Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/oz7sA-oSJxMni0Bm7PK_6qFWPA0.cer
File:                     oz7sA-oSJxMni0Bm7PK_6qFWPA0.cer (raw, json)
Hash identifier:          LDd12erZak5qAF8gmRfs2WRE0s8fcY//2PV8r0QzuT8=
Subject key identifier:   A3:3E:EC:03:EA:12:27:13:27:8B:40:66:EC:F2:BF:EA:A1:56:3C:0D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C7E9E98B2457B4956303421324962
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/oz7sA-oSJxMni0Bm7PK_6qFWPA0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:48:08 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208933
                          IP: 45.15.28.0/22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7e:9e:98:b2:45:7b:49:56:30:34:21:32:49:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a33eec03ea122713278b4066ecf2bfeaa1563c0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:92:c9:58:f5:f3:27:fa:2b:e7:23:5d:91:7c:
                    a9:e0:c0:50:7b:b1:f8:86:cb:8c:ec:c6:de:32:76:
                    22:8d:b1:79:5f:2c:01:cd:9d:45:0c:a3:63:4f:60:
                    ea:1b:07:15:b8:4c:0e:ce:72:a8:06:60:cd:ba:43:
                    d8:3c:bf:39:b0:7d:7a:37:7d:a8:ef:0e:3b:a6:e8:
                    0c:d4:36:d9:c9:f9:28:d9:37:e9:f9:df:70:16:94:
                    aa:b9:e5:85:11:6e:48:18:f4:96:62:c6:7f:25:d8:
                    88:68:f8:48:89:ae:0c:93:e0:26:02:92:71:a2:26:
                    69:13:2c:2a:43:ca:09:5e:d2:ee:cb:92:62:30:32:
                    20:aa:24:0f:64:b9:6f:c2:4f:02:92:49:e5:2a:f0:
                    07:42:9e:7c:96:48:33:47:21:27:3c:26:9c:3f:50:
                    03:7d:10:b1:60:1c:18:fc:6c:b3:43:79:4e:6d:0f:
                    b3:bb:f1:2f:0f:05:1e:6e:24:95:6f:f4:77:02:6d:
                    1c:1c:0b:c7:c3:60:6f:78:7d:bf:ef:3b:f8:89:45:
                    19:db:20:2e:e3:ea:b0:d6:da:98:3a:b8:c8:bd:e4:
                    ea:02:27:8b:1b:7f:9b:3f:b1:ab:d5:00:11:e8:ee:
                    99:4b:2a:62:9c:60:a0:dd:c7:e3:09:29:02:7a:aa:
                    57:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:3E:EC:03:EA:12:27:13:27:8B:40:66:EC:F2:BF:EA:A1:56:3C:0D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/oz7sA-oSJxMni0Bm7PK_6qFWPA0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.28.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208933

    Signature Algorithm: sha256WithRSAEncryption
         14:d3:8f:d6:dd:e7:60:5e:7d:41:21:bc:72:46:1e:32:09:78:
         70:1f:4c:0d:2d:6c:b4:6d:68:a6:94:2b:64:12:f5:a1:5b:d6:
         9d:48:68:01:7f:5c:52:14:7f:8d:e2:41:41:af:28:d4:e1:c6:
         d5:7c:63:a9:74:ab:f1:03:8e:0a:8f:62:a9:9c:df:76:0a:96:
         eb:d0:36:80:77:c4:0f:d5:40:35:25:ed:59:51:2e:29:b1:30:
         0c:3c:f1:07:43:85:a0:89:38:25:36:6f:d5:08:67:ce:bf:06:
         37:7a:e4:d2:29:93:23:2e:44:db:70:a3:a1:4b:e3:57:92:cf:
         5e:3d:fd:eb:f9:a2:0f:f5:1c:16:de:95:62:e1:ff:35:e8:3b:
         1c:39:dd:5a:e3:a6:34:18:aa:a5:52:aa:c7:30:11:90:f2:f0:
         f7:73:fe:67:69:ab:16:74:3d:50:e1:e4:48:bc:eb:22:31:22:
         ff:55:6e:89:38:e8:67:1c:0f:53:d0:23:e9:3f:be:f4:b8:36:
         fe:67:96:f8:56:2f:c3:c5:9d:4e:44:18:88:9a:d1:eb:3e:46:
         83:a4:26:d3:2b:76:14:f3:88:76:f8:20:5d:10:30:cd:74:2b:
         51:f0:9e:e1:9b:67:aa:e2:6d:98:ff:7b:fe:4d:99:58:b3:73:
         0b:65:eb:51
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQfjH6emLJFe0lWMDQhMkliMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzNlZWMwM2VhMTIyNzEzMjc4YjQwNjZlY2YyYmZlYWExNTYzYzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpLJWPXzJ/or5yNdkXyp4MBQe7H4
hsuM7MbeMnYijbF5XywBzZ1FDKNjT2DqGwcVuEwOznKoBmDNukPYPL85sH16N32o
7w47pugM1DbZyfko2Tfp+d9wFpSqueWFEW5IGPSWYsZ/JdiIaPhIia4Mk+AmApJx
oiZpEywqQ8oJXtLuy5JiMDIgqiQPZLlvwk8CkknlKvAHQp58lkgzRyEnPCacP1AD
fRCxYBwY/GyzQ3lObQ+zu/EvDwUebiSVb/R3Am0cHAvHw2BveH2/7zv4iUUZ2yAu
4+qw1tqYOrjIveTqAieLG3+bP7Gr1QAR6O6ZSypinGCg3cfjCSkCeqpXKwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKM+7APqEicTJ4tAZuzyv+qhVjwNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAxL2VlM2Fj
MC1iZTMzLTRhMzctYTBkNy01OWE1ZWUzYWQ5YTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDEvZWUzYWMw
LWJlMzMtNGEzNy1hMGQ3LTU5YTVlZTNhZDlhOC8xL296N3NBLW9TSnhNbmkwQm03
UEtfNnFGV1BBMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLQ8cMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMwJTANBgkqhkiG9w0BAQsFAAOCAQEAFNOP1t3nYF59QSG8ckYeMgl4cB9MDS1s
tG1oppQrZBL1oVvWnUhoAX9cUhR/jeJBQa8o1OHG1XxjqXSr8QOOCo9iqZzfdgqW
69A2gHfED9VANSXtWVEuKbEwDDzxB0OFoIk4JTZv1Qhnzr8GN3rk0imTIy5E23Cj
oUvjV5LPXj396/miD/UcFt6VYuH/Neg7HDndWuOmNBiqpVKqxzARkPLw93P+Z2mr
FnQ9UOHkSLzrIjEi/1VuiTjoZxwPU9Aj6T++9Lg2/meW+FYvw8WdTkQYiJrR6z5G
g6Qm0yt2FPOIdvggXRAwzXQrUfCe4ZtnquJtmP97/k2ZWLNzC2XrUQ==
-----END CERTIFICATE-----