Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cvR1OfGfD1oTsLabx5Ynjwv0rqQ.cer
File:                     cvR1OfGfD1oTsLabx5Ynjwv0rqQ.cer (raw, json)
Hash identifier:          bLQT9Qji+/AcUbfWPdAwNGRWLBsGc0DMKgnlrmwDX+A=
Subject key identifier:   72:F4:75:39:F1:9F:0F:5A:13:B0:B6:9B:C7:96:27:8F:0B:F4:AE:A4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221F582645BEA173BDF6AE12026079B9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/cvR1OfGfD1oTsLabx5Ynjwv0rqQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:47:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 59438
                          IP: 5.145.152.0/21
                          IP: 2a01:83c0::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:58:26:45:be:a1:73:bd:f6:ae:12:02:60:79:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72f47539f19f0f5a13b0b69bc796278f0bf4aea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2d:15:60:eb:9a:0c:23:20:8b:18:01:31:85:
                    3f:82:49:7a:bc:ed:b2:32:8e:67:99:83:c9:b6:77:
                    f2:ec:28:49:e9:67:cc:d5:7e:d0:dd:3a:86:52:48:
                    00:24:4e:1d:01:e7:3b:55:bc:5f:66:9b:c6:a2:c9:
                    69:05:c9:df:dd:0c:d8:df:5d:1e:3f:34:bc:4b:f7:
                    f2:59:fc:9b:27:82:d5:7c:cb:4a:ff:55:75:f0:4b:
                    5c:9f:32:06:86:86:a6:fb:8e:f1:56:4c:9c:b1:b9:
                    5e:85:e8:3d:9e:ab:ae:1c:71:1f:c9:7d:97:1d:bb:
                    ea:38:ae:9f:3d:16:34:2e:a4:43:e2:fe:6a:a0:7a:
                    d9:9d:77:d8:22:36:23:76:0f:9f:04:8e:fc:b0:06:
                    5e:1b:08:e9:3c:ce:b2:21:0a:c5:c1:ed:c5:4a:94:
                    cf:51:9f:02:0f:24:f6:72:18:22:5a:1a:17:37:8d:
                    46:36:75:bb:02:0b:14:e8:1f:2d:79:d0:d8:1f:d4:
                    8e:90:d8:81:fd:b1:2a:d0:c7:83:b5:56:49:10:98:
                    5f:75:fb:d6:09:0b:82:c2:b4:c7:98:08:bc:29:2c:
                    0f:89:3a:3e:99:22:08:c2:b3:c1:72:61:74:e9:59:
                    06:c6:46:fc:0f:5e:ee:b4:c1:20:6e:9f:ef:cf:3a:
                    3c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F4:75:39:F1:9F:0F:5A:13:B0:B6:9B:C7:96:27:8F:0B:F4:AE:A4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/cvR1OfGfD1oTsLabx5Ynjwv0rqQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.152.0/21
                IPv6:
                  2a01:83c0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  59438

    Signature Algorithm: sha256WithRSAEncryption
         35:40:a6:d8:fe:37:d6:0e:90:d9:cb:39:a5:1c:f5:7d:b5:98:
         b4:40:36:f5:d7:ac:05:05:d3:02:be:f5:8e:8b:7e:81:c0:8c:
         87:d4:e3:d3:ba:3f:3f:fe:76:be:8b:d6:8b:05:5c:63:d9:9e:
         cb:af:df:58:12:f1:77:51:28:53:14:dc:2d:11:7a:9b:cc:c8:
         ed:fa:35:67:68:91:46:fb:2d:40:17:35:d7:5a:56:fa:02:e0:
         23:96:66:00:c9:2f:e4:be:02:22:f6:c1:95:dd:b5:82:81:3d:
         f6:b8:9d:34:ad:f9:42:1c:5e:e4:ff:38:f2:bd:63:75:68:2d:
         8d:7f:d2:fb:89:0d:be:99:15:a8:a4:8b:d6:ec:77:84:cf:ce:
         00:c2:c6:bc:3a:65:12:5c:b9:3f:4b:64:03:af:7c:08:90:af:
         de:cf:6c:dd:6a:33:ec:78:04:36:dd:bf:b3:7d:94:30:20:88:
         bc:f7:38:d8:d8:ab:3f:d9:7d:48:63:8d:d9:56:1d:b9:d5:bb:
         38:d5:93:e2:a3:f0:f2:04:9a:f7:74:af:a3:5f:03:73:2e:f9:
         80:49:c5:71:3d:1f:18:21:32:ed:30:14:b2:43:89:d7:60:49:
         61:9b:6c:16:d0:7f:0b:8d:c9:09:1f:69:af:c1:f7:78:54:ef:
         57:bb:5d:ef
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQiH1gmRb6hc732rhICYHm5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmY0NzUzOWYxOWYwZjVhMTNiMGI2OWJjNzk2Mjc4ZjBiZjRhZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwi0VYOuaDCMgixgBMYU/gkl6vO2y
Mo5nmYPJtnfy7ChJ6WfM1X7Q3TqGUkgAJE4dAec7VbxfZpvGoslpBcnf3QzY310e
PzS8S/fyWfybJ4LVfMtK/1V18EtcnzIGhoam+47xVkycsbleheg9nquuHHEfyX2X
HbvqOK6fPRY0LqRD4v5qoHrZnXfYIjYjdg+fBI78sAZeGwjpPM6yIQrFwe3FSpTP
UZ8CDyT2chgiWhoXN41GNnW7AgsU6B8tedDYH9SOkNiB/bEq0MeDtVZJEJhfdfvW
CQuCwrTHmAi8KSwPiTo+mSIIwrPBcmF06VkGxkb8D17utMEgbp/vzzo88wIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFHL0dTnxnw9aE7C2m8eWJ48L9K6kMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyLzU3M2Q5
ZC0zMmFkLTQ2ZmYtYWUyMy0yZWE2ZWMyODVhMTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTIvNTczZDlk
LTMyYWQtNDZmZi1hZTIzLTJlYTZlYzI4NWExNS8xL2N2UjFPZkdmRDFvVHNMYWJ4
NVluand2MHJxUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQDBZGYMA0EAgACMAcDBQAqAYPAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDoLjANBgkqhkiG9w0BAQsFAAOCAQEANUCm2P431g6Q
2cs5pRz1fbWYtEA29desBQXTAr71jot+gcCMh9Tj07o/P/52vovWiwVcY9mey6/f
WBLxd1EoUxTcLRF6m8zI7fo1Z2iRRvstQBc111pW+gLgI5ZmAMkv5L4CIvbBld21
goE99ridNK35Qhxe5P848r1jdWgtjX/S+4kNvpkVqKSL1ux3hM/OAMLGvDplEly5
P0tkA698CJCv3s9s3Woz7HgENt2/s32UMCCIvPc42NirP9l9SGON2VYdudW7ONWT
4qPw8gSa93Svo18Dcy75gEnFcT0fGCEy7TAUskOJ12BJYZtsFtB/C43JCR9pr8H3
eFTvV7td7w==
-----END CERTIFICATE-----