Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yri42pzNTSYbcq2gNKCHVmWmRIc.cer
File:                     yri42pzNTSYbcq2gNKCHVmWmRIc.cer (raw, json)
Hash identifier:          +NaamN05Jq3Kihk3fruF0GQ8wyyjUXFS3OqoxIASCQo=
Subject key identifier:   CA:B8:B8:DA:9C:CD:4D:26:1B:72:AD:A0:34:A0:87:56:65:A6:44:87
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221FD5D8707A63B61B74F6361248BF18
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9c/db41c9-e8a0-4f90-a0d5-887509c4602a/1/yri42pzNTSYbcq2gNKCHVmWmRIc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9c/db41c9-e8a0-4f90-a0d5-887509c4602a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:19 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 209492
                          IP: 171.22.84.0/22
                          IP: 2a09:3c40::/29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d5:d8:70:7a:63:b6:1b:74:f6:36:12:48:bf:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cab8b8da9ccd4d261b72ada034a0875665a64487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:34:d1:5d:5b:89:25:30:4b:1f:28:e6:cc:56:
                    f1:c0:6d:29:8a:ea:d6:ac:d7:64:63:f8:f1:0a:1a:
                    20:9b:8d:72:8a:4b:6e:83:ce:2d:56:fa:41:90:2b:
                    44:50:70:5a:7a:8d:20:79:b4:e9:83:40:73:28:eb:
                    f8:69:f1:b6:d7:4d:b8:69:49:42:5c:d5:69:bc:0b:
                    14:9c:ae:a8:ab:d4:ae:bc:48:d3:04:e5:f9:ce:75:
                    b7:4a:ba:e1:d0:a6:9e:3c:b1:cb:91:2e:e8:86:69:
                    d2:ab:4e:e7:59:93:23:33:22:50:d0:5f:75:b8:38:
                    65:f7:c4:82:6b:d7:4d:0e:7d:fe:b5:b0:a9:8d:87:
                    39:19:b9:9e:95:c7:50:2b:a1:ae:33:8d:c9:f1:2c:
                    9d:5c:f4:31:17:d9:2e:14:96:05:79:7f:12:23:27:
                    96:18:c0:68:2f:7d:49:0a:d6:63:cd:69:a0:8a:aa:
                    79:fd:bb:46:11:25:74:7b:a9:cd:16:24:a8:d1:17:
                    66:28:81:5f:24:28:77:32:db:53:28:d6:e7:27:22:
                    95:24:78:6a:56:40:4f:7e:ee:ed:aa:d9:16:ca:ec:
                    c5:8d:58:69:c3:19:b6:de:28:fc:6b:34:bf:d1:aa:
                    93:89:ed:a0:47:2a:c2:8d:1f:7d:cd:cc:2b:1a:3e:
                    ae:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:B8:B8:DA:9C:CD:4D:26:1B:72:AD:A0:34:A0:87:56:65:A6:44:87
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/db41c9-e8a0-4f90-a0d5-887509c4602a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/db41c9-e8a0-4f90-a0d5-887509c4602a/1/yri42pzNTSYbcq2gNKCHVmWmRIc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.84.0/22
                IPv6:
                  2a09:3c40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209492

    Signature Algorithm: sha256WithRSAEncryption
         1b:15:4f:24:98:18:91:f8:10:13:f5:25:ea:25:b8:0d:3d:6e:
         16:b2:dd:a1:95:a3:46:5b:41:65:89:db:1a:0e:5b:ba:da:f1:
         fb:57:27:2b:bc:02:99:ea:6a:0a:b7:bd:bc:a6:48:02:0a:4f:
         cd:ec:88:84:95:ac:8a:7b:90:54:dc:e7:83:43:7c:c5:18:8b:
         39:85:d1:37:de:0f:61:da:73:23:e0:cf:b4:5e:48:22:5c:66:
         e8:9d:2b:3a:39:ed:72:9f:da:7a:f6:08:7a:6c:e0:77:c9:0a:
         0b:a7:0f:9c:a5:14:11:69:d3:7f:4e:54:20:96:76:50:5a:bb:
         f9:2b:a1:ed:71:fc:f5:2b:9a:e5:61:e0:2e:35:ff:72:d4:f5:
         35:27:64:38:1b:d3:d5:63:a2:ac:cd:1c:4b:74:15:cf:15:c4:
         10:da:86:99:64:aa:3e:5f:35:55:7f:af:25:0b:98:ba:66:a2:
         d8:58:c2:dd:5d:2f:a9:c8:4a:50:97:19:b7:59:e1:51:5a:1b:
         0a:2d:96:45:29:35:ac:42:25:85:d4:f0:8b:b9:71:87:71:1a:
         02:7f:48:24:c1:ff:32:32:d9:76:1e:c4:69:53:bc:07:28:dc:
         d3:e2:94:b3:e9:9d:0e:8e:e3:4b:4c:af:b8:2b:8b:64:f4:37:
         68:35:e5:ab
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQiH9XYcHpjtht09jYSSL8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWI4YjhkYTljY2Q0ZDI2MWI3MmFkYTAzNGEwODc1NjY1YTY0NDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DTRXVuJJTBLHyjmzFbxwG0piurW
rNdkY/jxChogm41yiktug84tVvpBkCtEUHBaeo0gebTpg0BzKOv4afG21024aUlC
XNVpvAsUnK6oq9SuvEjTBOX5znW3Srrh0KaePLHLkS7ohmnSq07nWZMjMyJQ0F91
uDhl98SCa9dNDn3+tbCpjYc5GbmelcdQK6GuM43J8SydXPQxF9kuFJYFeX8SIyeW
GMBoL31JCtZjzWmgiqp5/btGESV0e6nNFiSo0RdmKIFfJCh3MttTKNbnJyKVJHhq
VkBPfu7tqtkWyuzFjVhpwxm23ij8azS/0aqTie2gRyrCjR99zcwrGj6ugwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFMq4uNqczU0mG3KtoDSgh1ZlpkSHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzljL2RiNDFj
OS1lOGEwLTRmOTAtYTBkNS04ODc1MDljNDYwMmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZGI0MWM5
LWU4YTAtNGY5MC1hMGQ1LTg4NzUwOWM0NjAyYS8xL3lyaTQycHpOVFNZYmNxMmdO
S0NIVm1XbVJJYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCqxZUMA0EAgACMAcDBQMqCTxAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMyVDANBgkqhkiG9w0BAQsFAAOCAQEAGxVPJJgYkfgQ
E/Ul6iW4DT1uFrLdoZWjRltBZYnbGg5butrx+1cnK7wCmepqCre9vKZIAgpPzeyI
hJWsinuQVNzng0N8xRiLOYXRN94PYdpzI+DPtF5IIlxm6J0rOjntcp/aevYIemzg
d8kKC6cPnKUUEWnTf05UIJZ2UFq7+Suh7XH89Sua5WHgLjX/ctT1NSdkOBvT1WOi
rM0cS3QVzxXEENqGmWSqPl81VX+vJQuYumai2FjC3V0vqchKUJcZt1nhUVobCi2W
RSk1rEIlhdTwi7lxh3EaAn9IJMH/MjLZdh7EaVO8Byjc0+KUs+mdDo7jS0yvuCuL
ZPQ3aDXlqw==
-----END CERTIFICATE-----