Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/i-IU2zN9cmofrF_7Lp2hBfLkICU.cer
File:                     i-IU2zN9cmofrF_7Lp2hBfLkICU.cer (raw, json)
Hash identifier:          huByQX7X3BLd0nFll6UOhafiA30ElVwBhPK9Y4y9cVg=
Subject key identifier:   8B:E2:14:DB:33:7D:72:6A:1F:AC:5F:FB:2E:9D:A1:05:F2:E4:20:25
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421446973E59E6C490186AD3A66B69F89
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/1451df30-3dfe-4502-a1cf-13435839da0a/0/8BE214DB337D726A1FAC5FFB2E9DA105F2E42025.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/1451df30-3dfe-4502-a1cf-13435839da0a/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:39 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 34628
                          AS: 34652
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:69:73:e5:9e:6c:49:01:86:ad:3a:66:b6:9f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8be214db337d726a1fac5ffb2e9da105f2e42025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ce:47:e9:76:8e:66:5a:8a:e1:7a:99:02:8c:
                    ab:8f:bc:4d:e0:10:d7:11:de:b5:c0:57:48:32:05:
                    de:dc:fc:20:2a:ab:2b:09:ca:ef:a5:5b:05:44:b3:
                    2d:50:c8:cf:96:65:4b:df:75:e6:81:cb:f9:3e:4d:
                    ef:60:0f:64:54:df:67:03:13:e0:20:f3:ff:7f:02:
                    48:b8:3c:e6:d8:ab:9d:ef:4e:fa:0c:71:d5:97:c2:
                    00:91:34:89:33:d0:e8:6b:86:e4:db:d6:2c:15:ea:
                    af:0e:fa:e6:6a:e1:23:14:1b:89:9b:22:48:0e:17:
                    d9:ad:6c:e0:6e:7f:23:5e:77:d0:c8:eb:08:89:25:
                    01:65:90:ab:2e:01:86:97:95:b8:cb:38:b2:1a:02:
                    04:a1:e0:bc:27:76:4e:ee:58:e1:cf:3a:31:95:05:
                    09:0b:38:df:28:9b:82:69:cf:d0:59:4e:38:3a:bf:
                    64:fe:80:fd:ce:d5:36:ee:d7:9d:2d:8c:6a:e9:6b:
                    a2:40:4a:b8:14:9a:05:84:59:f6:d6:60:2f:25:7e:
                    0a:01:8c:0e:53:cd:b4:71:be:5b:ba:25:76:4e:75:
                    e3:f0:e3:53:2f:4b:1c:3b:ff:01:8f:ff:52:9d:10:
                    1a:82:94:a3:95:a0:8b:64:f2:80:c1:61:9b:dc:25:
                    8c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:E2:14:DB:33:7D:72:6A:1F:AC:5F:FB:2E:9D:A1:05:F2:E4:20:25
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/1451df30-3dfe-4502-a1cf-13435839da0a/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/1451df30-3dfe-4502-a1cf-13435839da0a/0/8BE214DB337D726A1FAC5FFB2E9DA105F2E42025.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34628
                  34652

    Signature Algorithm: sha256WithRSAEncryption
         76:37:eb:16:33:b5:5c:fa:42:9a:46:b4:e3:29:ba:b0:b9:51:
         2a:3e:b0:8e:55:e8:9a:13:c9:0a:26:1b:ca:22:c4:7e:e9:0a:
         be:e9:30:b2:50:47:ce:fc:29:5b:af:fc:33:f4:f0:63:77:79:
         6b:0f:d9:72:ee:c2:de:13:80:76:20:ae:93:2e:6b:9b:36:f3:
         61:76:b6:7f:c9:af:98:c9:b0:06:02:82:54:d3:0c:12:0f:4b:
         e2:0e:6c:89:9e:46:37:e3:d8:26:61:52:86:a6:12:01:73:f9:
         a4:94:f6:b8:8f:ab:b3:35:55:20:72:1d:54:cd:e0:59:4a:14:
         fb:06:91:f7:26:16:b4:a8:61:2a:36:1a:a1:18:47:1d:78:8c:
         00:77:de:5c:78:e8:54:0d:2a:c9:92:8d:3c:dc:e0:84:8b:51:
         86:ce:e5:54:65:4d:cf:7a:75:83:33:ef:2a:fe:b6:94:aa:67:
         48:db:8a:ef:66:bb:d3:7f:7c:98:bd:38:b2:24:ef:d5:a2:bd:
         2b:84:1e:a6:70:34:96:57:6a:9b:92:95:ed:7a:83:33:32:2f:
         cd:e6:d3:77:96:53:9e:4a:e9:ec:b2:76:f2:e9:22:87:33:36:
         e8:c2:f6:45:7c:01:11:31:c2:45:e5:00:f7:22:cc:34:34:ea:
         58:bf:f5:dc
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQhRGlz5Z5sSQGGrTpmtp+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmUyMTRkYjMzN2Q3MjZhMWZhYzVmZmIyZTlkYTEwNWYyZTQyMDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis5H6XaOZlqK4XqZAoyrj7xN4BDX
Ed61wFdIMgXe3PwgKqsrCcrvpVsFRLMtUMjPlmVL33Xmgcv5Pk3vYA9kVN9nAxPg
IPP/fwJIuDzm2Kud7076DHHVl8IAkTSJM9Doa4bk29YsFeqvDvrmauEjFBuJmyJI
DhfZrWzgbn8jXnfQyOsIiSUBZZCrLgGGl5W4yziyGgIEoeC8J3ZO7ljhzzoxlQUJ
CzjfKJuCac/QWU44Or9k/oD9ztU27tedLYxq6WuiQEq4FJoFhFn21mAvJX4KAYwO
U820cb5buiV2TnXj8ONTL0scO/8Bj/9SnRAagpSjlaCLZPKAwWGb3CWMtQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIviFNszfXJqH6xf+y6doQXy5CAlMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzE0NTFk
ZjMwLTNkZmUtNDUwMi1hMWNmLTEzNDM1ODM5ZGEwYS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTQ1
MWRmMzAtM2RmZS00NTAyLWExY2YtMTM0MzU4MzlkYTBhLzAvOEJFMjE0REIzMzdE
NzI2QTFGQUM1RkZCMkU5REExMDVGMkU0MjAyNS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBCAEB/wQQMA6gDDAKAgMAh0QC
AwCHXDANBgkqhkiG9w0BAQsFAAOCAQEAdjfrFjO1XPpCmka04ym6sLlRKj6wjlXo
mhPJCiYbyiLEfukKvukwslBHzvwpW6/8M/TwY3d5aw/Zcu7C3hOAdiCuky5rmzbz
YXa2f8mvmMmwBgKCVNMMEg9L4g5siZ5GN+PYJmFShqYSAXP5pJT2uI+rszVVIHId
VM3gWUoU+waR9yYWtKhhKjYaoRhHHXiMAHfeXHjoVA0qyZKNPNzghItRhs7lVGVN
z3p1gzPvKv62lKpnSNuK72a70398mL04siTv1aK9K4QepnA0lldqm5KV7XqDMzIv
zebTd5ZTnkrp7LJ28ukihzM26ML2RXwBETHCReUA9yLMNDTqWL/13A==
-----END CERTIFICATE-----