Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/TLIktT7JyLF_MYlbFqjUVx8OaXA.cer
File:                     TLIktT7JyLF_MYlbFqjUVx8OaXA.cer (raw, json)
Hash identifier:          OGrdAl2O6Q3AgsumKnyExxk3zLjrT8VrylaqhWkJu8E=
Subject key identifier:   4C:B2:24:B5:3E:C9:C8:B1:7F:31:89:5B:16:A8:D4:57:1F:0E:69:70
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196193BF0CF1393CEABCC4751800AD61D70
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fa/e2aac5-c04d-4ae0-8bf3-9e3d89d9e617/1/TLIktT7JyLF_MYlbFqjUVx8OaXA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fa/e2aac5-c04d-4ae0-8bf3-9e3d89d9e617/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 09 Apr 2025 06:28:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198373
                          AS: 211209
                          IP: 2001:678:c20::/48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:19:3b:f0:cf:13:93:ce:ab:cc:47:51:80:0a:d6:1d:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr  9 06:28:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cb224b53ec9c8b17f31895b16a8d4571f0e6970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9f:b1:a9:0f:2b:4e:f5:47:dc:4c:d0:fe:f5:
                    d0:51:c2:7d:74:49:3d:c7:75:87:94:da:f3:dc:2e:
                    21:3a:8c:b1:7a:f4:ba:26:3e:01:da:be:2d:f7:ca:
                    ad:a3:f9:4a:1a:d7:48:42:b6:43:3c:b4:59:0a:6d:
                    a8:b0:eb:53:cc:f5:35:dd:21:bf:ee:bc:e4:1b:cf:
                    8d:00:4a:e9:5b:ff:19:76:69:c4:57:31:aa:03:c9:
                    15:c6:24:d7:20:7c:13:a5:85:b3:87:b7:27:d1:56:
                    38:9f:20:6b:aa:bf:65:9e:60:bb:0f:4c:b1:05:89:
                    14:3e:6e:e2:24:20:c5:65:98:f7:ca:2b:5d:c1:25:
                    bd:09:14:15:88:c9:0a:1c:17:45:7c:ba:f6:a2:35:
                    c6:4a:eb:18:09:99:26:11:a6:68:99:a7:6a:f5:f3:
                    aa:bc:32:b2:2c:ad:48:b2:64:1e:bf:3d:24:df:05:
                    78:58:d0:68:bd:e5:f5:27:ab:ab:ee:a0:e8:93:af:
                    30:af:ef:b1:03:8d:44:eb:bd:04:70:a8:aa:9d:ad:
                    d5:bd:6c:9f:31:71:02:e8:5f:c2:89:ae:43:14:bc:
                    e5:90:c7:bb:e8:16:e7:41:ae:fa:2f:92:08:6f:0d:
                    14:a7:7c:fc:30:33:95:56:60:f8:15:b4:c5:d6:67:
                    b6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B2:24:B5:3E:C9:C8:B1:7F:31:89:5B:16:A8:D4:57:1F:0E:69:70
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/e2aac5-c04d-4ae0-8bf3-9e3d89d9e617/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/e2aac5-c04d-4ae0-8bf3-9e3d89d9e617/1/TLIktT7JyLF_MYlbFqjUVx8OaXA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c20::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198373
                  211209

    Signature Algorithm: sha256WithRSAEncryption
         2a:a7:a3:67:d1:00:59:03:0a:e0:c3:c1:3b:ee:43:2e:3c:45:
         ed:75:9b:e4:dc:1b:b8:8d:05:8b:ce:7d:73:a7:a3:c6:73:b3:
         80:ca:7a:9c:4d:65:ba:20:b5:27:34:35:9a:42:a5:35:b0:df:
         77:77:80:82:69:a1:2d:0f:79:f1:2a:08:4a:25:12:6e:ad:f6:
         17:ff:cb:15:3f:86:42:7f:2c:39:47:f3:cc:47:0f:54:33:9c:
         f1:f9:ee:62:f2:f9:b9:9f:8b:60:39:73:7a:99:c1:9a:75:f8:
         42:36:ac:cb:56:63:27:89:d7:cf:cc:48:b4:7d:f1:06:17:f0:
         00:a4:17:ce:e7:88:34:11:14:ee:fa:15:fd:39:c5:9d:7b:f2:
         eb:76:9f:52:da:d0:e5:5a:fc:35:4b:38:58:bb:ca:c3:26:e7:
         d8:a6:48:95:09:a0:7b:45:3d:c6:cb:f0:f7:9f:ce:e0:90:20:
         18:d1:8b:56:a2:8d:b3:81:a1:98:4d:99:33:8e:fa:6c:78:2e:
         a2:77:df:f7:e5:31:ba:dd:cb:10:85:fb:3d:66:e2:b5:ab:23:
         fc:5a:4a:60:c9:0c:2f:55:e2:67:ef:ba:de:37:16:f5:23:dc:
         61:92:9f:ad:e4:d1:fd:d3:8b:b0:71:f3:e6:1a:18:73:15:80:
         e7:f4:42:d8
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAZYZO/DPE5POq8xHUYAK1h1wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDA5MDYyODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2IyMjRiNTNlYzljOGIxN2YzMTg5NWIxNmE4ZDQ1NzFmMGU2OTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1p+xqQ8rTvVH3EzQ/vXQUcJ9dEk9
x3WHlNrz3C4hOoyxevS6Jj4B2r4t98qto/lKGtdIQrZDPLRZCm2osOtTzPU13SG/
7rzkG8+NAErpW/8ZdmnEVzGqA8kVxiTXIHwTpYWzh7cn0VY4nyBrqr9lnmC7D0yx
BYkUPm7iJCDFZZj3yitdwSW9CRQViMkKHBdFfLr2ojXGSusYCZkmEaZomadq9fOq
vDKyLK1IsmQevz0k3wV4WNBoveX1J6ur7qDok68wr++xA41E670EcKiqna3VvWyf
MXEC6F/Cia5DFLzlkMe76BbnQa76L5IIbw0Up3z8MDOVVmD4FbTF1me2vwIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFEyyJLU+ycixfzGJWxao1FcfDmlwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZhL2UyYWFj
NS1jMDRkLTRhZTAtOGJmMy05ZTNkODlkOWU2MTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmEvZTJhYWM1
LWMwNGQtNGFlMC04YmYzLTllM2Q4OWQ5ZTYxNy8xL1RMSWt0VDdKeUxGX01ZbGJG
cWpVVng4T2FYQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAwgMB8GCCsGAQUFBwEIAQH/BBAwDqAM
MAoCAwMG5QIDAzkJMA0GCSqGSIb3DQEBCwUAA4IBAQAqp6Nn0QBZAwrgw8E77kMu
PEXtdZvk3Bu4jQWLzn1zp6PGc7OAynqcTWW6ILUnNDWaQqU1sN93d4CCaaEtD3nx
KghKJRJurfYX/8sVP4ZCfyw5R/PMRw9UM5zx+e5i8vm5n4tgOXN6mcGadfhCNqzL
VmMnidfPzEi0ffEGF/AApBfO54g0ERTu+hX9OcWde/Lrdp9S2tDlWvw1SzhYu8rD
JufYpkiVCaB7RT3Gy/D3n87gkCAY0YtWoo2zgaGYTZkzjvpseC6id9/35TG63csQ
hfs9ZuK1qyP8WkpgyQwvVeJn77reNxb1I9xhkp+t5NH904uwcfPmGhhzFYDn9ELY
-----END CERTIFICATE-----