Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2nOjmg4EXd-u9QLx_ZHGzBZQlFk.cer
File:                     2nOjmg4EXd-u9QLx_ZHGzBZQlFk.cer (raw, json)
Hash identifier:          gHa9qnCC/SyRGLp6wwTWTDkt8vyDqaNFp+LnU3fz5SM=
Subject key identifier:   DA:73:A3:9A:0E:04:5D:DF:AE:F5:02:F1:FD:91:C6:CC:16:50:94:59
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3F12FCD7E0E9F2E3B13D822450BA4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/2nOjmg4EXd-u9QLx_ZHGzBZQlFk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:49:20 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 8605
                          IP: 2001:67c:2198::/48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:f1:2f:cd:7e:0e:9f:2e:3b:13:d8:22:45:0b:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da73a39a0e045ddfaef502f1fd91c6cc16509459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fc:8d:15:01:91:0a:2a:31:da:7d:8b:4f:8f:
                    0a:00:e8:a3:c5:d5:31:a4:66:19:f8:96:0d:bf:b0:
                    35:8a:48:a8:8c:29:de:ee:ea:77:97:67:0f:39:3b:
                    f9:2a:a6:48:2a:27:f5:4d:5b:9d:f0:be:2e:86:03:
                    15:29:4b:3a:4a:c5:3b:d7:13:d7:43:de:c3:d5:c6:
                    ee:0e:83:c6:a3:35:69:01:03:69:5e:01:13:5f:f3:
                    00:e8:7c:ee:85:df:a8:af:b9:1a:03:c6:c5:e2:45:
                    a5:87:a5:13:be:e4:2a:67:e8:34:79:8d:b5:22:f0:
                    18:7d:aa:fc:ec:e7:0b:1d:ff:27:c3:b7:e3:09:74:
                    8c:07:17:d0:a8:a8:00:84:16:ab:41:00:37:94:09:
                    43:d2:b7:f5:64:89:ba:29:38:26:04:3c:68:38:2e:
                    70:32:3f:44:85:e2:18:b5:ad:30:e6:33:27:86:ec:
                    62:39:90:d7:c5:c6:9a:93:33:8b:af:63:9f:11:72:
                    9d:55:43:32:8d:92:cc:8c:de:41:ce:3d:76:bf:23:
                    f4:fa:3f:2e:05:07:52:0d:08:cb:88:9d:38:01:2d:
                    48:df:19:41:c9:31:f3:fd:c2:f2:e5:0a:c4:7d:84:
                    9d:83:f6:ed:9a:45:0c:28:b3:d6:51:0f:56:d4:c8:
                    5d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:73:A3:9A:0E:04:5D:DF:AE:F5:02:F1:FD:91:C6:CC:16:50:94:59
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/2nOjmg4EXd-u9QLx_ZHGzBZQlFk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2198::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8605

    Signature Algorithm: sha256WithRSAEncryption
         a4:fa:a8:f9:26:de:c7:67:1e:31:de:ea:a2:de:dd:73:40:70:
         e9:bb:87:a0:43:d2:47:08:c2:a3:1f:bb:9c:39:2a:90:6e:f4:
         25:63:c6:4b:db:7f:9a:7d:ca:45:1c:b7:7c:08:a7:dc:78:4e:
         47:66:96:05:5e:17:6d:5e:c4:09:91:f8:a9:85:ac:bd:82:42:
         48:60:88:fa:19:83:5f:de:06:2a:87:60:5a:d5:5f:97:d5:b0:
         2b:32:87:b4:cc:86:67:c8:5a:9e:d4:b6:34:73:cc:50:06:90:
         fb:e1:c8:82:94:94:dd:2e:e3:66:c2:3f:f0:8d:02:e2:03:8b:
         18:b2:9c:42:49:4c:95:4e:75:97:e4:c6:11:ae:39:28:08:b1:
         eb:42:d4:22:e0:dd:9b:4a:9c:24:bc:43:8f:93:73:c6:7b:6c:
         94:6f:14:f3:f2:1e:13:b2:fe:5f:7b:85:b7:53:a5:d6:9a:c9:
         59:80:e3:26:43:8f:e9:2f:16:d0:e4:0c:b8:90:e5:3c:54:38:
         bb:19:0d:e6:4a:81:05:d8:61:97:6c:0d:c0:0f:94:eb:59:05:
         27:96:3a:78:a3:b4:30:7c:28:c4:70:80:30:2e:11:30:fd:f4:
         2a:71:83:60:1d:99:df:ae:1a:5c:e4:af:93:17:4a:0a:7f:3a:
         2e:b3:0f:34
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAZQks/EvzX4Ony47E9giRQukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTczYTM5YTBlMDQ1ZGRmYWVmNTAyZjFmZDkxYzZjYzE2NTA5NDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/yNFQGRCiox2n2LT48KAOijxdUx
pGYZ+JYNv7A1ikiojCne7up3l2cPOTv5KqZIKif1TVud8L4uhgMVKUs6SsU71xPX
Q97D1cbuDoPGozVpAQNpXgETX/MA6Hzuhd+or7kaA8bF4kWlh6UTvuQqZ+g0eY21
IvAYfar87OcLHf8nw7fjCXSMBxfQqKgAhBarQQA3lAlD0rf1ZIm6KTgmBDxoOC5w
Mj9EheIYta0w5jMnhuxiOZDXxcaakzOLr2OfEXKdVUMyjZLMjN5Bzj12vyP0+j8u
BQdSDQjLiJ04AS1I3xlByTHz/cLy5QrEfYSdg/btmkUMKLPWUQ9W1MhdEQIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFNpzo5oOBF3frvUC8f2RxswWUJRZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdmLzE3Mzdm
Yy1iMjIxLTRmZjAtYmZhNy01ZDY3NGNhZGRkNmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2YvMTczN2Zj
LWIyMjEtNGZmMC1iZmE3LTVkNjc0Y2FkZGQ2Zi8xLzJuT2ptZzRFWGQtdTlRTHhf
WkhHekJaUWxGay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCGYMBkGCCsGAQUFBwEIAQH/BAowCKAG
MAQCAiGdMA0GCSqGSIb3DQEBCwUAA4IBAQCk+qj5Jt7HZx4x3uqi3t1zQHDpu4eg
Q9JHCMKjH7ucOSqQbvQlY8ZL23+afcpFHLd8CKfceE5HZpYFXhdtXsQJkfiphay9
gkJIYIj6GYNf3gYqh2Ba1V+X1bArMoe0zIZnyFqe1LY0c8xQBpD74ciClJTdLuNm
wj/wjQLiA4sYspxCSUyVTnWX5MYRrjkoCLHrQtQi4N2bSpwkvEOPk3PGe2yUbxTz
8h4Tsv5fe4W3U6XWmslZgOMmQ4/pLxbQ5Ay4kOU8VDi7GQ3mSoEF2GGXbA3AD5Tr
WQUnljp4o7QwfCjEcIAwLhEw/fQqcYNgHZnfrhpc5K+TF0oKfzousw80
-----END CERTIFICATE-----