Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
File:                     nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer (raw, json)
Hash identifier:          uK1jouA59k5pJv6yKU7d3+dCH37hr+YNK1ZVw2bzAc4=
Subject key identifier:   9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D624675589FD5A5D2C198AEA951C72
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:12 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208342
                          IP: 45.13.12.0/22
                          IP: 2a0e:cf00::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:24:67:55:89:fd:5a:5d:2c:19:8a:ea:95:1c:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e42ca46688a837b575234ce6a1a326587d6c204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3d:68:90:af:83:67:71:dd:93:59:c2:c6:b1:
                    83:a3:81:4a:97:43:b2:03:7b:49:e0:38:f4:65:33:
                    6f:c1:a1:b0:6c:f4:7a:37:2f:13:7d:c1:23:f9:28:
                    26:66:d8:11:a4:fe:ec:7f:13:6b:47:eb:f5:bf:79:
                    0a:d4:8c:9b:c8:83:a8:10:a6:ec:de:fc:91:4e:07:
                    f5:c1:39:3f:b2:25:3b:b4:0a:65:3b:9b:d6:12:6b:
                    6a:9a:23:ac:1b:d1:31:e2:f1:70:03:74:a2:ac:a8:
                    13:23:a1:53:c0:bb:e9:9d:d2:c5:99:4c:37:f2:b3:
                    80:4e:6f:7f:ca:c7:fc:6d:e8:a0:98:49:3a:f8:90:
                    04:c7:43:93:6a:77:ee:9e:24:18:52:9b:7d:9d:c7:
                    90:f3:73:0d:34:f2:66:1f:d0:70:c8:b3:4f:48:d4:
                    1f:01:5b:52:e6:d2:8c:15:eb:61:b7:6e:61:02:22:
                    5b:2f:ad:d7:a9:69:63:76:8d:8f:fc:24:65:61:d4:
                    91:ba:65:07:82:d1:99:e3:9d:89:3a:87:1e:3d:9c:
                    54:e7:98:27:29:60:43:d4:b3:d7:69:b3:13:34:57:
                    61:e0:c6:0a:f4:bc:24:d9:76:65:a9:d7:4a:14:8e:
                    2a:5a:65:0f:26:3b:c6:0b:9d:24:76:cf:50:99:6e:
                    c4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.12.0/22
                IPv6:
                  2a0e:cf00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208342

    Signature Algorithm: sha256WithRSAEncryption
         5c:ae:0b:20:95:82:84:04:38:fb:f3:7b:e6:89:f6:de:fe:de:
         5e:53:d6:8c:03:7c:88:73:a8:6f:49:92:54:8b:cb:68:30:07:
         cc:ff:45:f7:a1:4f:ec:48:70:88:2a:85:65:96:fd:36:ad:18:
         a9:83:6b:d6:cc:bc:73:1b:d5:98:0e:ce:c6:4f:fb:6a:a9:df:
         c5:1f:fc:b0:30:6b:4a:55:2a:e1:cc:b6:fd:a2:d3:fb:1f:18:
         78:38:24:a6:7b:60:67:33:5c:ca:b9:f8:e7:f9:c9:6c:7f:2e:
         7f:8d:69:92:62:b0:0e:ae:f6:e0:6a:9b:fa:16:bf:3e:b5:39:
         b7:c3:80:59:3f:e0:ee:03:4b:8d:da:be:c5:b5:8d:96:e5:ed:
         f8:44:04:fa:48:d2:03:73:8c:ee:b3:a7:cb:fd:04:d3:c4:b3:
         07:f9:ee:e3:6e:e4:d8:14:4e:f0:e7:8d:7a:89:de:07:c2:1c:
         0d:52:22:fd:66:34:d7:d5:56:24:4f:5b:e7:dd:7d:db:d8:d3:
         c6:0d:2e:d8:e3:d7:65:b1:41:b4:c6:8b:7b:43:35:32:2e:96:
         4b:07:8f:b6:2b:d1:55:5b:4d:d7:64:d3:d1:b3:c1:a4:76:e3:
         29:f2:22:db:ea:b8:b7:7a:8b:95:6d:6c:78:0e:91:d7:94:8a:
         06:83:e8:da
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQg1iRnVYn9Wl0sGYrqlRxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQyY2E0NjY4OGE4MzdiNTc1MjM0Y2U2YTFhMzI2NTg3ZDZjMjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsT1okK+DZ3Hdk1nCxrGDo4FKl0Oy
A3tJ4Dj0ZTNvwaGwbPR6Ny8TfcEj+SgmZtgRpP7sfxNrR+v1v3kK1IybyIOoEKbs
3vyRTgf1wTk/siU7tAplO5vWEmtqmiOsG9Ex4vFwA3SirKgTI6FTwLvpndLFmUw3
8rOATm9/ysf8beigmEk6+JAEx0OTanfuniQYUpt9nceQ83MNNPJmH9BwyLNPSNQf
AVtS5tKMFetht25hAiJbL63XqWljdo2P/CRlYdSRumUHgtGZ452JOocePZxU55gn
KWBD1LPXabMTNFdh4MYK9Lwk2XZlqddKFI4qWmUPJjvGC50kds9QmW7EQQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFJ5CykZoioN7V1I0zmoaMmWH1sIEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRkL2VlMjc5
My1hMGM5LTQyZGMtYTZhMi0zMjliYTM4OGI3Y2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQvZWUyNzkz
LWEwYzktNDJkYy1hNmEyLTMyOWJhMzg4YjdjZi8xL25rTEtSbWlLZzN0WFVqVE9h
aG95WllmV3dnUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLQ0MMA0EAgACMAcDBQMqDs8AMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMt1jANBgkqhkiG9w0BAQsFAAOCAQEAXK4LIJWChAQ4
+/N75on23v7eXlPWjAN8iHOob0mSVIvLaDAHzP9F96FP7EhwiCqFZZb9Nq0YqYNr
1sy8cxvVmA7Oxk/7aqnfxR/8sDBrSlUq4cy2/aLT+x8YeDgkpntgZzNcyrn45/nJ
bH8uf41pkmKwDq724Gqb+ha/PrU5t8OAWT/g7gNLjdq+xbWNluXt+EQE+kjSA3OM
7rOny/0E08SzB/nu427k2BRO8OeNeoneB8IcDVIi/WY019VWJE9b591929jTxg0u
2OPXZbFBtMaLe0M1Mi6WSwePtivRVVtN12TT0bPBpHbjKfIi2+q4t3qLlW1seA6R
15SKBoPo2g==
-----END CERTIFICATE-----