Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/q5ddtDeN_KfClTuG07GNyLIY7Gs.cer
File:                     q5ddtDeN_KfClTuG07GNyLIY7Gs.cer (raw, json)
Hash identifier:          +IySP239ish25IqZ0sveX7C8ymZn7OaHKZRT2UObe/E=
Subject key identifier:   AB:97:5D:B4:37:8D:FC:A7:C2:95:3B:86:D3:B1:8D:C8:B2:18:EC:6B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194206858FACB802039B3227B2B57110750
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/q5ddtDeN_KfClTuG07GNyLIY7Gs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208283
                          AS: 208338
                          IP: 45.144.4.0/22
                          IP: 2a0e:e740::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:58:fa:cb:80:20:39:b3:22:7b:2b:57:11:07:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab975db4378dfca7c2953b86d3b18dc8b218ec6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8b:a2:43:7c:44:26:b4:dc:19:3c:49:0b:26:
                    38:f2:af:3e:ea:b7:a1:3d:be:70:52:e4:9f:18:a5:
                    48:bd:27:37:2f:f2:de:ae:4c:af:e1:95:56:7b:6e:
                    3c:34:46:7e:0d:d5:ea:57:f2:08:da:75:22:50:9f:
                    52:78:83:f9:1f:f3:0c:60:ff:a2:45:3c:9d:96:ad:
                    fc:b0:56:ae:23:ce:08:a6:fa:b4:97:1d:c3:89:5f:
                    d0:59:e8:25:51:39:0a:da:3d:26:1b:6a:33:dd:d7:
                    df:26:f2:5b:a3:d7:5c:79:7a:16:cc:bd:c0:61:99:
                    6f:09:44:aa:f9:42:bd:f6:a9:6e:18:4e:df:c4:64:
                    5f:68:d1:b8:6a:20:a2:b0:d2:a0:14:f1:0a:ad:51:
                    54:71:b0:45:a7:12:b1:54:b9:a9:dc:a7:16:a1:80:
                    46:01:b8:16:ae:0c:2a:39:a2:cd:50:eb:50:58:f5:
                    69:71:4e:7a:f6:03:21:3d:d2:d6:ab:f6:cc:a5:78:
                    d7:17:c9:e5:f2:90:07:58:ab:5f:77:eb:a8:31:b5:
                    a6:b3:f7:0f:73:4b:f7:83:27:c4:05:83:d7:9a:9d:
                    70:91:e7:b2:fd:98:52:8c:f8:14:32:df:28:e6:b9:
                    e8:3a:21:a9:53:c7:78:54:3a:fc:01:9c:da:9a:24:
                    52:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:97:5D:B4:37:8D:FC:A7:C2:95:3B:86:D3:B1:8D:C8:B2:18:EC:6B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/q5ddtDeN_KfClTuG07GNyLIY7Gs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.4.0/22
                IPv6:
                  2a0e:e740::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208283
                  208338

    Signature Algorithm: sha256WithRSAEncryption
         44:51:94:42:47:e8:81:2d:75:fe:51:94:31:af:1c:b9:4f:6e:
         45:94:3f:8e:5d:8e:47:de:92:d4:98:77:b1:c8:a9:24:e0:15:
         e6:63:61:04:f3:b4:10:cf:27:cf:65:8a:83:59:fd:23:01:1d:
         46:bf:9a:30:d2:1a:0e:f4:34:e6:17:b3:46:6c:f0:5a:25:67:
         0b:98:5e:82:27:f7:67:ba:7b:a6:6e:a5:c8:49:78:e7:85:f0:
         c7:49:55:7d:80:d5:42:91:e6:ca:35:57:07:a9:f9:67:04:7d:
         57:ee:0a:a7:11:fb:bf:d6:45:77:43:85:9c:9a:b6:d6:d5:8a:
         9b:df:22:0e:db:cb:fe:7a:40:ea:b2:16:90:41:cb:1a:b7:b1:
         2d:ee:e4:ec:9e:dd:48:22:1b:22:a0:41:45:69:18:2d:88:45:
         6c:08:7e:1a:41:e7:9d:08:8e:9d:a3:8f:ec:54:11:d7:b2:72:
         f4:42:fb:1c:e0:dc:41:92:0f:59:b9:0a:9e:05:df:f1:89:c2:
         0a:2a:ca:df:0a:7f:b3:b0:4e:8a:a1:e4:41:d1:ce:95:1c:4f:
         3f:70:e0:d6:71:01:c4:80:1e:7d:fe:32:44:bb:d9:33:f4:e2:
         f1:ef:11:40:8e:1d:3f:c5:31:05:bb:5f:95:9e:a9:91:e2:ee:
         6d:f5:7c:dc
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAZQgaFj6y4AgObMieytXEQdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjk3NWRiNDM3OGRmY2E3YzI5NTNiODZkM2IxOGRjOGIyMThlYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYuiQ3xEJrTcGTxJCyY48q8+6reh
Pb5wUuSfGKVIvSc3L/Lerkyv4ZVWe248NEZ+DdXqV/II2nUiUJ9SeIP5H/MMYP+i
RTydlq38sFauI84Ipvq0lx3DiV/QWeglUTkK2j0mG2oz3dffJvJbo9dceXoWzL3A
YZlvCUSq+UK99qluGE7fxGRfaNG4aiCisNKgFPEKrVFUcbBFpxKxVLmp3KcWoYBG
AbgWrgwqOaLNUOtQWPVpcU569gMhPdLWq/bMpXjXF8nl8pAHWKtfd+uoMbWms/cP
c0v3gyfEBYPXmp1wkeey/ZhSjPgUMt8o5rnoOiGpU8d4VDr8AZzamiRSeQIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFKuXXbQ3jfynwpU7htOxjciyGOxrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZjLzFjODYw
NS0xNjNlLTQyNDUtYWYxMi1jZGJkNTU2ZTE3NDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmMvMWM4NjA1
LTE2M2UtNDI0NS1hZjEyLWNkYmQ1NTZlMTc0OS8xL3E1ZGR0RGVOX0tmQ2xUdUcw
N0dOeUxJWTdHcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLZAEMA0EAgACMAcDBQMqDudAMB8GCCsGAQUF
BwEIAQH/BBAwDqAMMAoCAwMtmwIDAy3SMA0GCSqGSIb3DQEBCwUAA4IBAQBEUZRC
R+iBLXX+UZQxrxy5T25FlD+OXY5H3pLUmHexyKkk4BXmY2EE87QQzyfPZYqDWf0j
AR1Gv5ow0hoO9DTmF7NGbPBaJWcLmF6CJ/dnunumbqXISXjnhfDHSVV9gNVCkebK
NVcHqflnBH1X7gqnEfu/1kV3Q4WcmrbW1Yqb3yIO28v+ekDqshaQQcsat7Et7uTs
nt1IIhsioEFFaRgtiEVsCH4aQeedCI6do4/sVBHXsnL0Qvsc4NxBkg9ZuQqeBd/x
icIKKsrfCn+zsE6KoeRB0c6VHE8/cODWcQHEgB59/jJEu9kz9OLx7xFAjh0/xTEF
u1+VnqmR4u5t9Xzc
-----END CERTIFICATE-----