Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Cajtl6vouAFN0xwsJE-fKPX5eiE.cer
File:                     Cajtl6vouAFN0xwsJE-fKPX5eiE.cer (raw, json)
Hash identifier:          7f8iSUXj8296ondoYtqV1Si31iERtPlmoBrOE4oeDPc=
Subject key identifier:   09:A8:ED:97:AB:E8:B8:01:4D:D3:1C:2C:24:4F:9F:28:F5:F9:7A:21
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019428253EC17B1B582C6935CCEB9C04035B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/Cajtl6vouAFN0xwsJE-fKPX5eiE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 17:51:57 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208663
                          IP: 45.91.0.0/22
                          IP: 2a0e:840::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:3e:c1:7b:1b:58:2c:69:35:cc:eb:9c:04:03:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 17:51:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09a8ed97abe8b8014dd31c2c244f9f28f5f97a21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0e:31:43:87:f0:94:cf:f6:44:75:3a:33:b7:
                    0f:23:05:e2:8f:0c:62:e3:12:c7:2a:df:cb:60:c0:
                    03:af:33:1e:90:11:7e:12:80:4c:13:49:fa:99:6e:
                    72:ce:47:af:49:6a:c9:31:16:3d:8f:89:1d:56:df:
                    2d:8c:60:03:c5:5f:d2:c3:ee:5e:c9:cf:1a:66:b4:
                    c3:88:9f:53:52:53:2a:8a:08:7c:b6:1c:39:0f:1e:
                    dc:c1:1f:8e:eb:b0:ec:1d:0f:fe:4a:4a:9c:13:5d:
                    90:42:2f:7e:ff:99:fc:11:f7:f9:36:13:a1:14:74:
                    d0:ce:5e:b7:75:2a:ce:b6:29:3c:51:fc:20:5a:51:
                    0b:53:dc:cf:c5:89:b8:62:3a:23:f0:b7:91:a1:fc:
                    41:ff:1d:9a:07:85:f1:2a:31:2e:3f:42:cb:1b:46:
                    bf:5c:c2:70:22:7a:bc:ce:0c:f6:b8:57:8e:d2:56:
                    46:20:72:f6:d4:7f:cd:d4:fc:2d:e5:cb:bf:18:1b:
                    4c:a7:2a:5f:e4:d7:82:b7:47:6f:0c:e6:6e:99:4a:
                    7b:cc:b8:f7:b7:0c:ba:50:84:75:c5:9b:0b:03:47:
                    75:27:39:9d:3c:49:3a:b6:08:22:0f:50:b9:6d:b9:
                    0d:96:18:65:eb:90:96:29:04:3f:34:9d:b9:81:6f:
                    dd:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:A8:ED:97:AB:E8:B8:01:4D:D3:1C:2C:24:4F:9F:28:F5:F9:7A:21
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/Cajtl6vouAFN0xwsJE-fKPX5eiE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.0.0/22
                IPv6:
                  2a0e:840::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208663

    Signature Algorithm: sha256WithRSAEncryption
         19:06:09:81:da:7d:0e:66:15:0a:7b:38:d0:41:0b:1a:c6:3b:
         48:02:ac:80:9a:70:64:15:bb:ea:63:4b:21:34:9b:a7:37:cf:
         da:4f:52:f8:65:73:0a:5b:83:f3:de:59:e2:1d:89:8b:d3:ad:
         94:de:fb:be:30:19:f1:27:a1:2e:0f:5d:10:26:ff:a8:41:3a:
         7e:0a:0c:d3:c2:bf:ae:8f:4d:f6:b4:9d:a9:88:93:64:06:e2:
         bf:06:cb:02:31:d8:58:d2:5e:aa:90:bc:98:e6:64:2f:50:27:
         62:5a:d7:9d:5e:2f:31:90:fd:f2:80:4a:57:38:fb:10:50:33:
         79:fc:bd:37:67:5b:26:f9:96:28:d2:59:47:fc:0e:e7:34:83:
         75:5b:3a:03:7a:82:66:18:56:94:28:79:66:eb:29:51:c4:21:
         b2:9a:cd:7f:66:bd:c2:74:50:4a:b1:86:d0:d6:20:6e:4b:b2:
         c4:ef:6c:96:b3:92:8d:57:c5:85:37:5a:8b:58:85:4f:70:03:
         55:eb:96:57:78:b6:ea:6c:17:bb:ab:84:92:51:65:b4:94:5d:
         b9:ca:dd:ea:a8:9b:26:bb:88:24:8b:5e:99:d9:32:7e:8a:3d:
         dd:73:7a:42:17:36:f7:8e:02:f6:4e:f5:fa:d3:5a:22:12:2a:
         03:94:cf:d8
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQoJT7BextYLGk1zOucBANbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTc1MTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWE4ZWQ5N2FiZThiODAxNGRkMzFjMmMyNDRmOWYyOGY1Zjk3YTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA4xQ4fwlM/2RHU6M7cPIwXijwxi
4xLHKt/LYMADrzMekBF+EoBME0n6mW5yzkevSWrJMRY9j4kdVt8tjGADxV/Sw+5e
yc8aZrTDiJ9TUlMqigh8thw5Dx7cwR+O67DsHQ/+SkqcE12QQi9+/5n8Eff5NhOh
FHTQzl63dSrOtik8UfwgWlELU9zPxYm4Yjoj8LeRofxB/x2aB4XxKjEuP0LLG0a/
XMJwInq8zgz2uFeO0lZGIHL21H/N1Pwt5cu/GBtMpypf5NeCt0dvDOZumUp7zLj3
twy6UIR1xZsLA0d1JzmdPEk6tggiD1C5bbkNlhhl65CWKQQ/NJ25gW/dQQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFAmo7Zer6LgBTdMcLCRPnyj1+XohMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNiLzlhN2Rk
YS0wZjY4LTQwODgtYTA3NS1lN2ZkZjc3NDFhNjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2IvOWE3ZGRh
LTBmNjgtNDA4OC1hMDc1LWU3ZmRmNzc0MWE2NS8xL0NhanRsNnZvdUFGTjB4d3NK
RS1mS1BYNWVpRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLVsAMA0EAgACMAcDBQMqDghAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMvFzANBgkqhkiG9w0BAQsFAAOCAQEAGQYJgdp9DmYV
Cns40EELGsY7SAKsgJpwZBW76mNLITSbpzfP2k9S+GVzCluD895Z4h2Ji9OtlN77
vjAZ8SehLg9dECb/qEE6fgoM08K/ro9N9rSdqYiTZAbivwbLAjHYWNJeqpC8mOZk
L1AnYlrXnV4vMZD98oBKVzj7EFAzefy9N2dbJvmWKNJZR/wO5zSDdVs6A3qCZhhW
lCh5ZuspUcQhsprNf2a9wnRQSrGG0NYgbkuyxO9slrOSjVfFhTdai1iFT3ADVeuW
V3i26mwXu6uEklFltJRducrd6qibJruIJItemdkyfoo93XN6Qhc2944C9k71+tNa
IhIqA5TP2A==
-----END CERTIFICATE-----