90:ab
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQjaSC4I6XAZ0YLfide165+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGFlYzgwMjRjYWExMDNhODQxMjY5NmM3ZTcyZjc3ODAzY2Q4Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTkPrYI7ji/x6n+/qB811b3rOTFg
5Z/X96a+hem+kZAxRxI1jG0lXJdz0KLGeZOI6n7xM9vu/eQMZLGZwxFDIBhYgYCz
Q6WweHjvbTBsaNdto329pqo7yDiPBbhkQqMXL24fvU3bQKs/alseVwoFhVRfx6Jq
ReFnbxK3dBNeoFUwAvIFLtlFkFRDsntLOFKG8e/iWw8Jru0+OKK2lQqcx+01m8VD
appjzl7hauuQ4jLLKpOFaStzH1XUTjdJQxZ/KwNv4G7scoLwueueEpYfn0P+N8UX
k9qpjEBq6ChGpg4TvTTcjECGsuSh5E7y0xv8uODpBM8vCWx0f8sNqcZvPwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGSuyAJMqhA6hBJpbH5y93gDzYaVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzExLzBmMjRk
ZC1lZjRhLTRkYmYtYjIwZC1iMDM5YzI0Yjk5Y2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTEvMGYyNGRk
LWVmNGEtNGRiZi1iMjBkLWIwMzljMjRiOTljYS8xL1pLN0lBa3lxRURxRUVtbHNm
bkwzZUFQTmhwVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwSsoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM5STANBgkqhkiG9w0BAQsFAAOCAQEAhaAFqRGt5tXmt6VrrDVyXi1NmwOTGFUl
7pbQIXYrnH7MssLXNE72YWppC3Dvgus1XLDNUqxuGkXmcEoYMZwEZwTCj6LyL+Ya
MuMz9vRb9zigSi6s1qg4h6/WDYFScG0C6+UUcZIjNq13YqqLdknxBNujqd9m2cj9
eH+JPNjjyvXNihmGkfdmWJuWvWvkkFNE5e51o5WPf1i6tpltE8ba/eTZGRh97XKc
Zeo3Ly4215GxUA9lOA4va2OpnnD9C/PTwK7oyNySdNzUiT2xinBVux1W+UNehaq/
q4iekvyehJiWdTwgaJJ+88WYAQm/nu7hU9gq6rdu2vWveUhqZuWQqw==
-----END CERTIFICATE-----