Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4p7ZqdG2tTg-v5RtX8VJgGElY-o.cer
File:                     4p7ZqdG2tTg-v5RtX8VJgGElY-o.cer (raw, json)
Hash identifier:          1EetBKQrtKBqabeK2zwwABvqmY+b8+DtpAykLeZPnN8=
Subject key identifier:   E2:9E:D9:A9:D1:B6:B5:38:3E:BF:94:6D:5F:C5:49:80:61:25:63:EA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228E20CE45E2708264347557A700D954
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/4p7ZqdG2tTg-v5RtX8VJgGElY-o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 197745
                          IP: 185.2.0.0/22
                          IP: 2a00:90c0::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:20:ce:45:e2:70:82:64:34:75:57:a7:00:d9:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e29ed9a9d1b6b5383ebf946d5fc54980612563ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d6:6d:8a:a1:0d:e1:aa:ba:cf:b7:43:97:0a:
                    1e:e8:bd:e9:d5:c2:16:d3:b3:49:13:63:f8:05:87:
                    f2:15:a1:77:6e:f8:5c:7e:bc:96:0b:36:26:8c:82:
                    93:9d:9a:ad:34:ac:31:6d:3f:f9:9c:eb:b4:a8:61:
                    25:5d:dd:a2:f0:ca:58:3a:d8:c0:90:af:78:d0:65:
                    5f:cc:3f:fd:ac:9b:a2:fb:84:cf:dd:16:de:dd:a8:
                    6e:fc:ff:54:d8:dc:6f:01:3a:38:a7:32:ee:45:09:
                    91:cb:3c:9b:fe:3b:af:c4:74:1f:9f:50:09:39:11:
                    e4:1b:c0:13:21:de:6e:92:13:d8:1c:76:5e:91:05:
                    79:7b:80:c3:be:6e:ce:98:a1:b3:af:83:e8:ac:e6:
                    60:35:80:8b:fa:74:25:bf:1b:6c:d8:92:3d:b5:9f:
                    fa:d4:07:e2:80:d1:f6:ce:01:2f:d8:a7:99:e4:77:
                    d7:88:e2:0b:a9:d2:99:7f:cf:40:99:c2:0b:ea:d5:
                    f4:d3:4f:9c:8e:b5:fd:2d:8b:2e:d1:37:d2:02:a5:
                    84:b7:2f:a3:42:b1:c8:95:20:f1:f2:85:e1:67:75:
                    99:62:ea:b9:26:0b:02:88:c7:ca:11:94:d2:91:55:
                    71:61:be:6d:1d:da:a0:2c:a4:63:fc:a9:8c:9d:db:
                    8c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:9E:D9:A9:D1:B6:B5:38:3E:BF:94:6D:5F:C5:49:80:61:25:63:EA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/4p7ZqdG2tTg-v5RtX8VJgGElY-o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.0.0/22
                IPv6:
                  2a00:90c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197745

    Signature Algorithm: sha256WithRSAEncryption
         6b:e5:af:16:ed:f7:4d:a5:7e:ed:db:fb:87:f2:4f:b6:16:e0:
         0d:ac:64:6b:4d:24:09:cc:b0:ae:13:81:e6:ee:bb:1e:80:12:
         22:92:39:d9:2f:2c:d1:ae:ce:7a:5f:b4:5b:0a:3d:f7:ff:ee:
         b2:8b:3d:fb:f7:4a:7d:ba:2f:15:cf:39:87:91:ed:e5:60:51:
         bb:89:76:71:b3:ec:33:3a:c0:ed:fc:65:25:02:4d:c7:7f:00:
         83:50:24:bc:12:d6:b9:f1:0f:2c:df:87:b0:0a:31:d6:3b:ab:
         76:a0:90:2a:01:fd:aa:c9:21:74:11:24:25:5d:72:8e:1d:13:
         44:bd:8e:ef:e1:61:7b:22:9f:1b:24:0c:78:7b:78:7d:5c:cc:
         fe:9f:b4:37:42:ec:b7:3c:39:7a:e6:93:00:cd:43:b0:ad:5e:
         53:94:4a:ec:99:99:82:8a:1c:0a:f9:1e:eb:1f:9d:c5:9d:61:
         c3:23:47:6b:d3:8a:94:5e:76:b0:3b:1d:f5:f5:a7:2c:0f:1c:
         a1:a0:c8:37:ae:49:9b:23:c2:f1:e5:9a:f8:fc:2f:f0:3c:63:
         5a:65:e7:f6:51:72:08:1b:11:e4:f0:ec:b8:3d:e9:33:09:9e:
         22:00:d0:0b:a0:a2:8d:3f:c7:30:c4:fe:a0:42:42:98:de:7a:
         2f:e5:19:7c
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQijiDOReJwgmQ0dVenANlUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjllZDlhOWQxYjZiNTM4M2ViZjk0NmQ1ZmM1NDk4MDYxMjU2M2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9ZtiqEN4aq6z7dDlwoe6L3p1cIW
07NJE2P4BYfyFaF3bvhcfryWCzYmjIKTnZqtNKwxbT/5nOu0qGElXd2i8MpYOtjA
kK940GVfzD/9rJui+4TP3Rbe3ahu/P9U2NxvATo4pzLuRQmRyzyb/juvxHQfn1AJ
ORHkG8ATId5ukhPYHHZekQV5e4DDvm7OmKGzr4PorOZgNYCL+nQlvxts2JI9tZ/6
1AfigNH2zgEv2KeZ5HfXiOILqdKZf89AmcIL6tX000+cjrX9LYsu0TfSAqWEty+j
QrHIlSDx8oXhZ3WZYuq5JgsCiMfKEZTSkVVxYb5tHdqgLKRj/KmMnduMaQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFOKe2anRtrU4Pr+UbV/FSYBhJWPqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2LzM4ZWM1
Yi0zMzZkLTRhMWMtYTg0YS1mNmM2ODU5YjMwZjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvMzhlYzVi
LTMzNmQtNGExYy1hODRhLWY2YzY4NTliMzBmMC8xLzRwN1pxZEcydFRnLXY1UnRY
OFZKZ0dFbFktby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuQIAMA0EAgACMAcDBQMqAJDAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMEcTANBgkqhkiG9w0BAQsFAAOCAQEAa+WvFu33TaV+
7dv7h/JPthbgDaxka00kCcywrhOB5u67HoASIpI52S8s0a7Oel+0Wwo99//usos9
+/dKfbovFc85h5Ht5WBRu4l2cbPsMzrA7fxlJQJNx38Ag1AkvBLWufEPLN+HsAox
1jurdqCQKgH9qskhdBEkJV1yjh0TRL2O7+FheyKfGyQMeHt4fVzM/p+0N0Lstzw5
euaTAM1DsK1eU5RK7JmZgoocCvke6x+dxZ1hwyNHa9OKlF52sDsd9fWnLA8coaDI
N65JmyPC8eWa+Pwv8DxjWmXn9lFyCBsR5PDsuD3pMwmeIgDQC6CijT/HMMT+oEJC
mN56L+UZfA==
-----END CERTIFICATE-----