Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PqU6yajcRG-34BE7aLOOlwwZ98w.cer
File:                     PqU6yajcRG-34BE7aLOOlwwZ98w.cer (raw, json)
Hash identifier:          ROqdsSTs04HF+LvirTC55jn1v9a1ND49xcMU4dhm5LQ=
Subject key identifier:   3E:A5:3A:C9:A8:DC:44:6F:B7:E0:11:3B:68:B3:8E:97:0C:19:F7:CC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228E2317A60A0891ED0BC8FB18DEBEE4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0a/e73cb5-8bfc-4139-9a27-351c21192c65/1/PqU6yajcRG-34BE7aLOOlwwZ98w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0a/e73cb5-8bfc-4139-9a27-351c21192c65/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.63.120.0/22
                          IP: 193.105.240.0/24
                          IP: 2a10:2340::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:23:17:a6:0a:08:91:ed:0b:c8:fb:18:de:be:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ea53ac9a8dc446fb7e0113b68b38e970c19f7cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:33:2b:ec:de:b4:00:fc:91:b3:97:f5:cc:49:
                    ad:77:83:3f:6f:f5:28:d4:d5:42:b1:d5:f7:5d:1c:
                    2f:75:3b:f6:92:4c:10:01:b6:b8:fb:63:1e:ab:fa:
                    56:6a:62:d9:5c:d1:ca:22:61:f7:aa:b9:1c:cb:6d:
                    7e:c3:bf:de:b6:ef:31:50:51:bf:23:71:c1:67:b7:
                    36:12:2d:87:e4:7f:fa:91:cc:29:1f:d0:47:a1:db:
                    74:3b:5d:75:38:0e:79:94:1e:7e:e5:57:76:f5:30:
                    4f:00:fb:73:4c:29:4d:b4:62:42:6d:7b:4f:0e:e5:
                    97:c4:67:11:8c:2f:8f:f5:fc:72:2d:01:8a:7c:32:
                    83:47:bf:62:53:b4:6c:ad:1b:95:bd:64:09:f3:ca:
                    e2:2f:2a:1e:b4:c6:4c:ef:41:a5:63:f4:07:b9:e5:
                    de:06:5e:f7:2a:56:58:8f:51:47:4d:f1:e4:a0:bc:
                    11:7e:19:82:4a:78:1f:0b:de:73:63:ff:5c:3f:be:
                    14:36:db:0b:ca:e5:93:11:64:45:b4:c1:03:61:21:
                    26:93:51:46:09:20:56:8a:a1:b6:bf:46:36:a4:0b:
                    3c:9b:43:a4:43:48:14:6e:a8:84:8a:44:13:be:2b:
                    f8:33:15:ea:b2:ee:38:ce:86:d1:99:8f:67:d9:9c:
                    1b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:A5:3A:C9:A8:DC:44:6F:B7:E0:11:3B:68:B3:8E:97:0C:19:F7:CC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/e73cb5-8bfc-4139-9a27-351c21192c65/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/e73cb5-8bfc-4139-9a27-351c21192c65/1/PqU6yajcRG-34BE7aLOOlwwZ98w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.120.0/22
                  193.105.240.0/24
                IPv6:
                  2a10:2340::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:15:f5:40:fe:cf:d6:3c:90:7d:eb:34:17:76:d6:74:ef:a1:
         cb:4f:35:14:a3:7b:c1:f7:55:88:7d:69:e6:8a:4c:07:cc:a3:
         64:21:f1:78:2f:db:9a:57:9a:62:f4:7e:9c:f4:61:77:ba:15:
         44:47:50:1b:06:5a:95:f7:6e:f4:2a:3e:e9:4d:e6:78:1f:9c:
         8b:4f:45:eb:50:e0:5e:93:b8:29:99:83:2e:9b:d9:d9:ef:66:
         c7:d4:fd:d8:08:f3:a8:81:a8:cc:d2:ba:03:05:ec:99:4e:9d:
         89:7f:65:71:fa:82:08:d3:be:7c:42:a3:4b:aa:84:cf:b4:f6:
         3e:78:3c:11:61:6c:e7:43:21:af:d1:b6:87:10:66:16:25:96:
         f4:53:a2:b1:61:50:2f:56:68:ae:bb:87:e8:89:ee:1f:f7:53:
         57:fd:4d:67:f7:22:6e:34:af:20:bd:94:24:c5:f8:bd:f9:be:
         30:fc:64:fa:66:83:44:f4:a4:78:ec:b5:32:13:9f:f4:06:5b:
         43:a9:13:0d:ea:c0:63:5c:c5:a8:5a:0c:8a:52:85:0d:c8:45:
         58:49:cf:f5:3a:5c:4b:27:9d:69:85:6e:e1:18:19:2c:e0:81:
         10:7c:71:d9:1c:84:d6:e8:c5:e2:ce:6c:28:7f:bb:fa:ae:3c:
         b9:a4:02:5b
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAZQijiMXpgoIke0LyPsY3r7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWE1M2FjOWE4ZGM0NDZmYjdlMDExM2I2OGIzOGU5NzBjMTlmN2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzMr7N60APyRs5f1zEmtd4M/b/Uo
1NVCsdX3XRwvdTv2kkwQAba4+2Meq/pWamLZXNHKImH3qrkcy21+w7/etu8xUFG/
I3HBZ7c2Ei2H5H/6kcwpH9BHodt0O111OA55lB5+5Vd29TBPAPtzTClNtGJCbXtP
DuWXxGcRjC+P9fxyLQGKfDKDR79iU7RsrRuVvWQJ88riLyoetMZM70GlY/QHueXe
Bl73KlZYj1FHTfHkoLwRfhmCSngfC95zY/9cP74UNtsLyuWTEWRFtMEDYSEmk1FG
CSBWiqG2v0Y2pAs8m0OkQ0gUbqiEikQTviv4MxXqsu44zobRmY9n2Zwb3QIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFD6lOsmo3ERvt+ARO2izjpcMGffMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBhL2U3M2Ni
NS04YmZjLTQxMzktOWEyNy0zNTFjMjExOTJjNjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGEvZTczY2I1
LThiZmMtNDEzOS05YTI3LTM1MWMyMTE5MmM2NS8xL1BxVTZ5YWpjUkctMzRCRTdh
TE9PbHd3Wjk4dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCuT94AwQAwWnwMA0EAgACMAcDBQMqECNAMA0G
CSqGSIb3DQEBCwUAA4IBAQBCFfVA/s/WPJB96zQXdtZ076HLTzUUo3vB91WIfWnm
ikwHzKNkIfF4L9uaV5pi9H6c9GF3uhVER1AbBlqV9270Kj7pTeZ4H5yLT0XrUOBe
k7gpmYMum9nZ72bH1P3YCPOogajM0roDBeyZTp2Jf2Vx+oII0758QqNLqoTPtPY+
eDwRYWznQyGv0baHEGYWJZb0U6KxYVAvVmiuu4foie4f91NX/U1n9yJuNK8gvZQk
xfi9+b4w/GT6ZoNE9KR47LUyE5/0BltDqRMN6sBjXMWoWgyKUoUNyEVYSc/1OlxL
J51phW7hGBks4IEQfHHZHITW6MXizmwof7v6rjy5pAJb
-----END CERTIFICATE-----