Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mnZNjTrnJbReDUgH9hLsPR8qP08.cer
File:                     mnZNjTrnJbReDUgH9hLsPR8qP08.cer (raw, json)
Hash identifier:          XD9XvqbOU7TUQUZyy6ykkYcEYKRwZ4sBNwlaZN/1SE0=
Subject key identifier:   9A:76:4D:8D:3A:E7:25:B4:5E:0D:48:07:F6:12:EC:3D:1F:2A:3F:4F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D7C3F9E6257633C3284E74543AA1F4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/mnZNjTrnJbReDUgH9hLsPR8qP08.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:48:50 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 41880
                          IP: 91.102.208.0/21

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:c3:f9:e6:25:76:33:c3:28:4e:74:54:3a:a1:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a764d8d3ae725b45e0d4807f612ec3d1f2a3f4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a4:3f:13:57:37:2b:df:4f:f0:43:4b:aa:44:
                    56:d5:88:0b:d0:b6:47:0d:54:22:01:ac:b8:f7:49:
                    aa:1c:c1:8f:e0:9c:e7:e2:b6:b5:be:71:80:0f:12:
                    91:45:ff:97:f0:2a:f1:d8:1c:0e:81:40:20:44:6e:
                    30:24:30:37:f9:34:36:c8:03:b2:44:9c:37:51:26:
                    86:79:62:14:f0:ac:16:5a:5c:90:3b:03:df:d6:56:
                    5e:21:92:c4:55:8a:a4:8b:cc:15:48:33:66:87:05:
                    5f:b1:59:32:4f:27:b7:7f:92:bf:49:90:05:79:6d:
                    74:51:0a:19:c6:b4:3b:41:45:30:9e:24:1b:62:4d:
                    ec:d6:e5:7c:3b:aa:bd:6e:7c:3a:6b:03:0f:05:09:
                    12:53:1b:1e:12:87:d2:3d:c7:59:28:d8:ef:15:e7:
                    de:e7:90:78:f0:2e:ad:09:06:eb:1f:4e:23:4d:49:
                    be:67:64:8b:4e:a4:e9:68:49:01:54:1e:b1:4f:65:
                    3d:c4:c7:58:3f:80:11:ef:38:75:e9:52:8d:e4:e6:
                    c3:42:39:af:59:cf:a0:59:fd:ec:13:02:be:47:52:
                    dd:2d:4f:c7:f8:8e:46:b4:0f:53:11:3f:2d:b8:9e:
                    ad:71:04:b3:d3:12:1e:d3:7a:92:2b:3a:0e:9d:a7:
                    22:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:76:4D:8D:3A:E7:25:B4:5E:0D:48:07:F6:12:EC:3D:1F:2A:3F:4F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/mnZNjTrnJbReDUgH9hLsPR8qP08.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.208.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41880

    Signature Algorithm: sha256WithRSAEncryption
         4b:b5:2b:26:fd:57:29:9f:e3:4a:d3:c2:ab:bf:75:38:8d:0e:
         90:77:ea:a3:af:bd:99:00:bd:05:c6:2f:1d:ed:06:12:8a:d3:
         25:06:bb:c3:1a:08:2a:b8:ff:a4:70:cb:c8:a1:e5:0e:02:b6:
         1b:ef:86:12:e3:53:33:91:b3:88:7f:81:ea:8a:7e:e9:09:fe:
         ca:91:d9:c8:06:f6:03:d7:e1:58:08:d8:c1:6e:0a:54:4c:fe:
         87:4a:0d:2f:16:33:fe:ca:78:8f:16:e5:6f:df:cf:8c:0a:05:
         37:9e:3e:ef:62:ee:d6:a5:39:5c:21:70:b9:56:ee:d0:66:2a:
         d4:1e:d8:e7:ae:81:2b:11:78:90:e5:23:fe:d2:42:35:34:8d:
         28:4c:fd:3b:72:aa:9f:58:8d:d1:62:34:bb:a3:aa:aa:3a:dc:
         9f:4d:71:2c:fe:0b:40:34:1b:34:ac:42:81:3a:7e:6a:bf:92:
         ca:23:24:ad:c2:0a:c3:e3:cf:b6:13:19:24:57:55:60:c4:a5:
         7f:6e:10:d1:3a:e9:5a:ff:1b:16:0f:2f:27:dc:81:e4:7e:62:
         79:55:f4:26:0e:74:3e:62:ac:f0:4e:2a:d4:8d:83:f5:4e:3a:
         95:c7:65:8e:e5:28:94:5e:54:70:70:7a:53:af:24:8b:ee:2b:
         a9:43:36:4d
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQj18P55iV2M8MoTnRUOqH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTc2NGQ4ZDNhZTcyNWI0NWUwZDQ4MDdmNjEyZWMzZDFmMmEzZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6Q/E1c3K99P8ENLqkRW1YgL0LZH
DVQiAay490mqHMGP4Jzn4ra1vnGADxKRRf+X8Crx2BwOgUAgRG4wJDA3+TQ2yAOy
RJw3USaGeWIU8KwWWlyQOwPf1lZeIZLEVYqki8wVSDNmhwVfsVkyTye3f5K/SZAF
eW10UQoZxrQ7QUUwniQbYk3s1uV8O6q9bnw6awMPBQkSUxseEofSPcdZKNjvFefe
55B48C6tCQbrH04jTUm+Z2SLTqTpaEkBVB6xT2U9xMdYP4AR7zh16VKN5ObDQjmv
Wc+gWf3sEwK+R1LdLU/H+I5GtA9TET8tuJ6tcQSz0xIe03qSKzoOnaciSwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJp2TY065yW0Xg1IB/YS7D0fKj9PMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE4Lzg5YWZi
YS00ZmVkLTQyZWYtYTc1MS1mNWZmOWFmYzMyNjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvODlhZmJh
LTRmZWQtNDJlZi1hNzUxLWY1ZmY5YWZjMzI2Ni8xL21uWk5qVHJuSmJSZURVZ0g5
aExzUFI4cVAwOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDW2bQMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCjmDANBgkqhkiG9w0BAQsFAAOCAQEAS7UrJv1XKZ/jStPCq791OI0OkHfqo6+9
mQC9BcYvHe0GEorTJQa7wxoIKrj/pHDLyKHlDgK2G++GEuNTM5GziH+B6op+6Qn+
ypHZyAb2A9fhWAjYwW4KVEz+h0oNLxYz/sp4jxblb9/PjAoFN54+72Lu1qU5XCFw
uVbu0GYq1B7Y566BKxF4kOUj/tJCNTSNKEz9O3Kqn1iN0WI0u6Oqqjrcn01xLP4L
QDQbNKxCgTp+ar+SyiMkrcIKw+PPthMZJFdVYMSlf24Q0TrpWv8bFg8vJ9yB5H5i
eVX0Jg50PmKs8E4q1I2D9U46lcdljuUolF5UcHB6U68ki+4rqUM2TQ==
-----END CERTIFICATE-----