Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qk1y7NwVN4vnF7tMoJcQcNV2SaM.cer
File:                     qk1y7NwVN4vnF7tMoJcQcNV2SaM.cer (raw, json)
Hash identifier:          xFm388zYcEGghDzCighfwD5Z69sJn2fUphAL+RKXVT4=
Subject key identifier:   AA:4D:72:EC:DC:15:37:8B:E7:17:BB:4C:A0:97:10:70:D5:76:49:A3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA7D89874EE5AFA9B12FC0B4DA27C0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/88/507a57-4a62-4b95-b1a3-b4057621bba6/1/qk1y7NwVN4vnF7tMoJcQcNV2SaM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/88/507a57-4a62-4b95-b1a3-b4057621bba6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215662
                          IP: 45.85.152.0/22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7d:89:87:4e:e5:af:a9:b1:2f:c0:b4:da:27:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa4d72ecdc15378be717bb4ca0971070d57649a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:54:e2:10:87:c4:94:e2:41:8a:76:83:54:a5:
                    1e:48:30:d7:9c:04:be:01:be:f7:96:cd:2b:c6:26:
                    a8:8c:fa:66:9a:e7:86:7a:b9:c3:2f:bd:1f:f8:81:
                    a7:16:10:36:10:31:5b:bb:af:74:d3:f5:5c:a8:d7:
                    4c:bf:e2:e6:24:d8:ea:fc:08:16:95:ad:60:0f:49:
                    65:0c:34:0c:f7:85:7f:1e:43:50:73:24:55:1f:a7:
                    cd:58:82:3c:b6:4a:9e:aa:12:dc:56:db:1c:f3:a8:
                    dc:ac:c0:eb:ce:74:19:9e:27:ec:2c:14:79:0e:25:
                    5c:81:bb:be:40:e7:ee:d2:60:60:f7:8c:db:c7:7b:
                    3f:2b:a5:95:5e:d1:c7:f3:8a:db:69:cf:55:68:a2:
                    8f:8d:62:cf:1d:19:3d:43:32:be:d7:20:5a:e0:e3:
                    f5:77:30:ea:16:c7:9d:1d:28:da:14:eb:fd:cf:85:
                    81:b2:ee:09:52:73:ef:47:70:32:bd:ad:26:12:9e:
                    ec:d8:6d:b4:14:dd:0d:db:b7:9e:5f:b3:39:67:d0:
                    a7:c8:14:45:37:9a:94:cd:e2:1f:5c:a0:66:f3:64:
                    a3:c6:3a:57:f1:0d:04:c8:15:2c:a8:c5:37:f1:27:
                    f3:e1:51:d0:85:8e:1a:e5:37:23:4a:f9:90:39:ad:
                    8f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4D:72:EC:DC:15:37:8B:E7:17:BB:4C:A0:97:10:70:D5:76:49:A3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/507a57-4a62-4b95-b1a3-b4057621bba6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/507a57-4a62-4b95-b1a3-b4057621bba6/1/qk1y7NwVN4vnF7tMoJcQcNV2SaM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.152.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215662

    Signature Algorithm: sha256WithRSAEncryption
         77:d3:69:29:4c:ec:b8:fc:f9:1f:d0:8d:a2:e7:cb:b9:d4:b3:
         de:96:a7:59:c9:6f:b0:a0:b7:59:22:e0:b4:2a:cf:d6:cd:05:
         01:8c:0e:bd:39:8b:1a:1d:df:9d:2a:49:f6:dd:4b:86:29:a2:
         55:bc:54:4a:2f:ff:29:f5:2d:ed:81:35:55:59:c9:6c:83:48:
         44:73:d7:c8:c5:59:e8:36:82:bc:93:7d:4b:62:09:b4:59:52:
         c7:60:89:32:00:b1:84:5a:a8:52:1d:5f:28:53:d4:d8:b0:c7:
         c8:55:80:7d:0d:68:42:c7:0c:50:2b:4f:21:6f:f8:09:c9:3f:
         cb:64:74:e5:7c:fe:e4:8d:23:3c:ea:b5:44:f0:eb:1e:69:8f:
         20:ef:73:29:52:42:82:e4:96:c0:92:ac:f2:70:b0:e0:51:cb:
         f0:40:ee:76:40:58:b1:64:d5:fc:65:e7:05:6b:aa:91:5e:7f:
         31:57:4d:4d:e7:03:6e:10:63:44:ed:5a:35:ef:dc:9b:33:21:
         fa:d1:d1:eb:b3:db:14:97:af:15:73:70:49:04:73:9c:89:2f:
         ad:8f:8f:5b:51:0b:c4:4f:55:82:47:94:90:d8:21:42:2c:98:
         f2:1e:12:d0:b6:7a:a6:1c:2e:6f:28:33:70:8b:9c:1e:ad:31:
         9d:95:3f:a1
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQf+n2Jh07lr6mxL8C02ifAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTRkNzJlY2RjMTUzNzhiZTcxN2JiNGNhMDk3MTA3MGQ1NzY0OWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFTiEIfElOJBinaDVKUeSDDXnAS+
Ab73ls0rxiaojPpmmueGernDL70f+IGnFhA2EDFbu6900/VcqNdMv+LmJNjq/AgW
la1gD0llDDQM94V/HkNQcyRVH6fNWII8tkqeqhLcVtsc86jcrMDrznQZnifsLBR5
DiVcgbu+QOfu0mBg94zbx3s/K6WVXtHH84rbac9VaKKPjWLPHRk9QzK+1yBa4OP1
dzDqFsedHSjaFOv9z4WBsu4JUnPvR3Ayva0mEp7s2G20FN0N27eeX7M5Z9CnyBRF
N5qUzeIfXKBm82SjxjpX8Q0EyBUsqMU38Sfz4VHQhY4a5TcjSvmQOa2P6wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKpNcuzcFTeL5xe7TKCXEHDVdkmjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg4LzUwN2E1
Ny00YTYyLTRiOTUtYjFhMy1iNDA1NzYyMWJiYTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgvNTA3YTU3
LTRhNjItNGI5NS1iMWEzLWI0MDU3NjIxYmJhNi8xL3FrMXk3TndWTjR2bkY3dE1v
SmNRY05WMlNhTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLVWYMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNKbjANBgkqhkiG9w0BAQsFAAOCAQEAd9NpKUzsuPz5H9CNoufLudSz3panWclv
sKC3WSLgtCrP1s0FAYwOvTmLGh3fnSpJ9t1LhimiVbxUSi//KfUt7YE1VVnJbINI
RHPXyMVZ6DaCvJN9S2IJtFlSx2CJMgCxhFqoUh1fKFPU2LDHyFWAfQ1oQscMUCtP
IW/4Cck/y2R05Xz+5I0jPOq1RPDrHmmPIO9zKVJCguSWwJKs8nCw4FHL8EDudkBY
sWTV/GXnBWuqkV5/MVdNTecDbhBjRO1aNe/cmzMh+tHR67PbFJevFXNwSQRznIkv
rY+PW1ELxE9VgkeUkNghQiyY8h4S0LZ6phwubygzcIucHq0xnZU/oQ==
-----END CERTIFICATE-----