Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zxhBQM0aIj9ji3mW9UifSF2O5ic.cer
File:                     zxhBQM0aIj9ji3mW9UifSF2O5ic.cer (raw, json)
Hash identifier:          cPnAhIvPPG/N6ED4e88+7Ll/jZgMpK5icsXVisFUh0w=
Subject key identifier:   CF:18:41:40:CD:1A:22:3F:63:8B:79:96:F5:48:9F:48:5D:8E:E6:27
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3921D9C7BAC0C1E244683DD63FFBB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/07bf29-07d1-4daf-b3bb-cbfb2c7fbadd/1/zxhBQM0aIj9ji3mW9UifSF2O5ic.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/07bf29-07d1-4daf-b3bb-cbfb2c7fbadd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215457
                          IP: 31.128.56.0/22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:92:1d:9c:7b:ac:0c:1e:24:46:83:dd:63:ff:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf184140cd1a223f638b7996f5489f485d8ee627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f1:7c:2d:39:dc:75:8b:3b:e1:25:20:2a:e8:
                    65:12:de:3a:af:62:ef:d2:76:bd:a6:88:88:17:12:
                    cd:0d:f5:cb:a7:d2:32:a4:b2:9b:1e:3e:44:6a:68:
                    17:9c:aa:ec:ca:11:7b:70:5a:43:aa:67:64:72:10:
                    e1:ae:83:d0:46:da:8c:4a:fe:c9:55:8d:26:ce:58:
                    ef:43:66:5c:b8:b2:f7:e2:db:12:f0:54:e5:e6:ed:
                    b2:26:61:fb:19:da:f5:73:64:62:03:9f:41:c0:ba:
                    08:eb:0e:3a:ce:a3:43:c5:3d:e2:26:5b:11:78:ec:
                    32:b2:ae:02:ea:da:09:0c:5d:c8:8d:17:38:76:06:
                    3e:9f:68:f8:85:4f:80:9f:96:18:1d:af:90:7c:84:
                    40:15:bc:43:05:4a:78:34:20:4e:8b:2e:77:87:a1:
                    93:eb:24:6f:1e:83:bd:54:3d:55:0c:c8:72:e2:7e:
                    44:90:79:90:ee:43:1a:00:fa:32:21:43:9f:d7:9f:
                    6f:8b:44:30:1c:39:8e:d6:be:c1:67:71:b8:a3:45:
                    5f:a1:de:26:91:c3:b6:7d:5e:91:93:22:e0:ae:88:
                    44:1c:ee:65:06:b3:75:87:98:a5:c9:9d:25:21:b6:
                    38:9b:ab:bb:76:9d:a4:16:62:27:9b:6f:ec:af:97:
                    d6:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:18:41:40:CD:1A:22:3F:63:8B:79:96:F5:48:9F:48:5D:8E:E6:27
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/07bf29-07d1-4daf-b3bb-cbfb2c7fbadd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/07bf29-07d1-4daf-b3bb-cbfb2c7fbadd/1/zxhBQM0aIj9ji3mW9UifSF2O5ic.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.56.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215457

    Signature Algorithm: sha256WithRSAEncryption
         73:0b:cc:2b:4f:ab:42:17:7b:db:b9:f5:3d:4d:94:49:0e:e4:
         59:2d:e6:a4:85:1d:9f:76:12:3e:f7:47:27:68:c7:a9:2e:58:
         21:df:f8:c0:7f:61:2e:1f:51:3b:08:2e:f7:7e:ba:dc:27:f3:
         93:bd:bd:e7:d0:30:c4:27:52:21:01:a9:bf:c6:03:24:98:d5:
         85:9e:98:79:98:7d:9e:7c:4b:72:b9:6d:4d:db:2b:12:6c:a0:
         04:6e:a1:d5:a4:46:15:a7:72:05:ae:70:f6:44:28:41:51:9e:
         55:0d:b2:55:44:6c:9d:34:0c:83:fa:f2:3e:ed:13:34:d3:3d:
         1d:af:a9:ed:9b:73:1d:6d:7f:eb:dd:43:f3:01:ed:73:dd:be:
         4c:5c:25:f1:cf:94:93:8b:10:eb:03:bb:05:ec:51:ff:f6:d4:
         b1:30:70:52:37:4a:9f:08:a6:95:20:b9:2d:72:4f:3f:b3:36:
         dd:23:d4:4d:91:c8:a1:24:d3:5f:12:0d:90:24:ae:dc:06:34:
         ed:4d:97:8f:ba:c0:17:ca:dd:fc:19:90:06:e4:3a:7c:66:6c:
         2e:fa:d1:64:68:6a:24:91:eb:79:8a:6a:a1:01:de:8b:4c:8d:
         f9:9f:7b:3d:f7:1f:bc:d8:9a:ab:0a:53:b8:9a:73:d1:76:e0:
         f2:64:16:4b
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQks5IdnHusDB4kRoPdY/+7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjE4NDE0MGNkMWEyMjNmNjM4Yjc5OTZmNTQ4OWY0ODVkOGVlNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvF8LTncdYs74SUgKuhlEt46r2Lv
0na9poiIFxLNDfXLp9IypLKbHj5EamgXnKrsyhF7cFpDqmdkchDhroPQRtqMSv7J
VY0mzljvQ2ZcuLL34tsS8FTl5u2yJmH7Gdr1c2RiA59BwLoI6w46zqNDxT3iJlsR
eOwysq4C6toJDF3IjRc4dgY+n2j4hU+An5YYHa+QfIRAFbxDBUp4NCBOiy53h6GT
6yRvHoO9VD1VDMhy4n5EkHmQ7kMaAPoyIUOf159vi0QwHDmO1r7BZ3G4o0Vfod4m
kcO2fV6RkyLgrohEHO5lBrN1h5ilyZ0lIbY4m6u7dp2kFmInm2/sr5fWeQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFM8YQUDNGiI/Y4t5lvVIn0hdjuYnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwLzA3YmYy
OS0wN2QxLTRkYWYtYjNiYi1jYmZiMmM3ZmJhZGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvMDdiZjI5
LTA3ZDEtNGRhZi1iM2JiLWNiZmIyYzdmYmFkZC8xL3p4aEJRTTBhSWo5amkzbVc5
VWlmU0YyTzVpYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCH4A4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNJoTANBgkqhkiG9w0BAQsFAAOCAQEAcwvMK0+rQhd727n1PU2USQ7kWS3mpIUd
n3YSPvdHJ2jHqS5YId/4wH9hLh9ROwgu93663Cfzk72959AwxCdSIQGpv8YDJJjV
hZ6YeZh9nnxLcrltTdsrEmygBG6h1aRGFadyBa5w9kQoQVGeVQ2yVURsnTQMg/ry
Pu0TNNM9Ha+p7ZtzHW1/691D8wHtc92+TFwl8c+Uk4sQ6wO7BexR//bUsTBwUjdK
nwimlSC5LXJPP7M23SPUTZHIoSTTXxINkCSu3AY07U2Xj7rAF8rd/BmQBuQ6fGZs
LvrRZGhqJJHreYpqoQHei0yN+Z97PfcfvNiaqwpTuJpz0Xbg8mQWSw==
-----END CERTIFICATE-----