Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MIVZam3hzL6mZbRWxNLM0JZJmx8.cer
File:                     MIVZam3hzL6mZbRWxNLM0JZJmx8.cer (raw, json)
Hash identifier:          bDsUUP768FW6Vyc49wg0HtRdkFkSUOKd5gjTy7e1Zyg=
Subject key identifier:   30:85:59:6A:6D:E1:CC:BE:A6:65:B4:56:C4:D2:CC:D0:96:49:9B:1F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0195B3E6CAF488908B419BF76A002A412CC1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/dc/0f65fe-262f-474d-8cb6-8ccb674a3875/1/MIVZam3hzL6mZbRWxNLM0JZJmx8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/dc/0f65fe-262f-474d-8cb6-8ccb674a3875/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 20 Mar 2025 14:13:21 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 85.12.64.0 -- 85.12.111.255
                          IP: 85.12.120.0/22
                          IP: 85.12.127.0/24
                          IP: 2a0f:bdc0::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b3:e6:ca:f4:88:90:8b:41:9b:f7:6a:00:2a:41:2c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 20 14:13:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3085596a6de1ccbea665b456c4d2ccd096499b1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:08:fd:8a:ec:d2:74:f4:65:2c:51:73:c6:45:
                    e8:bf:0f:db:3d:c9:66:f4:14:79:1e:da:ea:fa:f9:
                    8a:ac:34:35:6e:30:df:93:71:f0:a7:57:39:bd:b0:
                    d0:c8:33:18:03:99:37:a3:77:7f:85:32:b9:eb:42:
                    4f:c2:76:c8:14:c8:c8:53:76:fc:12:f8:7a:dd:aa:
                    47:d3:87:e5:40:d8:a6:16:42:a7:ad:f3:61:2f:13:
                    b8:33:0c:08:1f:25:05:11:ca:c4:a1:32:84:da:35:
                    14:00:86:6b:8f:0e:1f:0e:7d:36:6a:68:5c:b1:f6:
                    f2:a8:97:2d:4e:78:32:5e:bb:9d:b3:a8:1b:27:e7:
                    b8:09:3b:28:54:34:ce:5d:f3:79:49:2c:bd:23:47:
                    9a:76:21:0a:f7:10:8c:61:b5:57:9c:d0:81:73:ea:
                    6a:83:e1:a9:65:c4:48:5d:a0:b5:88:7e:2e:c3:33:
                    8b:c4:e5:85:05:10:6e:17:d6:3b:da:19:65:18:fe:
                    7a:0b:80:df:ed:14:10:af:fb:23:c0:3a:54:84:92:
                    1d:fc:7a:7a:54:8f:76:64:59:99:f9:8d:bd:42:5f:
                    9d:23:25:ae:bd:cb:92:48:9e:7c:13:8a:87:7a:64:
                    d7:a9:aa:14:20:34:6b:4e:89:1c:81:37:9e:86:22:
                    a3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:85:59:6A:6D:E1:CC:BE:A6:65:B4:56:C4:D2:CC:D0:96:49:9B:1F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/0f65fe-262f-474d-8cb6-8ccb674a3875/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/0f65fe-262f-474d-8cb6-8ccb674a3875/1/MIVZam3hzL6mZbRWxNLM0JZJmx8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.12.64.0-85.12.111.255
