Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.cer
File:                     ZKemzVg4FNOTvuJjW1RVdMx1Ygw.cer (raw, json)
Hash identifier:          /zAUvhMs0ihHCWSw3bmwDViILJrq5M3LmnTlan0oA1Y=
Subject key identifier:   64:A7:A6:CD:58:38:14:D3:93:BE:E2:63:5B:54:55:74:CC:75:62:0C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427483FCBDE2B514A0DE6FDD825A3FB49
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:50:33 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 51554
                          IP: 185.157.8.0/22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:3f:cb:de:2b:51:4a:0d:e6:fd:d8:25:a3:fb:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:50:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64a7a6cd583814d393bee2635b545574cc75620c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ca:dd:e9:75:bd:70:fe:d0:d1:10:16:36:34:
                    49:d0:fb:2b:77:77:7c:61:c2:58:e6:bc:ad:0b:13:
                    bb:45:a8:1c:a7:93:b3:54:10:7c:e7:6e:66:70:f3:
                    f7:7b:94:20:d2:2d:40:e2:66:e6:d5:a1:a6:6b:f2:
                    40:8d:5d:61:e3:cc:78:cd:3d:08:be:40:13:ef:99:
                    b6:fc:4e:1d:48:00:6c:e9:c5:59:e9:ce:c8:da:71:
                    75:ad:a3:15:f2:8f:5d:a2:a1:ac:c7:9d:d4:2c:73:
                    01:89:41:d5:6c:ed:de:17:6a:37:30:1b:38:72:fc:
                    d0:b8:09:60:e3:7e:77:b2:01:d1:d8:cb:30:7c:ae:
                    fd:5b:49:2b:9d:7d:8f:8d:7d:cf:12:0d:f2:5a:69:
                    56:f0:e9:e7:95:ff:ff:de:60:7c:c6:e6:51:cb:59:
                    6d:ad:4c:54:44:38:3c:23:94:e7:07:44:98:39:a2:
                    7e:0e:c6:2f:b4:d8:b2:3a:55:09:08:75:1f:43:9a:
                    7f:67:75:d4:d9:06:33:95:41:2a:6c:e1:ad:53:e9:
                    88:df:bf:fc:0c:4e:06:63:38:56:c2:e0:15:a1:b1:
                    16:2b:5a:60:b4:94:91:2c:80:1b:8e:8c:a7:9a:e0:
                    0f:24:a8:53:00:3e:26:83:d2:4f:d7:ec:b0:e9:a7:
                    3f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:A7:A6:CD:58:38:14:D3:93:BE:E2:63:5B:54:55:74:CC:75:62:0C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.8.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51554

    Signature Algorithm: sha256WithRSAEncryption
         1a:bb:ee:d9:66:d9:03:a8:f4:07:1b:01:76:c6:09:09:7b:cb:
         ec:5a:4b:6a:4c:dd:79:96:c9:ce:54:47:6f:ce:e0:69:30:36:
         1b:d2:59:f6:b1:55:fb:a6:3b:ad:b7:dc:8c:3b:a5:aa:bd:df:
         2f:3f:19:80:2a:f1:9e:30:39:47:f6:f4:30:15:be:c0:8e:88:
         fc:cc:a4:63:4e:20:00:12:66:5d:f2:d1:89:11:42:a1:20:7a:
         dc:23:62:c7:ae:39:3a:41:5c:b7:ad:aa:5c:71:22:2a:ce:66:
         31:97:a9:86:7c:d4:71:61:39:d3:b8:1f:83:f6:40:a1:19:3e:
         ca:cd:b2:cc:9f:c5:c1:14:1a:0f:33:28:f1:c3:15:1a:e5:26:
         0e:8e:92:62:3b:da:db:8a:b2:48:32:5d:4b:97:55:f3:0e:f0:
         a4:41:cd:48:38:e7:c9:47:d3:36:5b:fe:4d:20:1f:ae:4f:2d:
         cb:f0:30:4d:41:be:63:b8:21:3b:83:a9:e3:95:c1:11:b5:75:
         a7:51:44:22:0b:a6:8b:98:f4:6b:d5:23:11:81:9e:51:64:2b:
         b6:c9:c2:ed:a6:e7:50:76:f0:2a:18:25:85:da:3a:92:7a:30:
         a4:d8:e5:ed:50:cb:a9:ee:1b:7c:f1:1a:73:38:fb:26:a5:5b:
         ce:44:36:37
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQnSD/L3itRSg3m/dglo/tJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM1MDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGE3YTZjZDU4MzgxNGQzOTNiZWUyNjM1YjU0NTU3NGNjNzU2MjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8rd6XW9cP7Q0RAWNjRJ0Psrd3d8
YcJY5rytCxO7Ragcp5OzVBB8525mcPP3e5Qg0i1A4mbm1aGma/JAjV1h48x4zT0I
vkAT75m2/E4dSABs6cVZ6c7I2nF1raMV8o9doqGsx53ULHMBiUHVbO3eF2o3MBs4
cvzQuAlg4353sgHR2MswfK79W0krnX2PjX3PEg3yWmlW8Onnlf//3mB8xuZRy1lt
rUxURDg8I5TnB0SYOaJ+DsYvtNiyOlUJCHUfQ5p/Z3XU2QYzlUEqbOGtU+mI37/8
DE4GYzhWwuAVobEWK1pgtJSRLIAbjoynmuAPJKhTAD4mg9JP1+yw6ac/LQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGSnps1YOBTTk77iY1tUVXTMdWIMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZmLzhkNmYx
YS1kMzM0LTQxOGYtYjcyNi02ZjVkOGE3NGEwZTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYvOGQ2ZjFh
LWQzMzQtNDE4Zi1iNzI2LTZmNWQ4YTc0YTBlNC8xL1pLZW16Vmc0Rk5PVHZ1SmpX
MVJWZE14MVlndy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuZ0IMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDJYjANBgkqhkiG9w0BAQsFAAOCAQEAGrvu2WbZA6j0BxsBdsYJCXvL7FpLakzd
eZbJzlRHb87gaTA2G9JZ9rFV+6Y7rbfcjDulqr3fLz8ZgCrxnjA5R/b0MBW+wI6I
/MykY04gABJmXfLRiRFCoSB63CNix645OkFct62qXHEiKs5mMZephnzUcWE507gf
g/ZAoRk+ys2yzJ/FwRQaDzMo8cMVGuUmDo6SYjva24qySDJdS5dV8w7wpEHNSDjn
yUfTNlv+TSAfrk8ty/AwTUG+Y7ghO4Op45XBEbV1p1FEIgumi5j0a9UjEYGeUWQr
tsnC7abnUHbwKhglhdo6knowpNjl7VDLqe4bfPEaczj7JqVbzkQ2Nw==
-----END CERTIFICATE-----