Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vAB4on8QAyY8TFYbAlB2by9Sbn0.cer
File:                     vAB4on8QAyY8TFYbAlB2by9Sbn0.cer (raw, json)
Hash identifier:          yZcfEXZg1wB/U2sPNLBmWMYr+zgHbDhxE4Sch4dc+hE=
Subject key identifier:   BC:00:78:A2:7F:10:03:26:3C:4C:56:1B:02:50:76:6F:2F:52:6E:7D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266B997F4BFFDDE29C3250A52CC3A4B3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/vAB4on8QAyY8TFYbAlB2by9Sbn0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:49:33 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214359
                          IP: 2001:3680::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:99:7f:4b:ff:dd:e2:9c:32:50:a5:2c:c3:a4:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc0078a27f1003263c4c561b0250766f2f526e7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7d:4c:6b:1c:22:63:b8:02:4b:24:3c:fb:58:
                    56:e8:e4:a8:5b:46:45:45:53:f9:fc:55:48:d1:26:
                    8c:87:6c:ee:1c:03:0c:3b:75:57:21:a6:5c:aa:10:
                    80:99:a3:08:f0:35:3e:77:4f:ba:57:f6:fc:07:3b:
                    4d:e9:39:bc:33:d8:fb:dd:de:f1:12:80:68:45:44:
                    d5:2b:20:2a:e7:e1:40:18:a3:70:c1:93:de:92:83:
                    ea:c4:f9:a1:f1:27:36:dc:0d:24:a5:39:f9:3c:de:
                    60:a2:ce:09:2b:e2:f8:29:26:49:c1:e1:50:ad:2b:
                    37:98:6a:ff:ad:98:a9:8e:ea:c3:9d:a6:c3:4e:2a:
                    ec:a8:f5:d6:98:5c:e5:be:10:fe:05:39:14:52:90:
                    ac:dd:2f:dc:1c:15:d9:ae:96:37:39:c3:f8:39:1a:
                    68:38:a3:24:44:c1:c2:a5:47:e5:e0:9a:d1:a1:8d:
                    1e:28:f6:07:53:c9:c9:d3:17:b0:25:10:bf:c5:57:
                    74:42:d4:e6:c2:9a:68:12:9b:8e:7c:01:35:9d:dd:
                    ae:a5:0d:d1:0f:4d:17:03:53:f1:3d:5b:5c:3d:fe:
                    76:53:82:db:9d:d2:4a:4a:13:7e:9b:ab:a0:b0:ac:
                    d7:c3:78:1a:2e:17:3f:53:dd:64:3f:34:ca:13:6c:
                    bf:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:00:78:A2:7F:10:03:26:3C:4C:56:1B:02:50:76:6F:2F:52:6E:7D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/vAB4on8QAyY8TFYbAlB2by9Sbn0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3680::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214359

    Signature Algorithm: sha256WithRSAEncryption
         7c:13:60:06:c3:c5:19:00:9c:a6:fd:2f:87:1e:9b:0b:e5:fe:
         a3:aa:61:e3:83:25:4e:70:0b:70:1e:6b:a4:19:61:d7:a1:f3:
         73:9a:7b:bf:b3:f4:4c:cb:29:84:e6:81:8d:d8:ab:bc:08:ac:
         ea:88:f1:87:06:7f:ff:e0:1a:e9:20:92:0a:e8:70:14:d7:b3:
         40:6a:d0:44:09:54:56:ae:54:4c:7f:34:8f:0b:10:da:33:81:
         1e:e0:66:ca:9c:aa:25:93:eb:9d:c7:03:0d:74:f8:c3:7d:3c:
         f8:2c:ac:3f:63:ee:1f:41:f1:5a:d2:dc:d8:68:e0:9f:d5:ec:
         62:d6:84:67:46:b5:95:b8:a2:03:fa:d7:6b:63:08:a6:5d:61:
         8c:44:02:86:32:03:b7:6f:98:5c:f3:91:c6:3b:1e:bf:e8:09:
         9d:fe:21:fc:36:8d:1e:35:53:4f:16:20:f6:3e:52:c3:3e:a1:
         fc:3a:4f:1a:d9:e6:17:ef:04:ef:3b:04:0a:66:14:43:03:08:
         7b:0f:4b:e2:0a:ba:e2:f8:0c:a7:1b:2e:05:2a:77:ec:1e:56:
         f5:12:ed:04:ad:8b:31:ad:d9:07:dc:24:e4:cf:26:9c:f2:54:
         a6:08:37:d8:e5:c9:c1:c8:5c:c5:07:81:e0:cf:8d:8c:84:20:
         84:93:43:8b
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZQma5l/S//d4pwyUKUsw6SzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzAwNzhhMjdmMTAwMzI2M2M0YzU2MWIwMjUwNzY2ZjJmNTI2ZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln1MaxwiY7gCSyQ8+1hW6OSoW0ZF
RVP5/FVI0SaMh2zuHAMMO3VXIaZcqhCAmaMI8DU+d0+6V/b8BztN6Tm8M9j73d7x
EoBoRUTVKyAq5+FAGKNwwZPekoPqxPmh8Sc23A0kpTn5PN5gos4JK+L4KSZJweFQ
rSs3mGr/rZipjurDnabDTirsqPXWmFzlvhD+BTkUUpCs3S/cHBXZrpY3OcP4ORpo
OKMkRMHCpUfl4JrRoY0eKPYHU8nJ0xewJRC/xVd0QtTmwppoEpuOfAE1nd2upQ3R
D00XA1PxPVtcPf52U4LbndJKShN+m6ugsKzXw3gaLhc/U91kPzTKE2y/SwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFLwAeKJ/EAMmPExWGwJQdm8vUm59MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVkL2MxNWJh
Ny1kODJmLTRkZGEtOTAzYy1jMTRhYWM0MWExYzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvYzE1YmE3
LWQ4MmYtNGRkYS05MDNjLWMxNGFhYzQxYTFjMi8xL3ZBQjRvbjhRQXlZOFRGWWJB
bEIyYnk5U2JuMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDIAE2gDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDRVcwDQYJKoZIhvcNAQELBQADggEBAHwTYAbDxRkAnKb9L4cemwvl/qOqYeOD
JU5wC3Aea6QZYdeh83Oae7+z9EzLKYTmgY3Yq7wIrOqI8YcGf//gGukgkgrocBTX
s0Bq0EQJVFauVEx/NI8LENozgR7gZsqcqiWT653HAw10+MN9PPgsrD9j7h9B8VrS
3Nho4J/V7GLWhGdGtZW4ogP612tjCKZdYYxEAoYyA7dvmFzzkcY7Hr/oCZ3+Ifw2
jR41U08WIPY+UsM+ofw6TxrZ5hfvBO87BApmFEMDCHsPS+IKuuL4DKcbLgUqd+we
VvUS7QStizGt2QfcJOTPJpzyVKYIN9jlycHIXMUHgeDPjYyEIISTQ4s=
-----END CERTIFICATE-----