                  85.12.120.0/22
                  85.12.127.0/24
                IPv6:
                  2a0f:bdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:a1:9f:e5:18:63:06:2a:3f:7e:57:3f:78:2e:d0:7c:36:5a:
         c9:fb:02:86:11:b3:52:47:f1:f7:b4:29:96:1d:0b:38:14:c1:
         52:36:5c:50:cc:2a:20:4a:b0:23:cc:e2:92:e9:96:ec:7b:f5:
         ad:3e:20:cd:f5:67:19:fa:74:e2:58:44:11:30:9c:26:5d:b9:
         fd:14:f5:85:51:f2:2b:09:ae:c2:e7:b6:bd:0b:86:47:ac:65:
         74:9b:5a:ba:57:71:61:17:c8:c1:cc:e8:46:90:88:9e:56:de:
         a8:a2:7f:d7:3e:51:87:07:55:58:6c:58:54:1e:55:9f:52:cc:
         e5:73:57:74:68:60:03:83:ed:3a:f5:c6:12:6e:b8:c6:57:05:
         e9:8a:e8:44:9c:e9:c2:fa:fc:c7:0f:f2:63:93:3d:94:fa:ac:
         fb:de:66:f1:05:48:f0:44:6f:30:aa:b9:96:8e:43:87:29:76:
         a6:cc:df:0f:c0:48:08:a8:2a:0e:40:88:9b:56:62:c8:fb:35:
         35:54:79:28:b4:3e:e1:de:c5:af:79:77:6d:47:cc:b5:b0:64:
         9f:4b:49:8e:06:31:4c:13:ae:8b:eb:bf:ef:2c:c5:be:18:ae:
         3e:4b:e2:1c:e2:1d:a9:98:4e:e4:14:65:72:20:40:ae:73:80:
         f4:c4:ee:45
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgISAZWz5sr0iJCLQZv3agAqQSzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMzIwMTQxMzIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDg1NTk2YTZkZTFjY2JlYTY2NWI0NTZjNGQyY2NkMDk2NDk5YjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Aj9iuzSdPRlLFFzxkXovw/bPclm
9BR5Htrq+vmKrDQ1bjDfk3Hwp1c5vbDQyDMYA5k3o3d/hTK560JPwnbIFMjIU3b8
Evh63apH04flQNimFkKnrfNhLxO4MwwIHyUFEcrEoTKE2jUUAIZrjw4fDn02amhc
sfbyqJctTngyXruds6gbJ+e4CTsoVDTOXfN5SSy9I0eadiEK9xCMYbVXnNCBc+pq
g+GpZcRIXaC1iH4uwzOLxOWFBRBuF9Y72hllGP56C4Df7RQQr/sjwDpUhJId/Hp6
VI92ZFmZ+Y29Ql+dIyWuvcuSSJ58E4qHemTXqaoUIDRrTokcgTeehiKjEQIDAQAB
o4ICpzCCAqMwHQYDVR0OBBYEFDCFWWpt4cy+pmW0VsTSzNCWSZsfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RjLzBmNjVm
ZS0yNjJmLTQ3NGQtOGNiNi04Y2NiNjc0YTM4NzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMvMGY2NWZl
LTI2MmYtNDc0ZC04Y2I2LThjY2I2NzRhMzg3NS8xL01JVlphbTNoekw2bVpiUld4
TkxNMEpaSm14OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEIGCCsGAQUF
BwEHAQH/BDMwMTAgBAIAATAaMAwDBAZVDEADBARVDGADBAJVDHgDBABVDH8wDQQC
AAIwBwMFAyoPvcAwDQYJKoZIhvcNAQELBQADggEBAH2hn+UYYwYqP35XP3gu0Hw2
Wsn7AoYRs1JH8fe0KZYdCzgUwVI2XFDMKiBKsCPM4pLplux79a0+IM31Zxn6dOJY
RBEwnCZduf0U9YVR8isJrsLntr0LhkesZXSbWrpXcWEXyMHM6EaQiJ5W3qiif9c+
UYcHVVhsWFQeVZ9SzOVzV3RoYAOD7Tr1xhJuuMZXBemK6ESc6cL6/McP8mOTPZT6
rPveZvEFSPBEbzCquZaOQ4cpdqbM3w/ASAioKg5AiJtWYsj7NTVUeSi0PuHexa95
d21HzLWwZJ9LSY4GMUwTrovrv+8sxb4Yrj5L4hziHamYTuQUZXIgQK5zgPTE7kU=
-----END CERTIFICATE-----