Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qQ35UgJATbHy5A7D3n7sON1qn-4.cer
File:                     qQ35UgJATbHy5A7D3n7sON1qn-4.cer (raw, json)
Hash identifier:          xDpcJLebTRTkLBAr/RaHuGumMRO5kuu8nrMHl5iwTYQ=
Subject key identifier:   A9:0D:F9:52:02:40:4D:B1:F2:E4:0E:C3:DE:7E:EC:38:DD:6A:9F:EE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01953D66EF4E2169D8CC487901596DD06D8B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/qQ35UgJATbHy5A7D3n7sON1qn-4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 25 Feb 2025 13:58:30 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214015
                          IP: 185.131.203.0/24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3d:66:ef:4e:21:69:d8:cc:48:79:01:59:6d:d0:6d:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 25 13:58:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a90df95202404db1f2e40ec3de7eec38dd6a9fee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:58:17:17:3f:6f:fc:b8:95:67:52:88:da:d0:
                    f8:cf:bb:e5:c2:8f:d4:0e:a2:5b:10:a7:f1:f2:58:
                    39:fc:55:79:1b:ea:e4:15:99:2e:5e:b0:f6:f9:24:
                    fa:f5:5c:76:76:9c:44:d2:6e:75:0d:fb:80:66:15:
                    7f:72:c2:ae:0c:a1:68:d8:bf:7b:c4:d6:97:73:fa:
                    d6:63:ac:fa:29:b2:a5:f8:5b:8a:37:40:b1:a5:4b:
                    77:1a:6f:f0:b0:6b:12:f1:36:39:96:c4:03:c8:e2:
                    ac:53:94:11:8a:c1:0e:9b:28:0a:43:48:9a:4e:a1:
                    46:de:b3:c1:81:64:f0:15:9e:dc:5e:46:d0:f3:f2:
                    1a:ac:39:08:20:38:9e:e0:39:ba:06:ea:5b:af:53:
                    59:c8:06:01:fd:b8:ef:2d:db:90:b6:fa:cc:a7:b1:
                    3d:df:33:0e:5d:0a:77:7b:78:33:35:00:f3:48:b3:
                    05:3b:04:8f:e6:ff:fc:59:95:e1:43:58:c9:0f:bb:
                    22:e5:4f:14:68:94:e3:c9:ac:93:33:b5:cd:b3:9c:
                    56:5b:84:ab:b7:83:3c:8e:35:fb:f2:61:e9:ca:d9:
                    83:2e:ba:22:e1:24:0d:ef:df:82:93:3f:fa:56:0a:
                    67:8d:ec:0a:59:f7:7e:94:69:c2:ae:c5:ac:3c:71:
                    46:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:0D:F9:52:02:40:4D:B1:F2:E4:0E:C3:DE:7E:EC:38:DD:6A:9F:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/qQ35UgJATbHy5A7D3n7sON1qn-4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.203.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214015

    Signature Algorithm: sha256WithRSAEncryption
         b0:3b:80:82:9d:a9:e1:f3:32:45:eb:c2:59:db:c4:e0:ce:ba:
         d4:4f:ec:2b:51:f1:d5:bf:b4:a5:cf:64:ca:eb:27:e7:d5:40:
         77:2b:22:42:50:09:5d:e0:2c:fd:6d:ee:4f:45:3b:a6:b6:24:
         8f:04:89:ba:50:11:c5:f8:d4:a8:55:6e:e0:af:e2:83:75:7e:
         47:4b:18:5f:a8:f9:75:91:7b:63:b9:f3:85:2d:fc:f3:f1:95:
         70:97:22:9a:8c:3e:7b:3f:9e:f6:dd:fc:1f:98:ad:f6:bf:a7:
         62:1a:03:d9:6f:75:c3:97:43:0d:c1:0e:79:33:b8:9e:c7:9c:
         5f:1d:6b:39:0e:76:35:ed:8b:ad:8c:a4:60:f8:c8:ad:a6:37:
         51:ee:69:a2:16:01:20:7f:d1:b5:62:c4:ee:17:51:67:5b:36:
         28:96:c3:4e:98:b0:75:4c:71:69:82:c3:5d:4c:da:ca:4a:cb:
         34:62:63:48:04:52:21:f5:a4:b3:c9:ba:51:03:61:7f:4d:af:
         33:83:b3:e0:18:c0:41:82:5b:48:1a:a3:50:1e:e8:67:78:f5:
         35:01:b7:ee:99:cf:ef:73:94:8a:f1:04:c9:86:67:fb:9f:66:
         53:67:93:59:16:a5:af:ca:34:d9:2e:b8:7e:64:2e:fd:7b:cd:
         0a:c5:e7:24
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZU9Zu9OIWnYzEh5AVlt0G2LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMjI1MTM1ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTBkZjk1MjAyNDA0ZGIxZjJlNDBlYzNkZTdlZWMzOGRkNmE5ZmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVgXFz9v/LiVZ1KI2tD4z7vlwo/U
DqJbEKfx8lg5/FV5G+rkFZkuXrD2+ST69Vx2dpxE0m51DfuAZhV/csKuDKFo2L97
xNaXc/rWY6z6KbKl+FuKN0CxpUt3Gm/wsGsS8TY5lsQDyOKsU5QRisEOmygKQ0ia
TqFG3rPBgWTwFZ7cXkbQ8/IarDkIIDie4Dm6Bupbr1NZyAYB/bjvLduQtvrMp7E9
3zMOXQp3e3gzNQDzSLMFOwSP5v/8WZXhQ1jJD7si5U8UaJTjyayTM7XNs5xWW4Sr
t4M8jjX78mHpytmDLroi4SQN79+Ckz/6VgpnjewKWfd+lGnCrsWsPHFGAwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKkN+VICQE2x8uQOw95+7Djdap/uMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg5L2Q4ZTMy
MC1hNTU1LTQwMWEtODBmZi1iZjczMWZlOTlkM2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODkvZDhlMzIw
LWE1NTUtNDAxYS04MGZmLWJmNzMxZmU5OWQzYS8xL3FRMzVVZ0pBVGJIeTVBN0Qz
bjdzT04xcW4tNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuYPLMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwND/zANBgkqhkiG9w0BAQsFAAOCAQEAsDuAgp2p4fMyRevCWdvE4M661E/sK1Hx
1b+0pc9kyusn59VAdysiQlAJXeAs/W3uT0U7prYkjwSJulARxfjUqFVu4K/ig3V+
R0sYX6j5dZF7Y7nzhS388/GVcJcimow+ez+e9t38H5it9r+nYhoD2W91w5dDDcEO
eTO4nsecXx1rOQ52Ne2LrYykYPjIraY3Ue5pohYBIH/RtWLE7hdRZ1s2KJbDTpiw
dUxxaYLDXUzaykrLNGJjSARSIfWks8m6UQNhf02vM4Oz4BjAQYJbSBqjUB7oZ3j1
NQG37pnP73OUivEEyYZn+59mU2eTWRalr8o02S64fmQu/XvNCsXnJA==
-----END CERTIFICATE-----