Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/suTT3a_E97-6XbYHoDPzYhCMqFA.cer
File:                     suTT3a_E97-6XbYHoDPzYhCMqFA.cer (raw, json)
Hash identifier:          pByg8SFNAz//7yPCUyf6IB/WW5hC9S1g4F0Svz20PM8=
Subject key identifier:   B2:E4:D3:DD:AF:C4:F7:BF:BA:5D:B6:07:A0:33:F3:62:10:8C:A8:50
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D65F771B3CA05732AE9852AAEA16E6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/e292649c-2f1e-4e3a-9731-5b4a6e276845/0/B2E4D3DDAFC4F7BFBA5DB607A033F362108CA850.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/e292649c-2f1e-4e3a-9731-5b4a6e276845/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:27 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214819
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5f:77:1b:3c:a0:57:32:ae:98:52:aa:ea:16:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2e4d3ddafc4f7bfba5db607a033f362108ca850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:27:58:e9:ff:7b:63:d4:fc:58:78:4e:da:e8:
                    f0:68:75:29:5f:c5:cd:87:76:6c:17:cd:5c:c3:58:
                    fe:d7:0a:02:7f:96:55:ff:82:39:7a:a4:4b:d7:db:
                    1b:5f:d9:6d:4f:9c:8e:1d:78:0d:4b:63:89:ba:f5:
                    7c:a5:8e:82:23:ea:8e:64:0a:2d:1f:f5:46:e9:f3:
                    aa:7c:4f:08:b2:21:ec:41:50:c3:9f:d8:4c:33:bc:
                    fa:d1:e8:74:7f:7c:c7:cc:cd:94:d0:d9:eb:84:83:
                    14:49:92:2d:bd:f7:8f:fa:db:55:5a:50:af:0e:e9:
                    4a:47:89:f0:6d:cb:fb:80:f6:95:a9:03:a1:d6:31:
                    97:94:74:59:ef:4e:30:ac:bf:4d:16:b9:9d:ae:e6:
                    68:34:df:ba:b7:b9:10:06:38:7f:73:48:92:64:7f:
                    b1:0d:35:5d:7c:44:13:e1:09:b3:f4:a3:96:fa:19:
                    37:39:b2:3f:42:1b:4d:20:40:31:23:a8:cc:59:d4:
                    fc:48:21:be:68:1d:6a:39:cb:ee:41:65:d9:2a:f1:
                    10:cf:d1:cf:5d:26:0b:1c:a6:ef:49:2e:59:19:47:
                    3b:ac:d8:b4:2f:31:0a:b6:07:72:d6:4b:37:ed:f9:
                    f4:40:88:92:c2:21:f5:42:2a:c1:e6:b9:07:25:6e:
                    69:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:E4:D3:DD:AF:C4:F7:BF:BA:5D:B6:07:A0:33:F3:62:10:8C:A8:50
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/e292649c-2f1e-4e3a-9731-5b4a6e276845/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/e292649c-2f1e-4e3a-9731-5b4a6e276845/0/B2E4D3DDAFC4F7BFBA5DB607A033F362108CA850.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214819

    Signature Algorithm: sha256WithRSAEncryption
         10:37:87:52:d6:91:b9:db:f3:f6:ca:7f:b6:48:f6:35:b2:b2:
         9a:f3:01:62:06:78:89:4e:5f:e0:e3:bb:e9:8f:ae:ec:36:2f:
         d2:c7:96:e7:8d:93:af:f5:e8:39:1f:6c:1f:2b:ca:3f:65:6c:
         b2:f2:b6:7e:7d:d7:92:9c:d4:4b:22:78:2a:10:32:d8:ca:b3:
         52:39:81:c4:0a:c5:ce:2c:2c:b0:c1:d7:9b:77:ce:0b:c1:97:
         34:07:85:e8:2d:6b:a2:fb:c4:e2:3f:00:79:1a:50:d2:d3:0b:
         ff:51:84:90:09:50:1b:08:df:42:6d:67:a7:98:4d:ce:0c:55:
         62:0d:7b:4b:21:de:26:58:7a:82:52:72:eb:84:1f:2b:50:e7:
         c0:26:d2:c5:9f:09:9d:f2:37:d5:00:27:52:84:d8:bb:5a:9a:
         23:cb:b3:b0:1b:b6:b3:9e:cb:1c:31:29:3d:e5:ea:da:df:eb:
         e3:f0:3c:4a:94:4f:b8:98:b4:d0:e4:01:7f:b7:72:bd:e0:13:
         78:55:a4:97:d3:02:e3:40:56:64:23:12:67:80:74:1d:6f:2d:
         19:e9:66:0d:ae:8f:d2:9c:4f:72:9f:21:60:41:ba:75:5e:85:
         dc:45:f9:0a:ad:75:89:fd:e5:ea:b5:b9:dc:fc:85:2d:94:32:
         0a:b4:6a:d2
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZQg1l93GzygVzKumFKq6hbmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmU0ZDNkZGFmYzRmN2JmYmE1ZGI2MDdhMDMzZjM2MjEwOGNhODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqydY6f97Y9T8WHhO2ujwaHUpX8XN
h3ZsF81cw1j+1woCf5ZV/4I5eqRL19sbX9ltT5yOHXgNS2OJuvV8pY6CI+qOZAot
H/VG6fOqfE8IsiHsQVDDn9hMM7z60eh0f3zHzM2U0NnrhIMUSZItvfeP+ttVWlCv
DulKR4nwbcv7gPaVqQOh1jGXlHRZ704wrL9NFrmdruZoNN+6t7kQBjh/c0iSZH+x
DTVdfEQT4Qmz9KOW+hk3ObI/QhtNIEAxI6jMWdT8SCG+aB1qOcvuQWXZKvEQz9HP
XSYLHKbvSS5ZGUc7rNi0LzEKtgdy1ks37fn0QIiSwiH1QirB5rkHJW5pvwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFLLk092vxPe/ul22B6Az82IQjKhQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2UyOTI2
NDljLTJmMWUtNGUzYS05NzMxLTViNGE2ZTI3Njg0NS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTI5
MjY0OWMtMmYxZS00ZTNhLTk3MzEtNWI0YTZlMjc2ODQ1LzAvQjJFNEQzRERBRkM0
RjdCRkJBNURCNjA3QTAzM0YzNjIxMDhDQTg1MC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDRyMw
DQYJKoZIhvcNAQELBQADggEBABA3h1LWkbnb8/bKf7ZI9jWysprzAWIGeIlOX+Dj
u+mPruw2L9LHlueNk6/16DkfbB8ryj9lbLLytn5915Kc1EsieCoQMtjKs1I5gcQK
xc4sLLDB15t3zgvBlzQHhegta6L7xOI/AHkaUNLTC/9RhJAJUBsI30JtZ6eYTc4M
VWINe0sh3iZYeoJScuuEHytQ58Am0sWfCZ3yN9UAJ1KE2LtamiPLs7AbtrOeyxwx
KT3l6trf6+PwPEqUT7iYtNDkAX+3cr3gE3hVpJfTAuNAVmQjEmeAdB1vLRnpZg2u
j9KcT3KfIWBBunVehdxF+QqtdYn95eq1udz8hS2UMgq0atI=
-----END CERTIFICATE-----