Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KPev7E0_BvgNaHKm1iRs0B5z1qY.cer
File:                     KPev7E0_BvgNaHKm1iRs0B5z1qY.cer (raw, json)
Hash identifier:          QwzmJKDdm1EkKeIqJhwvcgzUmHmeKcG2UOK3RdAZg6Q=
Subject key identifier:   28:F7:AF:EC:4D:3F:06:F8:0D:68:72:A6:D6:24:6C:D0:1E:73:D6:A6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3322F0AA0A37A82FABFD09321A0B6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0e/217a30-8ee1-4913-a127-576d403c918f/1/KPev7E0_BvgNaHKm1iRs0B5z1qY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0e/217a30-8ee1-4913-a127-576d403c918f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:31 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 12431
                          IP: 213.147.0.0/19
                          IP: 2a02:5280::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:32:2f:0a:a0:a3:7a:82:fa:bf:d0:93:21:a0:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28f7afec4d3f06f80d6872a6d6246cd01e73d6a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:53:48:26:69:a3:2d:d0:f5:c8:d2:58:8a:a8:
                    67:1a:c4:2e:8b:56:d2:a4:24:f2:47:f1:52:49:de:
                    06:9e:b1:e5:c9:44:e5:c9:f1:e1:5c:c6:d7:49:b5:
                    9b:48:49:09:de:dc:d6:72:1f:da:7d:8a:e1:a0:1c:
                    14:ee:5a:08:de:0b:ff:33:31:01:b1:2f:ff:da:64:
                    65:3d:4d:00:dc:e6:8a:84:69:ca:9a:91:4e:1c:5b:
                    fc:44:ee:a1:45:25:20:6c:09:b8:b9:34:47:a5:b5:
                    1c:0d:43:13:df:c1:f8:f2:e1:c1:f2:a8:32:17:48:
                    fc:d2:ba:4d:97:b9:ff:e8:47:42:11:ff:90:cb:75:
                    fa:08:59:ea:87:93:f1:58:40:41:85:42:1a:38:d2:
                    cc:64:b1:be:8b:c0:ad:d6:4c:98:a7:bd:bd:69:bc:
                    24:5e:80:21:2f:e0:7f:fa:7a:c7:de:15:fe:ea:0f:
                    c8:0d:6e:48:e3:6e:5c:09:5b:2a:0a:50:4e:ac:db:
                    0e:74:46:cf:ba:bd:78:23:ce:a9:3a:6d:0a:4c:28:
                    a8:59:5e:c5:bf:6f:85:58:47:02:44:c9:08:3c:60:
                    09:a0:86:09:f8:6e:21:28:86:72:11:e9:e7:c8:61:
                    36:50:13:13:52:30:af:c3:57:eb:56:61:1c:63:f5:
                    1f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:F7:AF:EC:4D:3F:06:F8:0D:68:72:A6:D6:24:6C:D0:1E:73:D6:A6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/217a30-8ee1-4913-a127-576d403c918f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/217a30-8ee1-4913-a127-576d403c918f/1/KPev7E0_BvgNaHKm1iRs0B5z1qY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.147.0.0/19
                IPv6:
                  2a02:5280::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  12431

    Signature Algorithm: sha256WithRSAEncryption
         71:6e:9a:55:5c:6c:4e:1a:03:2e:87:00:cf:95:f0:86:61:50:
         6d:a2:f1:a8:30:de:05:55:3a:70:dd:9a:93:a3:c9:81:6f:f6:
         17:71:05:47:ba:44:89:89:fa:05:71:f1:c2:c0:b9:f5:16:aa:
         34:e0:28:c0:95:82:7e:c2:1c:21:4f:c6:2a:bc:1a:2f:ce:65:
         a5:2e:b8:c4:e0:cd:ee:77:14:5b:e4:11:45:86:e1:b1:90:f0:
         15:53:2f:9b:21:75:53:20:4f:d6:77:e4:e6:d3:ab:d5:7e:4e:
         8e:c1:56:48:ec:72:cc:aa:4a:bc:05:ab:0e:e2:b1:cc:c9:86:
         31:5c:65:0c:5a:16:f0:8e:f3:65:d8:75:dc:f5:49:a2:f5:83:
         4f:c0:af:81:bf:f0:d2:98:1e:c1:81:94:ec:4d:fd:3e:8f:6a:
         6a:d7:76:69:3d:9d:ec:a1:98:ef:82:34:0d:dd:82:46:5e:e0:
         10:3e:97:ca:1f:54:c1:48:28:fb:b5:9b:31:de:44:ad:a7:de:
         a4:b7:95:4d:58:2c:48:69:0f:1d:94:72:94:a2:34:e9:4c:28:
         69:0b:cb:4b:bc:e8:4e:e5:37:1f:d0:d5:d0:79:7a:b0:9f:cb:
         f7:84:85:5c:97:97:3f:37:5e:85:29:55:8d:c2:59:1b:9d:1b:
         2f:cd:ae:83
-----BEGIN CERTIFICATE-----
MIIFojCCBIqgAwIBAgISAZQkszIvCqCjeoL6v9CTIaC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGY3YWZlYzRkM2YwNmY4MGQ2ODcyYTZkNjI0NmNkMDFlNzNkNmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7FNIJmmjLdD1yNJYiqhnGsQui1bS
pCTyR/FSSd4GnrHlyUTlyfHhXMbXSbWbSEkJ3tzWch/afYrhoBwU7loI3gv/MzEB
sS//2mRlPU0A3OaKhGnKmpFOHFv8RO6hRSUgbAm4uTRHpbUcDUMT38H48uHB8qgy
F0j80rpNl7n/6EdCEf+Qy3X6CFnqh5PxWEBBhUIaONLMZLG+i8Ct1kyYp729abwk
XoAhL+B/+nrH3hX+6g/IDW5I425cCVsqClBOrNsOdEbPur14I86pOm0KTCioWV7F
v2+FWEcCRMkIPGAJoIYJ+G4hKIZyEennyGE2UBMTUjCvw1frVmEcY/Uf5wIDAQAB
o4ICrjCCAqowHQYDVR0OBBYEFCj3r+xNPwb4DWhyptYkbNAec9amMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBlLzIxN2Ez
MC04ZWUxLTQ5MTMtYTEyNy01NzZkNDAzYzkxOGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGUvMjE3YTMw
LThlZTEtNDkxMy1hMTI3LTU3NmQ0MDNjOTE4Zi8xL0tQZXY3RTBfQnZnTmFIS20x
aVJzMEI1ejFxWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQF1ZMAMA0EAgACMAcDBQAqAlKAMBkGCCsGAQUF
BwEIAQH/BAowCKAGMAQCAjCPMA0GCSqGSIb3DQEBCwUAA4IBAQBxbppVXGxOGgMu
hwDPlfCGYVBtovGoMN4FVTpw3ZqTo8mBb/YXcQVHukSJifoFcfHCwLn1Fqo04CjA
lYJ+whwhT8YqvBovzmWlLrjE4M3udxRb5BFFhuGxkPAVUy+bIXVTIE/Wd+Tm06vV
fk6OwVZI7HLMqkq8BasO4rHMyYYxXGUMWhbwjvNl2HXc9Umi9YNPwK+Bv/DSmB7B
gZTsTf0+j2pq13ZpPZ3soZjvgjQN3YJGXuAQPpfKH1TBSCj7tZsx3kStp96kt5VN
WCxIaQ8dlHKUojTpTChpC8tLvOhO5Tcf0NXQeXqwn8v3hIVcl5c/N16FKVWNwlkb
nRsvza6D
-----END CERTIFICATE-----