Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer
File:                     CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer (raw, json)
Hash identifier:          9GiZF6t6iwcM6McU07hw8wNB67SRdxeiHHXBTCeps9Y=
Subject key identifier:   08:BF:59:89:9B:7A:CA:30:A3:C7:D5:DB:93:B2:12:D9:87:09:C8:9B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3C7FCBCC0B02EC34726FFA533EA14
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:49:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 58308
                          IP: 91.109.120.0/21
                          IP: 185.144.152.0/22
                          IP: 2a01:66c0::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c7:fc:bc:c0:b0:2e:c3:47:26:ff:a5:33:ea:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08bf59899b7aca30a3c7d5db93b212d98709c89b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:58:b0:0e:ec:10:bf:4a:46:eb:3f:dd:98:4d:
                    17:7e:3b:83:7d:2c:25:6f:37:6d:30:83:72:cd:75:
                    a3:c7:51:c8:53:69:44:4a:2d:a4:ca:54:f8:25:80:
                    6e:49:51:49:06:28:1a:36:29:da:90:2c:01:4b:20:
                    e3:e0:da:2c:d1:d6:c5:b2:d4:58:c4:0f:43:e1:dc:
                    fd:1e:ec:aa:4f:1d:18:1a:8e:58:7d:8e:c3:f9:b8:
                    bd:c9:1d:62:8a:a9:1e:89:01:3b:b9:d6:7c:ea:44:
                    e8:75:4b:5c:8f:8e:6d:35:34:98:ca:71:46:4c:67:
                    93:f6:55:3a:45:30:95:87:7c:47:73:7a:fd:1a:1d:
                    cc:4c:d9:e7:38:38:25:a3:de:ec:08:3b:e6:c9:ae:
                    0b:75:44:97:f6:af:dc:cc:17:dc:4b:40:e8:d5:89:
                    0d:60:cc:d2:b0:e1:27:2e:c1:55:50:8d:b1:9f:35:
                    02:d9:82:de:f5:00:e2:be:a9:9d:02:2f:c0:59:f2:
                    5d:c5:0c:c8:7e:1f:e1:b8:ce:50:0b:e6:3f:a2:c7:
                    49:fb:2f:80:f2:52:8c:96:ee:9c:e2:bf:64:84:62:
                    28:00:26:3d:cf:f5:a7:4b:1d:94:59:ad:9a:1c:56:
                    5d:19:46:40:df:da:c2:77:39:6b:6b:5e:ca:9e:ee:
                    c4:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:BF:59:89:9B:7A:CA:30:A3:C7:D5:DB:93:B2:12:D9:87:09:C8:9B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.120.0/21
                  185.144.152.0/22
                IPv6:
                  2a01:66c0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  58308

    Signature Algorithm: sha256WithRSAEncryption
         19:a7:3f:ed:d8:aa:58:13:e7:2a:78:8d:59:ae:e2:25:fd:4e:
         dc:27:00:1b:e3:cc:d8:2a:d6:a2:64:68:7f:f7:55:d9:a3:7c:
         9b:22:3f:45:c2:e3:e5:19:e3:dd:b9:33:cb:92:99:e3:5a:b3:
         87:63:9e:81:ea:4d:ad:cf:6e:95:51:d0:43:87:56:8b:0b:41:
         4a:dd:04:ff:f3:fc:89:23:c7:da:0e:7d:c6:51:87:0d:ce:f5:
         9e:71:45:ea:c5:37:83:84:aa:aa:48:95:18:3b:a6:f1:19:05:
         0c:6e:f5:0e:ad:8e:ed:bb:bc:71:3f:7c:d6:26:ca:e5:c5:10:
         52:e9:bd:2c:5e:99:e4:bc:b3:9e:c4:30:6d:f8:38:ef:5c:de:
         e7:05:dc:af:2f:9e:0a:ce:04:d2:3b:3d:db:2b:ca:e4:f3:26:
         50:49:ff:74:7d:14:4d:5f:6b:1b:9f:e8:95:ca:dd:fd:0f:09:
         19:b9:d8:1d:3c:b6:9d:5d:64:85:a9:d8:fb:6f:fa:a8:8b:1f:
         f7:5a:dd:71:9b:e3:1b:38:89:a4:8e:4d:72:18:a0:ad:ee:9e:
         31:24:4d:f2:4a:01:26:87:7e:da:55:51:3f:4d:41:07:cd:ef:
         c0:2d:f9:e1:a2:d9:bb:46:ca:76:c9:f2:67:45:ed:ae:a1:a1:
         d0:31:d1:d1
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZQks8f8vMCwLsNHJv+lM+oUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGJmNTk4OTliN2FjYTMwYTNjN2Q1ZGI5M2IyMTJkOTg3MDljODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApViwDuwQv0pG6z/dmE0XfjuDfSwl
bzdtMINyzXWjx1HIU2lESi2kylT4JYBuSVFJBigaNinakCwBSyDj4Nos0dbFstRY
xA9D4dz9HuyqTx0YGo5YfY7D+bi9yR1iiqkeiQE7udZ86kTodUtcj45tNTSYynFG
TGeT9lU6RTCVh3xHc3r9Gh3MTNnnODglo97sCDvmya4LdUSX9q/czBfcS0Do1YkN
YMzSsOEnLsFVUI2xnzUC2YLe9QDivqmdAi/AWfJdxQzIfh/huM5QC+Y/osdJ+y+A
8lKMlu6c4r9khGIoACY9z/WnSx2UWa2aHFZdGUZA39rCdzlra17Knu7ErwIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFAi/WYmbesowo8fV25OyEtmHCcibMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4L2NlMTY3
Ny1kOTI3LTQ0YzYtYTkwOS0zYjJiNTFhNWUzZGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvY2UxNjc3
LWQ5MjctNDRjNi1hOTA5LTNiMmI1MWE1ZTNkYS8xL0NMOVppWnQ2eWpDang5WGJr
N0lTMlljSnlKcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQDW214AwQCuZCYMA0EAgACMAcDBQAqAWbAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwDjxDANBgkqhkiG9w0BAQsFAAOCAQEAGac/
7diqWBPnKniNWa7iJf1O3CcAG+PM2CrWomRof/dV2aN8myI/RcLj5Rnj3bkzy5KZ
41qzh2OegepNrc9ulVHQQ4dWiwtBSt0E//P8iSPH2g59xlGHDc71nnFF6sU3g4Sq
qkiVGDum8RkFDG71Dq2O7bu8cT981ibK5cUQUum9LF6Z5LyznsQwbfg471ze5wXc
ry+eCs4E0js92yvK5PMmUEn/dH0UTV9rG5/olcrd/Q8JGbnYHTy2nV1khanY+2/6
qIsf91rdcZvjGziJpI5Nchigre6eMSRN8koBJod+2lVRP01BB83vwC354aLZu0bK
dsnyZ0XtrqGh0DHR0Q==
-----END CERTIFICATE-----