Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aMFmY2kvbGhFdPZGCqzmJX-3kqI.cer
File:                     aMFmY2kvbGhFdPZGCqzmJX-3kqI.cer (raw, json)
Hash identifier:          9Snn/+iaDlf0NFQ2yyny3KhGQnbpuHenpRuSV/WwlUg=
Subject key identifier:   68:C1:66:63:69:2F:6C:68:45:74:F6:46:0A:AC:E6:25:7F:B7:92:A2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0195D1C0DCCC1ED8CF3404A0477C80C7E442
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8f/57c6ea-1bb5-42a0-8679-d07fa3e6b3d3/1/aMFmY2kvbGhFdPZGCqzmJX-3kqI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8f/57c6ea-1bb5-42a0-8679-d07fa3e6b3d3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 26 Mar 2025 09:20:32 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 211445
                          IP: 2a14:aa80::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d1:c0:dc:cc:1e:d8:cf:34:04:a0:47:7c:80:c7:e4:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 26 09:20:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68c16663692f6c684574f6460aace6257fb792a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:18:97:a7:8f:73:3a:74:a0:be:69:fc:8d:0b:
                    8b:59:7a:32:ad:c7:50:e7:63:8e:84:bb:cf:e4:73:
                    1a:3c:45:ac:05:46:13:98:97:31:6f:ed:fd:e4:03:
                    ba:e3:b5:ae:c1:45:b0:96:84:55:f4:23:d4:b2:3b:
                    c9:6c:8a:0b:ca:6c:d6:99:f2:a3:d8:dd:79:e5:a3:
                    aa:34:73:be:b1:f1:2b:ee:30:12:3f:0c:83:d1:0e:
                    8b:36:c9:61:d1:13:b2:33:b9:12:d9:26:07:67:1e:
                    1d:4b:30:9e:21:19:f9:b2:58:20:b7:72:68:20:1a:
                    76:03:6c:81:22:0e:fa:88:68:77:70:36:27:dc:1f:
                    08:ec:41:5e:7c:33:7a:b7:aa:85:8d:ef:25:d5:34:
                    cc:53:e3:bd:dd:86:53:03:a0:52:72:45:d3:e7:11:
                    53:dc:34:90:97:00:16:e5:29:01:e2:53:6c:10:f9:
                    31:9f:d3:fb:ec:97:ef:0f:fd:da:90:94:20:d7:46:
                    30:40:df:96:04:1d:ff:6a:4c:11:82:67:c4:15:82:
                    ba:21:f7:4b:c0:8e:52:29:0a:19:be:68:ca:13:89:
                    44:5e:82:86:a5:20:a2:77:90:96:44:71:86:05:c0:
                    39:34:97:78:48:98:0f:67:43:37:3f:2b:ce:5c:7c:
                    e1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C1:66:63:69:2F:6C:68:45:74:F6:46:0A:AC:E6:25:7F:B7:92:A2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/57c6ea-1bb5-42a0-8679-d07fa3e6b3d3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/57c6ea-1bb5-42a0-8679-d07fa3e6b3d3/1/aMFmY2kvbGhFdPZGCqzmJX-3kqI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:aa80::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211445

    Signature Algorithm: sha256WithRSAEncryption
         18:9e:e5:82:de:e8:18:f0:09:10:e3:3c:11:ce:8d:e4:2e:4c:
         5a:f8:45:58:26:3a:2f:7b:0f:16:db:90:7d:26:74:bc:ea:13:
         34:c8:31:a0:cc:d5:0f:5e:7d:ea:a4:2e:38:21:5e:af:9e:70:
         bb:0e:b8:46:80:ca:93:40:00:fd:12:64:90:a8:8b:23:16:83:
         7f:48:48:93:b4:a9:48:cc:56:d7:86:b6:32:b9:68:b2:af:d5:
         66:cb:6a:25:9f:40:75:1f:e0:55:3b:51:0e:a6:a6:b8:0d:dc:
         e2:b9:af:e7:83:08:75:ae:65:fa:38:44:0b:f7:07:a2:4d:9b:
         1f:45:f5:b3:83:7d:b7:1e:33:be:5c:d8:2e:89:be:48:ea:db:
         5f:b2:0d:49:a4:c0:dd:64:65:21:07:aa:ce:07:69:ab:6b:0f:
         75:3e:64:ee:c0:06:43:41:d6:73:d9:8b:f0:2d:69:a5:cd:ed:
         7c:ef:68:dd:eb:43:33:16:a7:b0:ee:5c:ea:26:93:1d:85:68:
         9a:f0:17:c6:59:c2:75:b9:8e:8f:96:cd:2f:f1:9d:38:09:c0:
         64:1f:77:b3:5b:57:85:16:3d:47:6d:b5:cb:48:9f:20:4e:7a:
         c9:f2:77:ca:16:be:e4:2e:ef:35:bf:3c:43:b7:50:48:b5:54:
         1c:5a:70:49
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZXRwNzMHtjPNASgR3yAx+RCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMzI2MDkyMDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGMxNjY2MzY5MmY2YzY4NDU3NGY2NDYwYWFjZTYyNTdmYjc5MmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hiXp49zOnSgvmn8jQuLWXoyrcdQ
52OOhLvP5HMaPEWsBUYTmJcxb+395AO647WuwUWwloRV9CPUsjvJbIoLymzWmfKj
2N155aOqNHO+sfEr7jASPwyD0Q6LNslh0ROyM7kS2SYHZx4dSzCeIRn5slggt3Jo
IBp2A2yBIg76iGh3cDYn3B8I7EFefDN6t6qFje8l1TTMU+O93YZTA6BSckXT5xFT
3DSQlwAW5SkB4lNsEPkxn9P77JfvD/3akJQg10YwQN+WBB3/akwRgmfEFYK6IfdL
wI5SKQoZvmjKE4lEXoKGpSCid5CWRHGGBcA5NJd4SJgPZ0M3PyvOXHzhDQIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFGjBZmNpL2xoRXT2Rgqs5iV/t5KiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhmLzU3YzZl
YS0xYmI1LTQyYTAtODY3OS1kMDdmYTNlNmIzZDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGYvNTdjNmVh
LTFiYjUtNDJhMC04Njc5LWQwN2ZhM2U2YjNkMy8xL2FNRm1ZMmt2YkdoRmRQWkdD
cXptSlgtM2txSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUAKhSqgDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDOfUwDQYJKoZIhvcNAQELBQADggEBABie5YLe6BjwCRDjPBHOjeQuTFr4RVgm
Oi97DxbbkH0mdLzqEzTIMaDM1Q9efeqkLjghXq+ecLsOuEaAypNAAP0SZJCoiyMW
g39ISJO0qUjMVteGtjK5aLKv1WbLaiWfQHUf4FU7UQ6mprgN3OK5r+eDCHWuZfo4
RAv3B6JNmx9F9bODfbceM75c2C6Jvkjq21+yDUmkwN1kZSEHqs4HaatrD3U+ZO7A
BkNB1nPZi/AtaaXN7XzvaN3rQzMWp7DuXOomkx2FaJrwF8ZZwnW5jo+WzS/xnTgJ
wGQfd7NbV4UWPUdttctInyBOesnyd8oWvuQu7zW/PEO3UEi1VBxacEk=
-----END CERTIFICATE-----