Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer
File:                     MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer (raw, json)
Hash identifier:          oj3hVo5RMnuNDG+VfLOmwdMYac+0jwvqgPsTw27aKnI=
Subject key identifier:   30:D6:6B:66:A3:98:2D:20:A8:1E:F2:01:DC:75:5E:D3:35:3B:16:A4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B5D598683D8E475E068FEB07E5B8F6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:50:15 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 197770
                          IP: 194.9.58.0/23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d5:98:68:3d:8e:47:5e:06:8f:eb:07:e5:b8:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30d66b66a3982d20a81ef201dc755ed3353b16a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:68:cd:35:a9:19:62:28:8e:34:b5:48:b4:03:
                    ff:f8:01:3d:c6:a7:73:f3:ed:c7:d9:69:32:ef:77:
                    b6:9c:e2:a1:14:b0:af:a4:4f:fb:57:d0:d8:03:0c:
                    9c:8e:5b:7c:70:f7:c9:c2:fb:10:04:01:9b:e3:d6:
                    67:8f:0a:1b:13:be:21:e8:91:6c:12:34:ba:32:a2:
                    64:37:20:60:90:73:b6:55:3b:f6:06:4d:72:1c:23:
                    04:23:1c:24:62:87:af:ff:52:de:49:5f:4c:09:e2:
                    63:03:1e:2e:46:00:b4:97:c4:c8:c7:87:ee:b7:9b:
                    6a:d0:0d:f2:02:d3:df:92:64:93:1a:11:71:bb:d1:
                    c6:3d:2c:30:c7:e4:b9:42:10:6b:2d:20:bc:44:27:
                    e3:c4:8c:86:18:84:94:c1:96:be:b1:80:be:ec:13:
                    fd:e7:2a:d1:fa:f9:0c:38:20:6d:84:57:7c:c5:ee:
                    fd:89:8a:77:86:a9:4c:99:d6:63:e1:67:77:d3:2e:
                    1f:98:31:cf:3f:44:8f:f0:44:75:43:cc:fc:2f:b2:
                    71:07:cc:41:c2:e3:0c:e6:e6:05:79:7b:dc:0d:bd:
                    46:a3:33:fe:0f:2e:3f:8c:da:78:b2:7e:61:ec:5a:
                    3e:e2:10:40:25:17:f3:fe:00:18:fd:7a:e6:21:11:
                    cf:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D6:6B:66:A3:98:2D:20:A8:1E:F2:01:DC:75:5E:D3:35:3B:16:A4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.58.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197770

    Signature Algorithm: sha256WithRSAEncryption
         80:36:b4:0b:cd:3d:54:ee:b9:59:e4:b7:62:39:11:d5:2d:d8:
         de:95:52:74:dc:d4:c1:11:d6:9c:54:fb:2a:d9:f2:82:7e:38:
         8f:66:57:fb:88:9c:6c:89:fd:52:e0:be:a4:71:37:b0:13:74:
         4e:49:3a:e2:4b:7e:9e:46:ed:76:4e:02:b7:06:11:77:ea:f4:
         ee:fd:1c:18:4d:85:d0:73:c4:63:b3:8d:1a:c4:5b:aa:f8:3a:
         2b:4f:1a:44:f1:bc:8a:06:3a:39:ca:85:a4:b6:83:c8:d2:db:
         b4:f3:40:d9:b1:0e:54:55:6e:2e:f4:5e:5f:99:c3:50:3e:e6:
         ba:7a:05:30:a9:3f:85:c7:ff:b7:4f:4b:4f:ef:1f:da:a3:cb:
         db:1c:d1:27:54:51:1d:de:94:fe:db:d0:5c:31:b6:1b:e2:fe:
         8e:29:64:06:3b:9e:07:59:2a:57:25:93:24:fb:2d:92:5f:35:
         52:7c:7d:cb:9d:b6:e6:92:92:dd:46:40:cb:42:1b:2c:22:80:
         c5:43:ed:41:19:fa:0c:43:34:d6:5f:9b:40:bd:6e:76:6c:79:
         b5:b1:57:89:fb:32:23:6c:42:d8:af:8e:9a:20:1f:0f:61:2c:
         d5:c3:87:51:a1:87:b3:a9:2a:52:16:4c:31:5f:84:71:bc:4a:
         a1:3f:c5:9e
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQntdWYaD2OR14Gj+sH5bj2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGQ2NmI2NmEzOTgyZDIwYTgxZWYyMDFkYzc1NWVkMzM1M2IxNmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2jNNakZYiiONLVItAP/+AE9xqdz
8+3H2Wky73e2nOKhFLCvpE/7V9DYAwycjlt8cPfJwvsQBAGb49ZnjwobE74h6JFs
EjS6MqJkNyBgkHO2VTv2Bk1yHCMEIxwkYoev/1LeSV9MCeJjAx4uRgC0l8TIx4fu
t5tq0A3yAtPfkmSTGhFxu9HGPSwwx+S5QhBrLSC8RCfjxIyGGISUwZa+sYC+7BP9
5yrR+vkMOCBthFd8xe79iYp3hqlMmdZj4Wd30y4fmDHPP0SP8ER1Q8z8L7JxB8xB
wuMM5uYFeXvcDb1GozP+Dy4/jNp4sn5h7Fo+4hBAJRfz/gAY/XrmIRHPyQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFDDWa2ajmC0gqB7yAdx1XtM1OxakMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ0Lzg4ZTQ4
Mi04Mjc3LTQyODAtOWY1Yi04MTQ0YjE0MGVkZjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvODhlNDgy
LTgyNzctNDI4MC05ZjViLTgxNDRiMTQwZWRmOS8xL01OWnJacU9ZTFNDb0h2SUIz
SFZlMHpVN0ZxUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwgk6MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMEijANBgkqhkiG9w0BAQsFAAOCAQEAgDa0C809VO65WeS3YjkR1S3Y3pVSdNzU
wRHWnFT7Ktnygn44j2ZX+4icbIn9UuC+pHE3sBN0Tkk64kt+nkbtdk4CtwYRd+r0
7v0cGE2F0HPEY7ONGsRbqvg6K08aRPG8igY6OcqFpLaDyNLbtPNA2bEOVFVuLvRe
X5nDUD7munoFMKk/hcf/t09LT+8f2qPL2xzRJ1RRHd6U/tvQXDG2G+L+jilkBjue
B1kqVyWTJPstkl81Unx9y5225pKS3UZAy0IbLCKAxUPtQRn6DEM01l+bQL1udmx5
tbFXifsyI2xC2K+OmiAfD2Es1cOHUaGHs6kqUhZMMV+EcbxKoT/Fng==
-----END CERTIFICATE-----