Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HgNe0IrXUR-_4QfbH9qF4qEAtcY.cer
File:                     HgNe0IrXUR-_4QfbH9qF4qEAtcY.cer (raw, json)
Hash identifier:          6CkhXYKyiSd6uk8T6nfocNqiho8HobATGGcN3lueHRw=
Subject key identifier:   1E:03:5E:D0:8A:D7:51:1F:BF:E1:07:DB:1F:DA:85:E2:A1:00:B5:C6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FC288949DA10EAC28857DA2103545F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ef/6fbb99-d1f3-473e-9530-fe7dacc1c409/1/HgNe0IrXUR-_4QfbH9qF4qEAtcY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ef/6fbb99-d1f3-473e-9530-fe7dacc1c409/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:47:50 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 51191
                          IP: 91.232.96.0/23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:28:89:49:da:10:ea:c2:88:57:da:21:03:54:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e035ed08ad7511fbfe107db1fda85e2a100b5c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e4:47:47:6c:95:62:76:02:f6:74:5f:0d:70:
                    42:62:4e:7a:e4:b7:57:24:8a:0b:0d:61:7a:2d:c9:
                    e2:7a:0d:44:24:70:bf:1c:63:33:9b:93:0f:27:2f:
                    30:d3:d0:fa:95:aa:dd:69:51:a5:8e:f0:ec:4c:3a:
                    94:83:e1:12:57:0d:76:08:07:ac:cb:8c:93:79:df:
                    98:f2:78:56:ed:ce:24:99:08:cd:fd:c5:64:f7:6c:
                    58:b4:22:14:7e:9b:3c:25:75:d3:2d:46:73:d4:2a:
                    a3:b0:1b:cb:25:b3:2b:08:95:03:d2:21:c5:eb:d1:
                    37:b5:bc:f3:50:65:cc:29:52:23:68:5a:c3:c4:71:
                    da:d2:6a:6c:18:09:d7:34:dc:b0:b7:b9:7d:54:2a:
                    03:05:17:38:54:a2:75:dc:d4:1a:bb:5b:8f:eb:1a:
                    42:17:01:bc:c5:90:31:31:34:4c:f4:91:9e:52:94:
                    6c:14:dc:dc:6a:bd:e8:21:19:75:a5:5b:0c:b6:ba:
                    d8:4b:39:6b:f7:ff:db:0c:db:bb:f4:90:ec:d2:b0:
                    fc:87:03:66:cc:a9:b2:2f:78:46:9c:c7:1b:7e:60:
                    60:80:63:c1:64:21:4d:e4:38:24:0a:ed:37:3d:cc:
                    42:c3:e3:23:89:8d:c6:58:cd:0a:2f:8a:f3:2d:8d:
                    a4:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:03:5E:D0:8A:D7:51:1F:BF:E1:07:DB:1F:DA:85:E2:A1:00:B5:C6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6fbb99-d1f3-473e-9530-fe7dacc1c409/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6fbb99-d1f3-473e-9530-fe7dacc1c409/1/HgNe0IrXUR-_4QfbH9qF4qEAtcY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.96.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51191

    Signature Algorithm: sha256WithRSAEncryption
         54:d0:d8:33:71:88:97:42:cd:4d:25:aa:59:b6:ab:f4:c0:7a:
         82:02:32:7b:3a:ee:60:6e:2d:fc:6d:a0:0b:82:5a:08:a2:1e:
         b3:e6:de:d9:fa:68:c9:61:b3:73:d6:74:c3:9f:ef:62:35:1c:
         e0:40:09:cc:9b:ed:d9:a8:cb:5e:c4:db:bb:07:8c:25:ed:86:
         fe:c8:67:17:ea:a8:6d:74:9b:cd:97:0f:56:cd:64:f8:35:9e:
         b7:dd:b6:df:a8:11:ed:95:c1:07:ce:cc:67:0a:48:d7:06:ee:
         bf:e0:fe:47:34:20:d0:3b:9d:00:b4:5f:4c:c4:1d:f8:55:d9:
         3a:3e:5b:f3:72:77:56:99:b9:c6:0f:60:a2:aa:7d:10:e3:56:
         1d:af:54:be:41:5a:6b:90:82:45:49:a2:05:5d:23:e2:82:28:
         0e:d8:76:79:c6:b7:2d:0b:0d:a1:da:4c:08:3b:21:bf:d8:09:
         81:4f:53:1e:db:97:de:67:98:01:78:aa:87:2b:de:e6:5a:5d:
         cf:92:55:a5:2c:a5:a3:bb:57:82:31:24:b1:d2:65:85:8b:2e:
         35:81:08:cd:98:ca:ee:38:5e:d9:6e:92:84:e9:91:c6:94:ac:
         39:d1:29:35:bc:be:6e:f7:39:a7:a9:fc:6f:79:58:19:08:6a:
         b1:fc:35:e2
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQl/CiJSdoQ6sKIV9ohA1RfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTAzNWVkMDhhZDc1MTFmYmZlMTA3ZGIxZmRhODVlMmExMDBiNWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeRHR2yVYnYC9nRfDXBCYk565LdX
JIoLDWF6Lcnieg1EJHC/HGMzm5MPJy8w09D6lardaVGljvDsTDqUg+ESVw12CAes
y4yTed+Y8nhW7c4kmQjN/cVk92xYtCIUfps8JXXTLUZz1CqjsBvLJbMrCJUD0iHF
69E3tbzzUGXMKVIjaFrDxHHa0mpsGAnXNNywt7l9VCoDBRc4VKJ13NQau1uP6xpC
FwG8xZAxMTRM9JGeUpRsFNzcar3oIRl1pVsMtrrYSzlr9//bDNu79JDs0rD8hwNm
zKmyL3hGnMcbfmBggGPBZCFN5DgkCu03PcxCw+MjiY3GWM0KL4rzLY2k4wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFB4DXtCK11Efv+EH2x/aheKhALXGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VmLzZmYmI5
OS1kMWYzLTQ3M2UtOTUzMC1mZTdkYWNjMWM0MDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWYvNmZiYjk5
LWQxZjMtNDczZS05NTMwLWZlN2RhY2MxYzQwOS8xL0hnTmUwSXJYVVItXzRRZmJI
OXFGNHFFQXRjWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBW+hgMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDH9zANBgkqhkiG9w0BAQsFAAOCAQEAVNDYM3GIl0LNTSWqWbar9MB6ggIyezru
YG4t/G2gC4JaCKIes+be2fpoyWGzc9Z0w5/vYjUc4EAJzJvt2ajLXsTbuweMJe2G
/shnF+qobXSbzZcPVs1k+DWet92236gR7ZXBB87MZwpI1wbuv+D+RzQg0DudALRf
TMQd+FXZOj5b83J3Vpm5xg9goqp9EONWHa9UvkFaa5CCRUmiBV0j4oIoDth2eca3
LQsNodpMCDshv9gJgU9THtuX3meYAXiqhyve5lpdz5JVpSylo7tXgjEksdJlhYsu
NYEIzZjK7jhe2W6ShOmRxpSsOdEpNby+bvc5p6n8b3lYGQhqsfw14g==
-----END CERTIFICATE-----