Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tUSbCOpqJn33NmpolcfJJMLxkm0.cer
File:                     tUSbCOpqJn33NmpolcfJJMLxkm0.cer (raw, json)
Hash identifier:          CZLyFfgxGz0CVre4+BFa2CmB7mnHAXTZ8X4uhG3NYng=
Subject key identifier:   B5:44:9B:08:EA:6A:26:7D:F7:36:6A:68:95:C7:C9:24:C2:F1:92:6D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019527BD2D6B254F66CEAAB9CFA9B8AF35FC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/37/6c0b54-b06e-4d44-8120-370b8688feaf/1/tUSbCOpqJn33NmpolcfJJMLxkm0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/37/6c0b54-b06e-4d44-8120-370b8688feaf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 21 Feb 2025 09:01:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 30891
                          IP: 91.245.223.0/24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:27:bd:2d:6b:25:4f:66:ce:aa:b9:cf:a9:b8:af:35:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 21 09:01:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5449b08ea6a267df7366a6895c7c924c2f1926d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c2:f4:2f:bb:74:34:4c:73:38:9e:7b:c4:d5:
                    5c:95:17:16:8c:a2:e2:5c:f3:ac:20:da:ad:86:57:
                    9f:2f:6a:37:2d:0f:54:f8:fe:77:ee:b7:f1:11:67:
                    07:d6:15:8f:e4:29:24:c7:c6:0f:03:80:75:74:fb:
                    2c:e9:63:65:78:d6:43:a6:70:f7:0f:e7:69:22:ae:
                    36:7d:ad:40:23:e8:e6:30:1e:cf:d1:49:f3:05:b0:
                    f4:29:f7:0f:66:a7:b7:11:6c:98:86:ab:de:6c:6e:
                    58:04:29:f8:d4:08:5f:92:de:d4:94:d9:82:83:fa:
                    45:4f:ed:07:8e:97:0c:3e:3c:49:f8:1e:0a:ff:27:
                    57:dd:e6:23:da:6b:a2:4f:58:8c:2f:30:6a:4e:e3:
                    d5:dc:87:48:04:3b:1b:fc:6d:eb:be:4c:2a:d6:eb:
                    38:21:77:70:26:c0:34:65:78:44:5c:9b:ee:c2:a1:
                    4a:a9:bc:a4:93:18:95:c6:03:ec:f1:af:fa:86:50:
                    cc:51:c5:d4:83:31:f7:70:c2:64:f1:6d:a6:0a:a7:
                    79:8f:14:b1:9e:53:45:6b:a9:f6:76:3a:f4:c6:fe:
                    a8:b7:d4:5c:16:a3:06:fe:e8:a6:92:35:91:f4:70:
                    90:68:dd:b0:63:19:17:3b:15:81:cd:56:1a:ba:36:
                    bd:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:44:9B:08:EA:6A:26:7D:F7:36:6A:68:95:C7:C9:24:C2:F1:92:6D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/6c0b54-b06e-4d44-8120-370b8688feaf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/6c0b54-b06e-4d44-8120-370b8688feaf/1/tUSbCOpqJn33NmpolcfJJMLxkm0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.223.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  30891

    Signature Algorithm: sha256WithRSAEncryption
         7c:ae:ce:20:c7:90:59:d7:35:9e:5d:90:18:1b:4f:88:bd:ee:
         c7:85:d4:7b:51:b8:b0:3e:1c:92:55:86:88:2d:56:75:b4:bc:
         6e:9e:7c:62:e6:29:69:d2:04:23:8b:93:96:09:f6:91:92:ae:
         5e:67:27:67:6f:b1:f0:43:61:0a:0d:bf:db:19:0f:e2:21:47:
         cd:22:b6:67:c0:06:08:6e:fb:df:4b:6d:54:d5:ca:65:e1:9f:
         a5:d6:37:52:d8:03:92:55:bb:91:d3:ed:7c:20:01:c6:f7:e4:
         cd:b4:47:c1:be:e9:a9:25:35:05:e8:ab:70:c7:13:cd:6e:e2:
         a6:d7:60:df:da:91:c4:83:89:e1:51:1d:7f:f4:69:3c:00:9a:
         b5:a7:af:34:f3:fc:22:c5:cf:e8:71:98:27:6e:f8:83:b2:4c:
         3a:93:ea:d8:13:96:84:9b:04:6f:e9:95:0f:0b:06:d7:f8:85:
         35:70:52:46:c6:44:5f:02:da:35:a8:0f:64:81:be:fc:61:7c:
         b9:4d:d8:d4:34:5a:10:5c:92:08:9a:a4:5f:be:84:0f:18:4b:
         62:88:65:07:41:c4:d2:36:08:bf:a3:95:1f:3c:01:26:a4:57:
         cf:9d:85:00:ad:2f:dc:7c:6b:c9:f3:78:bf:c6:b0:65:d8:d6:
         10:e2:55:7d
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZUnvS1rJU9mzqq5z6m4rzX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMjIxMDkwMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQ0OWIwOGVhNmEyNjdkZjczNjZhNjg5NWM3YzkyNGMyZjE5MjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8L0L7t0NExzOJ57xNVclRcWjKLi
XPOsINqthlefL2o3LQ9U+P537rfxEWcH1hWP5Ckkx8YPA4B1dPss6WNleNZDpnD3
D+dpIq42fa1AI+jmMB7P0UnzBbD0KfcPZqe3EWyYhqvebG5YBCn41Ahfkt7UlNmC
g/pFT+0HjpcMPjxJ+B4K/ydX3eYj2muiT1iMLzBqTuPV3IdIBDsb/G3rvkwq1us4
IXdwJsA0ZXhEXJvuwqFKqbykkxiVxgPs8a/6hlDMUcXUgzH3cMJk8W2mCqd5jxSx
nlNFa6n2djr0xv6ot9RcFqMG/uimkjWR9HCQaN2wYxkXOxWBzVYauja9ZwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFLVEmwjqaiZ99zZqaJXHySTC8ZJtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM3LzZjMGI1
NC1iMDZlLTRkNDQtODEyMC0zNzBiODY4OGZlYWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvNmMwYjU0
LWIwNmUtNGQ0NC04MTIwLTM3MGI4Njg4ZmVhZi8xL3RVU2JDT3BxSm4zM05tcG9s
Y2ZKSk1MeGttMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW/XfMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AnirMA0GCSqGSIb3DQEBCwUAA4IBAQB8rs4gx5BZ1zWeXZAYG0+Ive7HhdR7Ubiw
PhySVYaILVZ1tLxunnxi5ilp0gQji5OWCfaRkq5eZydnb7HwQ2EKDb/bGQ/iIUfN
IrZnwAYIbvvfS21U1cpl4Z+l1jdS2AOSVbuR0+18IAHG9+TNtEfBvumpJTUF6Ktw
xxPNbuKm12Df2pHEg4nhUR1/9Gk8AJq1p6808/wixc/ocZgnbviDskw6k+rYE5aE
mwRv6ZUPCwbX+IU1cFJGxkRfAto1qA9kgb78YXy5TdjUNFoQXJIImqRfvoQPGEti
iGUHQcTSNgi/o5UfPAEmpFfPnYUArS/cfGvJ83i/xrBl2NYQ4lV9
-----END CERTIFICATE-----