Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vKoRRq_U9F8RcJWhWn3gu_l4FEo.cer
File:                     vKoRRq_U9F8RcJWhWn3gu_l4FEo.cer (raw, json)
Hash identifier:          hJfqWu/Uy6745PjIWQqypBArcq9JbVUlCBVmlLVS7xQ=
Subject key identifier:   BC:AA:11:46:AF:D4:F4:5F:11:70:95:A1:5A:7D:E0:BB:F9:78:14:4A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019580E5F55E534A6F3B8A9784E32984B08E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/14/688e37-d942-486a-a932-5893bb7761cd/1/vKoRRq_U9F8RcJWhWn3gu_l4FEo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/14/688e37-d942-486a-a932-5893bb7761cd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 10 Mar 2025 16:31:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213603
                          IP: 2a14:ab00::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:80:e5:f5:5e:53:4a:6f:3b:8a:97:84:e3:29:84:b0:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 10 16:31:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bcaa1146afd4f45f117095a15a7de0bbf978144a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5a:af:b9:4e:af:26:1b:fc:13:70:70:ca:55:
                    fa:1c:f9:3b:49:36:bb:cc:3e:bc:81:3f:16:db:51:
                    ad:22:88:a0:e3:9c:70:9c:cb:0e:90:72:a9:9e:eb:
                    79:26:be:c4:cb:a9:e4:f4:ae:9e:75:54:73:23:c8:
                    bd:91:f3:57:91:99:91:50:28:72:3e:36:8d:4f:f5:
                    1b:6a:7c:d5:db:88:3f:12:d9:3b:44:e3:44:5b:e6:
                    31:cd:cb:b4:85:f4:b7:a5:f9:a8:39:3b:8a:be:d6:
                    8e:0f:29:e4:02:7b:fd:d4:32:4f:33:24:9b:25:de:
                    ae:24:96:aa:c2:11:1a:7b:cc:c4:fd:25:2a:eb:82:
                    5e:3f:0f:bd:b8:94:20:5f:ad:97:12:0b:55:17:52:
                    88:7e:7c:7c:e5:89:14:dd:66:fd:56:44:4b:28:27:
                    c5:c5:2b:05:e9:fb:c2:64:1e:90:91:2e:ea:b1:77:
                    30:81:83:0a:00:c4:26:eb:52:8a:c9:14:e0:78:5b:
                    af:b9:ee:dc:9f:3d:2e:d5:6e:c5:2e:0e:c4:69:af:
                    67:ee:ed:38:5c:c0:78:74:1e:ed:e8:46:dc:f2:40:
                    49:66:f1:2e:1b:b2:75:d0:9b:94:80:a5:43:38:39:
                    d8:99:60:32:a7:83:a1:66:f8:91:03:f5:76:0b:26:
                    18:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:AA:11:46:AF:D4:F4:5F:11:70:95:A1:5A:7D:E0:BB:F9:78:14:4A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/688e37-d942-486a-a932-5893bb7761cd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/688e37-d942-486a-a932-5893bb7761cd/1/vKoRRq_U9F8RcJWhWn3gu_l4FEo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ab00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213603

    Signature Algorithm: sha256WithRSAEncryption
         99:df:b5:f5:88:d7:76:e0:94:46:48:e3:d0:68:e0:fe:33:85:
         5a:0b:f9:85:56:90:f3:93:3b:06:55:f2:88:0e:ea:8a:65:44:
         02:24:44:63:34:e8:cf:af:31:f0:3d:70:8f:53:c7:05:24:af:
         9f:99:11:72:9f:0f:84:dd:09:1c:03:f1:76:0d:fd:6a:db:d9:
         cb:9d:b1:55:98:1c:04:fc:fa:1a:ae:f3:b8:81:a5:e6:b1:07:
         ad:2e:c4:0b:0b:01:92:05:95:67:b2:fc:ca:16:8a:11:61:74:
         2a:1e:b0:3f:ce:8c:a5:9c:a2:3c:2e:ff:60:09:a4:bf:25:9d:
         d2:19:bc:f7:07:db:5e:67:47:da:5b:f4:c2:ae:ef:2c:f6:45:
         91:83:66:90:a5:9b:c1:80:c9:4e:67:15:3f:4a:42:af:12:99:
         fe:de:d6:be:1a:aa:f4:1b:6d:92:8f:b6:84:81:0f:a9:4c:c5:
         02:b8:dc:aa:59:11:33:7b:43:47:90:d7:8f:a7:63:a1:0a:12:
         31:8a:2a:65:11:f8:07:b0:a0:6c:f9:ec:37:26:58:e1:e1:57:
         2d:57:64:25:29:28:3b:26:27:b6:55:cf:75:e6:82:c9:3b:d2:
         7a:76:09:31:bc:6b:40:26:cc:8b:7e:05:68:b2:25:a0:cf:65:
         4b:ab:18:6e
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZWA5fVeU0pvO4qXhOMphLCOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMzEwMTYzMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2FhMTE0NmFmZDRmNDVmMTE3MDk1YTE1YTdkZTBiYmY5NzgxNDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFqvuU6vJhv8E3BwylX6HPk7STa7
zD68gT8W21GtIoig45xwnMsOkHKpnut5Jr7Ey6nk9K6edVRzI8i9kfNXkZmRUChy
PjaNT/UbanzV24g/Etk7RONEW+Yxzcu0hfS3pfmoOTuKvtaODynkAnv91DJPMySb
Jd6uJJaqwhEae8zE/SUq64JePw+9uJQgX62XEgtVF1KIfnx85YkU3Wb9VkRLKCfF
xSsF6fvCZB6QkS7qsXcwgYMKAMQm61KKyRTgeFuvue7cnz0u1W7FLg7Eaa9n7u04
XMB4dB7t6Ebc8kBJZvEuG7J10JuUgKVDODnYmWAyp4OhZviRA/V2CyYYQwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFLyqEUav1PRfEXCVoVp94Lv5eBRKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE0LzY4OGUz
Ny1kOTQyLTQ4NmEtYTkzMi01ODkzYmI3NzYxY2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQvNjg4ZTM3
LWQ5NDItNDg2YS1hOTMyLTU4OTNiYjc3NjFjZC8xL3ZLb1JScV9VOUY4UmNKV2hX
bjNndV9sNEZFby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhSrADAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDQmMwDQYJKoZIhvcNAQELBQADggEBAJnftfWI13bglEZI49Bo4P4zhVoL+YVW
kPOTOwZV8ogO6oplRAIkRGM06M+vMfA9cI9TxwUkr5+ZEXKfD4TdCRwD8XYN/Wrb
2cudsVWYHAT8+hqu87iBpeaxB60uxAsLAZIFlWey/MoWihFhdCoesD/OjKWcojwu
/2AJpL8lndIZvPcH215nR9pb9MKu7yz2RZGDZpClm8GAyU5nFT9KQq8Smf7e1r4a
qvQbbZKPtoSBD6lMxQK43KpZETN7Q0eQ14+nY6EKEjGKKmUR+AewoGz57DcmWOHh
Vy1XZCUpKDsmJ7ZVz3Xmgsk70np2CTG8a0AmzIt+BWiyJaDPZUurGG4=
-----END CERTIFICATE-----