Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.cer
File:                     DHFh5iL2PA24Vo2MtMTXwNmAg0Y.cer (raw, json)
Hash identifier:          rqzkrFh97LcYW100QfmLkkHoINUcCE7U7VjR/Adi2Bk=
Subject key identifier:   0C:71:61:E6:22:F6:3C:0D:B8:56:8D:8C:B4:C4:D7:C0:D9:80:83:46
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0195708D166393A5D09CD3A9F5F75E75796D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 07 Mar 2025 12:20:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 210162
                          IP: 2a0d:9840::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:70:8d:16:63:93:a5:d0:9c:d3:a9:f5:f7:5e:75:79:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar  7 12:20:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c7161e622f63c0db8568d8cb4c4d7c0d9808346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3d:04:5c:bc:02:da:06:42:40:16:c7:4c:b8:
                    a5:b2:80:d9:43:be:d2:9a:0b:b8:87:12:c2:3d:b9:
                    6c:10:ce:52:94:72:95:65:22:cf:eb:02:14:3c:fc:
                    77:60:40:d4:f4:43:02:fb:8e:7c:ed:ee:3f:44:a0:
                    29:34:15:54:37:c3:de:fd:22:9c:41:f1:cf:61:f0:
                    cf:00:48:73:ef:d3:16:6a:d5:db:8b:d9:ab:e8:e5:
                    fb:ac:5a:d3:6f:ee:27:23:d3:ee:77:01:82:92:b2:
                    59:84:06:21:c6:ee:02:8a:f0:b9:da:6c:fe:9b:4d:
                    ab:28:c6:1a:8e:f9:d1:f4:54:cd:6a:ee:21:f0:1d:
                    de:92:54:d1:12:94:65:b1:e2:d9:68:78:3e:61:27:
                    49:6a:4c:6d:88:56:7a:d6:17:df:43:70:8e:75:48:
                    1d:d9:bc:61:51:e3:7f:32:46:01:0f:2a:af:4d:3e:
                    ca:0e:c3:b2:e6:b0:ca:a0:c2:73:3a:45:a3:e1:68:
                    47:d8:05:5b:02:34:c8:77:a4:0d:bb:8d:e1:31:fd:
                    bd:92:0b:d1:5b:d7:d9:90:bb:eb:f3:42:ec:d4:f5:
                    ec:c8:7e:08:a2:27:bd:b5:21:ac:97:06:8e:f7:15:
                    e7:ab:cf:e4:81:84:5d:4d:26:07:c0:80:3e:87:88:
                    b6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:71:61:E6:22:F6:3C:0D:B8:56:8D:8C:B4:C4:D7:C0:D9:80:83:46
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9840::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210162

    Signature Algorithm: sha256WithRSAEncryption
         5d:d8:c4:cf:0a:7b:df:2e:82:1b:a2:59:e6:a1:da:3b:91:8e:
         e8:2c:8a:e6:80:00:ff:ba:b1:73:76:fd:fa:3b:9c:17:1c:12:
         9e:eb:fe:db:f5:27:31:91:98:ff:ef:73:00:e5:7f:a1:16:07:
         1a:eb:56:ba:da:c9:34:a6:19:e6:c5:38:57:a5:9b:e0:c2:34:
         df:dc:d7:58:e3:e3:2c:85:85:65:98:10:1c:6e:9d:a4:15:45:
         d6:ab:34:6e:c5:76:62:d4:14:45:0b:09:5d:bb:c3:67:f2:4c:
         c7:d3:3e:e7:5d:3b:43:5d:0d:6d:81:8f:dc:3e:ca:cb:2c:68:
         2c:99:39:b4:66:ef:48:73:97:e7:c5:ca:eb:39:0a:35:47:35:
         b9:33:b0:43:a3:d0:0d:b2:43:19:54:11:11:a8:17:5e:7e:62:
         9e:5b:45:88:98:75:65:cf:16:c5:30:f6:1e:34:8a:4d:d3:b3:
         8c:84:7a:11:bd:f4:a8:6d:e7:c3:bc:69:7f:f7:50:e1:42:77:
         45:3a:9b:92:c5:e5:29:81:87:c4:94:96:06:2d:1a:a9:86:88:
         8b:6c:ba:3c:fa:04:4b:10:f8:30:d9:fb:46:55:32:30:1f:2e:
         2e:43:5d:db:b1:32:48:c1:44:5f:d5:04:0e:5e:40:6b:51:fd:
         e4:50:40:ed
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZVwjRZjk6XQnNOp9fdedXltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMzA3MTIyMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzcxNjFlNjIyZjYzYzBkYjg1NjhkOGNiNGM0ZDdjMGQ5ODA4MzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD0EXLwC2gZCQBbHTLilsoDZQ77S
mgu4hxLCPblsEM5SlHKVZSLP6wIUPPx3YEDU9EMC+4587e4/RKApNBVUN8Pe/SKc
QfHPYfDPAEhz79MWatXbi9mr6OX7rFrTb+4nI9PudwGCkrJZhAYhxu4CivC52mz+
m02rKMYajvnR9FTNau4h8B3eklTREpRlseLZaHg+YSdJakxtiFZ61hffQ3COdUgd
2bxhUeN/MkYBDyqvTT7KDsOy5rDKoMJzOkWj4WhH2AVbAjTId6QNu43hMf29kgvR
W9fZkLvr80Ls1PXsyH4Ioie9tSGslwaO9xXnq8/kgYRdTSYHwIA+h4i26wIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFAxxYeYi9jwNuFaNjLTE18DZgINGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UxLzAxZjA4
Yy0wNjVlLTRhYzEtOGU4MC1iMTVlM2YwOWUwMWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTEvMDFmMDhj
LTA2NWUtNGFjMS04ZTgwLWIxNWUzZjA5ZTAxYi8xL0RIRmg1aUwyUEEyNFZvMk10
TVRYd05tQWcwWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKg2YQDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDNPIwDQYJKoZIhvcNAQELBQADggEBAF3YxM8Ke98ughuiWeah2juRjugsiuaA
AP+6sXN2/fo7nBccEp7r/tv1JzGRmP/vcwDlf6EWBxrrVrrayTSmGebFOFelm+DC
NN/c11jj4yyFhWWYEBxunaQVRdarNG7FdmLUFEULCV27w2fyTMfTPuddO0NdDW2B
j9w+ysssaCyZObRm70hzl+fFyus5CjVHNbkzsEOj0A2yQxlUERGoF15+Yp5bRYiY
dWXPFsUw9h40ik3Ts4yEehG99Kht58O8aX/3UOFCd0U6m5LF5SmBh8SUlgYtGqmG
iItsujz6BEsQ+DDZ+0ZVMjAfLi5DXduxMkjBRF/VBA5eQGtR/eRQQO0=
-----END CERTIFICATE-----