Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer
File:                     QSUTQuBdWLO3_JOhXLoetx5UI4U.cer (raw, json)
Hash identifier:          oiKLIKqRR3OEQ2m0R2DxvUmvhp09Bfb4xQEVA2zeJ6Y=
Subject key identifier:   41:25:13:42:E0:5D:58:B3:B7:FC:93:A1:5C:BA:1E:B7:1E:54:23:85
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FDCF30D981D808B42229F616CC0580
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:49:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 64434
                          IP: 185.165.28.0/22
                          IP: 2a0b:d400::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:cf:30:d9:81:d8:08:b4:22:29:f6:16:cc:05:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41251342e05d58b3b7fc93a15cba1eb71e542385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6d:66:23:cf:c8:4c:f2:4b:91:2b:51:ba:cc:
                    8a:05:80:4b:17:99:1c:68:a3:d5:41:36:94:db:c6:
                    47:fe:da:4a:d9:87:a8:2d:ab:e6:44:6a:75:7e:fa:
                    1b:24:e5:ae:69:2f:22:88:0e:ad:18:c5:54:93:9f:
                    ef:07:b0:36:48:e2:0f:86:89:97:44:b0:c7:df:7c:
                    25:68:98:c0:dc:9e:1d:26:02:96:1f:57:af:cf:f7:
                    60:05:a3:27:43:98:fe:ff:1c:07:96:4c:af:aa:18:
                    c5:e2:a0:54:bf:da:51:9a:af:a1:37:70:fb:26:6f:
                    72:b0:10:ba:48:43:cc:0a:a9:62:54:57:9d:64:35:
                    42:b8:dc:24:60:51:7d:65:46:b5:df:0b:25:f8:a8:
                    ca:f2:be:e9:59:44:a7:7c:51:13:b0:c3:8d:a1:99:
                    b2:f2:3f:1f:81:5b:01:70:30:ee:1d:7a:da:4c:0d:
                    02:ac:53:fc:c9:09:ee:1d:e0:c1:1e:19:04:d9:09:
                    08:58:c5:c6:0f:8e:95:db:ab:3d:b0:a6:f6:7d:72:
                    d2:56:e0:a2:34:97:08:f0:ed:be:d7:77:1e:af:fd:
                    cb:0b:34:c8:57:21:59:df:9f:71:0b:06:4e:20:84:
                    0b:cc:b1:19:49:a2:e6:e4:7a:bf:eb:33:59:9b:1a:
                    e0:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:25:13:42:E0:5D:58:B3:B7:FC:93:A1:5C:BA:1E:B7:1E:54:23:85
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.28.0/22
                IPv6:
                  2a0b:d400::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  64434

    Signature Algorithm: sha256WithRSAEncryption
         86:7c:63:ea:d7:8a:4f:51:1e:e3:26:9f:c6:26:ab:2b:f1:49:
         2c:12:0d:79:73:65:95:b0:7f:38:2e:72:4a:6f:83:93:39:76:
         87:ae:fb:93:fe:2e:c0:aa:a3:4b:ea:5e:e6:ee:96:1c:93:41:
         f0:e9:a1:90:67:70:90:62:0b:bb:9c:b5:80:ad:48:32:f8:2e:
         49:22:dd:89:28:c0:38:08:43:78:2c:ed:d9:84:fe:ec:a5:bb:
         16:d7:4c:52:1d:80:74:72:8a:d0:06:60:61:39:08:3e:17:0c:
         74:ee:24:c6:d9:5c:70:fe:14:03:69:93:3d:2a:63:30:9f:21:
         9a:dc:5c:aa:6b:51:85:1c:ca:9c:54:5c:f3:53:68:97:9c:5b:
         41:b2:b2:18:d8:9d:70:59:2f:81:5a:b2:dd:a0:4b:ec:a7:e5:
         aa:91:83:f7:0b:1a:1d:83:88:2b:f8:83:6a:d2:b8:af:d9:bc:
         db:ea:88:cc:06:af:e8:16:e7:57:38:63:fc:5a:0f:79:7c:fe:
         2e:9c:d9:c4:53:9e:c5:0e:5a:a2:e9:9c:cb:8f:c3:5a:23:31:
         bf:3b:6c:2a:d1:a3:3f:1f:03:a3:40:55:53:55:a3:da:58:e9:
         d7:d5:cd:4a:9c:52:43:bf:05:90:e3:d8:1a:c7:fc:f5:14:70:
         a1:c4:7d:34
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQl/c8w2YHYCLQiKfYWzAWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTI1MTM0MmUwNWQ1OGIzYjdmYzkzYTE1Y2JhMWViNzFlNTQyMzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1mI8/ITPJLkStRusyKBYBLF5kc
aKPVQTaU28ZH/tpK2YeoLavmRGp1fvobJOWuaS8iiA6tGMVUk5/vB7A2SOIPhomX
RLDH33wlaJjA3J4dJgKWH1evz/dgBaMnQ5j+/xwHlkyvqhjF4qBUv9pRmq+hN3D7
Jm9ysBC6SEPMCqliVFedZDVCuNwkYFF9ZUa13wsl+KjK8r7pWUSnfFETsMONoZmy
8j8fgVsBcDDuHXraTA0CrFP8yQnuHeDBHhkE2QkIWMXGD46V26s9sKb2fXLSVuCi
NJcI8O2+13cer/3LCzTIVyFZ359xCwZOIIQLzLEZSaLm5Hq/6zNZmxrg9QIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFEElE0LgXVizt/yToVy6HrceVCOFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQxL2FkNjAz
Zi04ZmVhLTQ4NDktOWVkYi1jMzY2OGI1MDNhMWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvYWQ2MDNm
LThmZWEtNDg0OS05ZWRiLWMzNjY4YjUwM2ExYy8xL1FTVVRRdUJkV0xPM19KT2hY
TG9ldHg1VUk0VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuaUcMA0EAgACMAcDBQMqC9QAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwD7sjANBgkqhkiG9w0BAQsFAAOCAQEAhnxj6teKT1Ee
4yafxiarK/FJLBINeXNllbB/OC5ySm+Dkzl2h677k/4uwKqjS+pe5u6WHJNB8Omh
kGdwkGILu5y1gK1IMvguSSLdiSjAOAhDeCzt2YT+7KW7FtdMUh2AdHKK0AZgYTkI
PhcMdO4kxtlccP4UA2mTPSpjMJ8hmtxcqmtRhRzKnFRc81Nol5xbQbKyGNidcFkv
gVqy3aBL7KflqpGD9wsaHYOIK/iDatK4r9m82+qIzAav6BbnVzhj/FoPeXz+LpzZ
xFOexQ5aoumcy4/DWiMxvztsKtGjPx8Do0BVU1Wj2ljp19XNSpxSQ78FkOPYGsf8
9RRwocR9NA==
-----END CERTIFICATE-----