Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
File:                     rAzRozjr9ceVLrmh8AYFSfk0CtY.cer (raw, json)
Hash identifier:          hD9Q4QB19anBeFNlIMsQqn4H/r+KiYyyWThDbXd1+Sc=
Subject key identifier:   AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424448185C6B8FA8D064008AFFC7F2CA0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:47:36 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 60688
                          IP: 185.27.196.0/22
                          IP: 2a00:92e0::/32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:81:85:c6:b8:fa:8d:06:40:08:af:fc:7f:2c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:bd:c4:3c:7d:e4:5b:84:af:44:4f:ee:8b:6a:
                    36:c5:a4:ed:6c:15:e8:21:1a:ff:46:22:d4:7a:8b:
                    9e:59:d5:8f:23:4c:4e:ea:9d:c7:7c:a2:c5:af:21:
                    f5:41:c8:b6:ac:a1:d6:eb:c1:1b:eb:31:31:5a:be:
                    95:09:97:06:3a:3b:f6:3b:8e:99:1d:01:ef:d3:14:
                    0a:cc:55:6c:ff:70:fd:4a:d3:57:2a:fe:a4:7a:c2:
                    40:0f:ae:77:41:bb:a1:a3:6b:b0:5a:fe:1e:28:33:
                    10:08:e5:30:02:e9:77:2d:c8:57:5c:f3:e3:8d:d0:
                    2e:7e:4e:df:73:79:9c:7b:46:2a:e5:55:2f:81:7c:
                    bf:f6:35:e8:12:06:f6:c6:ec:29:4a:66:52:51:f0:
                    08:9b:ac:0c:0c:cf:07:3b:e3:f9:01:b4:e3:f9:6c:
                    81:5b:1a:64:04:c3:30:c7:c5:09:dc:37:5e:d3:84:
                    16:e3:4d:01:31:f9:76:8b:fb:d8:15:c6:90:25:48:
                    0d:24:52:6a:aa:94:41:29:13:07:3d:37:a7:47:fb:
                    26:c5:0c:90:53:8b:3f:95:22:eb:d5:58:04:d0:9f:
                    dd:88:cb:6a:65:aa:df:63:94:28:36:76:13:6d:a8:
                    45:91:e9:bb:b7:cb:1f:8d:3d:55:0d:bd:7d:81:af:
                    cc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.196.0/22
                IPv6:
                  2a00:92e0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  60688

    Signature Algorithm: sha256WithRSAEncryption
         31:e6:c1:ce:f5:85:7b:8b:65:fd:0f:00:0b:09:8a:d3:9f:f5:
         b3:3d:64:96:66:c5:2d:29:69:e4:92:6c:e1:72:97:02:93:f5:
         76:e4:54:96:55:91:03:c8:57:d8:56:bd:9d:7f:9e:e5:6c:1a:
         1b:03:ba:20:d3:bc:63:a4:d9:e2:f1:b4:3c:ab:9b:ab:f4:9b:
         5c:03:3a:e6:35:6d:39:33:1a:42:1d:06:82:f8:3f:b7:27:c0:
         db:24:df:85:75:0c:cd:50:0b:cd:73:a2:c7:94:18:15:e2:b2:
         2c:57:4e:5c:81:21:89:50:7d:bf:5a:89:d5:f5:c5:7c:02:9d:
         5e:46:4a:5e:d3:72:66:09:f6:6a:e9:45:15:1a:1e:47:f1:b0:
         cf:52:30:a0:92:91:c9:e2:26:70:1a:66:e0:95:6b:62:5d:f4:
         77:d1:04:15:f1:55:40:63:d1:e1:64:b6:16:f5:99:73:e9:e7:
         e5:0d:73:c5:b7:87:da:c9:7d:db:be:f0:d2:e0:18:bd:a2:f2:
         31:19:9a:fb:a2:c0:60:1d:c9:60:6b:e2:ad:75:9e:8f:83:2e:
         95:e7:19:bc:95:29:6a:42:de:27:ef:ae:b4:d6:4b:a3:43:88:
         9b:01:16:bb:48:5a:a0:58:4e:83:2e:60:2d:45:3e:5d:fc:ec:
         db:b4:ed:38
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQkRIGFxrj6jQZACK/8fyygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzBjZDFhMzM4ZWJmNWM3OTUyZWI5YTFmMDA2MDU0OWY5MzQwYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAob3EPH3kW4SvRE/ui2o2xaTtbBXo
IRr/RiLUeoueWdWPI0xO6p3HfKLFryH1Qci2rKHW68Eb6zExWr6VCZcGOjv2O46Z
HQHv0xQKzFVs/3D9StNXKv6kesJAD653Qbuho2uwWv4eKDMQCOUwAul3LchXXPPj
jdAufk7fc3mce0Yq5VUvgXy/9jXoEgb2xuwpSmZSUfAIm6wMDM8HO+P5AbTj+WyB
WxpkBMMwx8UJ3Dde04QW400BMfl2i/vYFcaQJUgNJFJqqpRBKRMHPTenR/smxQyQ
U4s/lSLr1VgE0J/diMtqZarfY5QoNnYTbahFkem7t8sfjT1VDb19ga/MRQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFKwM0aM46/XHlS65ofAGBUn5NArWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzLzBjNWVj
MS05YzNkLTQxNjItOTgwNC1hMzM1MThiZGQ4ZmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMvMGM1ZWMx
LTljM2QtNDE2Mi05ODA0LWEzMzUxOGJkZDhmZS8xL3JBelJvempyOWNlVkxybWg4
QVlGU2ZrMEN0WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuRvEMA0EAgACMAcDBQAqAJLgMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDtEDANBgkqhkiG9w0BAQsFAAOCAQEAMebBzvWFe4tl
/Q8ACwmK05/1sz1klmbFLSlp5JJs4XKXApP1duRUllWRA8hX2Fa9nX+e5WwaGwO6
INO8Y6TZ4vG0PKubq/SbXAM65jVtOTMaQh0Ggvg/tyfA2yTfhXUMzVALzXOix5QY
FeKyLFdOXIEhiVB9v1qJ1fXFfAKdXkZKXtNyZgn2aulFFRoeR/Gwz1IwoJKRyeIm
cBpm4JVrYl30d9EEFfFVQGPR4WS2FvWZc+nn5Q1zxbeH2sl9277w0uAYvaLyMRma
+6LAYB3JYGvirXWej4MulecZvJUpakLeJ++utNZLo0OImwEWu0haoFhOgy5gLUU+
Xfzs27TtOA==
-----END CERTIFICATE-----