Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer
File:                     CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer (raw, json)
Hash identifier:          AUP0MPS5otgo4jBKrk8w42tbLXSIIyGMBxySlkRhC8I=
Subject key identifier:   0A:06:F0:33:53:7B:BD:86:3B:BC:A2:B6:20:92:D8:DE:36:11:F6:51
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FC4D605C875AC8D7D7F3AB6B9EC0B6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:47:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 207919
                          IP: 45.133.52.0/22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:4d:60:5c:87:5a:c8:d7:d7:f3:ab:6b:9e:c0:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a06f033537bbd863bbca2b62092d8de3611f651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c7:ee:ef:a5:ce:d2:0b:cf:df:5f:5e:3f:15:
                    9a:ab:8c:e8:f8:59:d8:4d:6f:7f:70:99:b8:ba:53:
                    10:e1:68:62:d2:5b:ca:d6:2d:15:5d:29:39:d1:46:
                    0c:9b:82:57:a5:b1:0b:38:ac:e6:d1:b9:20:1f:94:
                    bf:f5:77:9a:96:1f:17:13:9c:8e:10:b8:5e:d9:03:
                    53:1e:0c:7d:0f:97:e4:cb:af:f3:a5:0f:7b:94:68:
                    c3:fd:e1:5c:e1:12:80:af:7d:4c:a4:13:f1:04:e0:
                    bd:e5:f2:3b:0b:6e:2e:74:24:69:a7:77:62:79:6a:
                    cb:ef:de:b7:76:c4:c9:47:43:f9:d0:68:1e:79:1e:
                    9e:5f:93:de:62:93:46:a0:00:8f:76:c6:3f:29:42:
                    ef:62:4e:c1:a8:db:68:8b:4a:ad:32:7b:c3:9f:f7:
                    fe:1e:92:aa:54:f6:9a:0b:52:6c:d9:7c:c9:90:1e:
                    8c:ad:66:4f:49:e2:21:2b:90:e7:39:2a:6d:1a:92:
                    72:62:ae:c2:c2:62:72:20:c0:65:a3:6e:d3:66:78:
                    59:e1:a8:08:4e:54:48:f4:6b:e7:a6:eb:fd:29:df:
                    ba:d7:e6:64:29:ae:32:6d:2e:fc:1a:e8:bd:65:b3:
                    66:e8:0d:63:7d:64:56:ae:7b:e1:b0:34:2e:fe:60:
                    7b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:06:F0:33:53:7B:BD:86:3B:BC:A2:B6:20:92:D8:DE:36:11:F6:51
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.52.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207919

    Signature Algorithm: sha256WithRSAEncryption
         74:4e:94:bf:99:dc:f3:a6:da:40:7c:96:88:45:a3:9b:9d:e6:
         e1:74:49:53:96:b5:35:dd:56:65:11:5f:f0:50:8d:98:c2:94:
         78:ae:92:ce:26:2e:9e:ba:28:28:60:9e:8b:4b:24:f3:46:03:
         6d:3a:b3:69:dd:e2:ea:42:c0:48:e7:e4:0c:57:ba:50:87:6b:
         16:9f:3c:a2:50:91:da:ca:c4:92:63:11:08:26:8d:3a:b4:69:
         29:8f:b7:a2:b7:3b:58:f2:95:07:4b:d9:12:2e:4f:6c:ba:36:
         c6:cb:fa:ad:97:16:06:ad:21:12:22:44:19:1f:8e:6e:27:58:
         07:70:88:e0:8f:8a:98:c0:55:d9:95:db:3e:55:11:e0:f1:80:
         64:30:52:0a:84:ed:2e:3c:bd:b9:7e:1e:92:b6:0a:98:87:f0:
         5c:55:e3:9a:ed:c1:ef:6f:59:f3:bc:ae:1a:e4:95:f7:3a:87:
         a2:8d:82:b2:7b:fc:83:53:b3:60:72:ca:e7:93:19:a7:e8:1e:
         1d:1d:f3:37:17:48:10:36:44:74:1c:24:10:ca:3b:33:59:f1:
         b1:ef:c4:4a:79:1c:46:b9:93:af:0e:ae:10:df:0b:f5:27:6e:
         87:5c:34:58:9b:43:68:60:db:75:94:d4:92:58:53:ff:87:d0:
         f6:dd:1c:a4
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQl/E1gXIdayNfX86trnsC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTA2ZjAzMzUzN2JiZDg2M2JiY2EyYjYyMDkyZDhkZTM2MTFmNjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcfu76XO0gvP319ePxWaq4zo+FnY
TW9/cJm4ulMQ4Whi0lvK1i0VXSk50UYMm4JXpbELOKzm0bkgH5S/9Xealh8XE5yO
ELhe2QNTHgx9D5fky6/zpQ97lGjD/eFc4RKAr31MpBPxBOC95fI7C24udCRpp3di
eWrL7963dsTJR0P50GgeeR6eX5PeYpNGoACPdsY/KULvYk7BqNtoi0qtMnvDn/f+
HpKqVPaaC1Js2XzJkB6MrWZPSeIhK5DnOSptGpJyYq7CwmJyIMBlo27TZnhZ4agI
TlRI9Gvnpuv9Kd+61+ZkKa4ybS78Gui9ZbNm6A1jfWRWrnvhsDQu/mB7WQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFAoG8DNTe72GO7yitiCS2N42EfZRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FjLzRjZDE2
Yi0yYTIzLTQ4YTktOWVlYi0yYTQ4MTNhMTMxMjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMvNGNkMTZi
LTJhMjMtNDhhOS05ZWViLTJhNDgxM2ExMzEyMC8xL0NnYndNMU43dllZN3ZLSzJJ
SkxZM2pZUjlsRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLYU0MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMsLzANBgkqhkiG9w0BAQsFAAOCAQEAdE6Uv5nc86baQHyWiEWjm53m4XRJU5a1
Nd1WZRFf8FCNmMKUeK6SziYunrooKGCei0sk80YDbTqzad3i6kLASOfkDFe6UIdr
Fp88olCR2srEkmMRCCaNOrRpKY+3orc7WPKVB0vZEi5PbLo2xsv6rZcWBq0hEiJE
GR+ObidYB3CI4I+KmMBV2ZXbPlUR4PGAZDBSCoTtLjy9uX4ekrYKmIfwXFXjmu3B
729Z87yuGuSV9zqHoo2Csnv8g1OzYHLK55MZp+geHR3zNxdIEDZEdBwkEMo7M1nx
se/ESnkcRrmTrw6uEN8L9Sduh1w0WJtDaGDbdZTUklhT/4fQ9t0cpA==
-----END CERTIFICATE-----