Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KFJhMsT89rTN_3QCVWAsz53LBC8.cer
File:                     KFJhMsT89rTN_3QCVWAsz53LBC8.cer (raw, json)
Hash identifier:          y8252gnHFB8hsONLeaDzLe8FMJuRxvg6qkV6dzH3284=
Subject key identifier:   28:52:61:32:C4:FC:F6:B4:CD:FF:74:02:55:60:2C:CF:9D:CB:04:2F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420687666CE61FE224EE9CC73E17632F5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6d/83168b-6b40-4d12-8ed7-1f99317c6c94/1/KFJhMsT89rTN_3QCVWAsz53LBC8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6d/83168b-6b40-4d12-8ed7-1f99317c6c94/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:24 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 47337
                          IP: 46.16.152.0/21
                          IP: 195.182.53.0/24
                          IP: 2a02:2520::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:76:66:ce:61:fe:22:4e:e9:cc:73:e1:76:32:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28526132c4fcf6b4cdff740255602ccf9dcb042f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:be:47:d9:92:8b:18:33:b2:48:f7:b4:6b:01:
                    81:e7:d8:87:68:b7:82:f0:da:51:98:59:ae:17:29:
                    b1:de:b1:51:79:3a:e2:a0:50:5d:6b:81:12:99:f1:
                    91:63:37:76:e7:db:c6:8c:62:3d:dc:ed:30:22:1c:
                    68:f7:5b:5c:3d:b3:4e:28:23:d7:41:9f:2a:ea:fe:
                    39:e4:38:ff:4c:75:b6:ff:ba:9f:8a:d8:90:b3:7b:
                    f0:43:02:71:f7:4f:96:68:40:9a:35:e0:a3:a2:db:
                    3f:fe:68:3e:20:f4:bd:d5:56:db:25:ec:49:22:3e:
                    38:f6:b4:87:8b:47:8c:3c:e4:0c:38:54:1d:8b:41:
                    dc:9b:0b:ee:ba:a2:01:68:28:d6:8a:d8:d4:ca:19:
                    01:71:90:9f:f3:e0:08:87:16:97:1e:99:a9:02:09:
                    f6:0c:99:ce:68:2f:ca:63:21:4d:a7:bc:83:d0:95:
                    70:a5:24:6d:9d:93:f0:f1:99:59:c1:1a:11:8d:f4:
                    b4:71:2f:d2:59:72:53:e8:ec:92:72:72:2d:24:49:
                    e9:5b:2e:81:45:7f:c0:2b:26:24:f5:df:14:2f:6f:
                    53:4d:a4:a6:ff:5d:cb:35:50:b9:f9:7d:f6:9e:5d:
                    b0:a2:f2:b3:7f:fe:11:4d:17:fa:2c:b0:72:69:3f:
                    9f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:52:61:32:C4:FC:F6:B4:CD:FF:74:02:55:60:2C:CF:9D:CB:04:2F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/83168b-6b40-4d12-8ed7-1f99317c6c94/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/83168b-6b40-4d12-8ed7-1f99317c6c94/1/KFJhMsT89rTN_3QCVWAsz53LBC8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.152.0/21
                  195.182.53.0/24
                IPv6:
                  2a02:2520::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47337

    Signature Algorithm: sha256WithRSAEncryption
         56:71:19:28:04:f3:be:f4:5f:5c:64:24:ab:81:fb:c0:31:36:
         3b:d1:9a:fe:10:2d:e1:53:2b:cb:a9:3b:34:22:c4:fa:14:3a:
         a2:e3:d6:2c:68:dc:44:62:48:be:a7:0c:32:52:48:3c:55:64:
         5e:a8:49:6e:14:47:1b:ab:97:5b:63:5e:2d:1c:25:95:16:c5:
         c6:02:cf:c7:ec:e3:46:09:a6:04:e4:d7:b6:15:55:52:d6:31:
         33:81:8d:65:8c:a8:a3:f1:7c:de:c5:ed:cc:c8:82:6c:fc:44:
         fb:0d:e1:61:de:3f:a6:fc:20:62:98:c8:27:9f:92:3f:84:d4:
         3d:1b:26:90:19:78:20:e3:70:39:96:68:5b:af:af:83:a7:3e:
         21:4d:8a:b9:ec:07:15:f4:89:a8:0c:4d:31:04:06:b9:9a:b3:
         6a:fc:0a:ba:3b:1f:a7:0a:96:97:51:2f:26:4e:a6:4d:d2:b9:
         a3:5e:86:79:c0:e2:5b:5e:ff:ca:fd:9b:85:10:68:05:07:83:
         c3:98:68:1b:4b:bb:70:17:91:1d:96:3f:b0:f7:47:db:08:08:
         f2:8e:be:d8:a8:b9:17:dc:52:f4:d6:4b:93:a7:ff:55:d1:e5:
         71:e7:ab:07:60:a4:a5:d7:14:42:70:d8:7c:36:47:ef:2d:94:
         39:d1:07:2e
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZQgaHZmzmH+Ik7pzHPhdjL1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODUyNjEzMmM0ZmNmNmI0Y2RmZjc0MDI1NTYwMmNjZjlkY2IwNDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp75H2ZKLGDOySPe0awGB59iHaLeC
8NpRmFmuFymx3rFReTrioFBda4ESmfGRYzd259vGjGI93O0wIhxo91tcPbNOKCPX
QZ8q6v455Dj/THW2/7qfitiQs3vwQwJx90+WaECaNeCjots//mg+IPS91VbbJexJ
Ij449rSHi0eMPOQMOFQdi0HcmwvuuqIBaCjWitjUyhkBcZCf8+AIhxaXHpmpAgn2
DJnOaC/KYyFNp7yD0JVwpSRtnZPw8ZlZwRoRjfS0cS/SWXJT6OyScnItJEnpWy6B
RX/AKyYk9d8UL29TTaSm/13LNVC5+X32nl2wovKzf/4RTRf6LLByaT+fgwIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFChSYTLE/Pa0zf90AlVgLM+dywQvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZkLzgzMTY4
Yi02YjQwLTRkMTItOGVkNy0xZjk5MzE3YzZjOTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQvODMxNjhi
LTZiNDAtNGQxMi04ZWQ3LTFmOTkzMTdjNmM5NC8xL0tGSmhNc1Q4OXJUTl8zUUNW
V0FzejUzTEJDOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQDLhCYAwQAw7Y1MA0EAgACMAcDBQAqAiUgMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwC46TANBgkqhkiG9w0BAQsFAAOCAQEAVnEZ
KATzvvRfXGQkq4H7wDE2O9Ga/hAt4VMry6k7NCLE+hQ6ouPWLGjcRGJIvqcMMlJI
PFVkXqhJbhRHG6uXW2NeLRwllRbFxgLPx+zjRgmmBOTXthVVUtYxM4GNZYyoo/F8
3sXtzMiCbPxE+w3hYd4/pvwgYpjIJ5+SP4TUPRsmkBl4IONwOZZoW6+vg6c+IU2K
uewHFfSJqAxNMQQGuZqzavwKujsfpwqWl1EvJk6mTdK5o16GecDiW17/yv2bhRBo
BQeDw5hoG0u7cBeRHZY/sPdH2wgI8o6+2Ki5F9xS9NZLk6f/VdHlceerB2CkpdcU
QnDYfDZH7y2UOdEHLg==
-----END CERTIFICATE-----