Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a7D6l-Rwgts6zznDajLiopbMLA.cer
File:                     1a7D6l-Rwgts6zznDajLiopbMLA.cer (raw, json)
Hash identifier:          iqXiqdSAC953Vez9n+wXdGgoygOSEwybOuRXDdsYrpE=
Subject key identifier:   D5:AE:C3:EA:5F:91:C2:0B:6C:EB:3C:E7:0D:A8:CB:8A:8A:5B:30:B0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       98B4455968
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://nostromo.heficed.net/repo/1123852/0/D5AEC3EA5F91C20B6CEB3CE70DA8CB8A8A5B30B0.mft
caRepository:             rsync://nostromo.heficed.net/repo/1123852/0/
Notify URL:               https://nostromo.heficed.net/rrdp/notification.xml
Certificate not before:   Sat 01 Jan 2022 00:00:47 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    IP: 193.29.42.0/24
                          IP: 193.29.177.0/24
                          IP: 193.29.189.0/24
                          IP: 193.29.251.0/24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 655859472744 (0x98b4455968)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:00:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d5aec3ea5f91c20b6ceb3ce70da8cb8a8a5b30b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e9:c7:a1:81:6b:f3:84:8a:50:f7:f7:e0:19:
                    ff:8a:49:7f:8f:b4:dc:be:a4:bd:b9:30:61:28:c6:
                    fa:90:43:c1:29:30:1e:b5:c1:1e:97:aa:5b:4f:68:
                    80:35:13:00:df:ed:9f:a7:c8:53:a7:cd:e0:5e:e2:
                    65:2f:19:75:c1:0e:13:46:ea:4b:bc:a5:03:4e:dd:
                    c7:01:d1:4f:0c:e7:fc:1c:3e:ae:61:2a:71:b6:5e:
                    6e:6d:03:4c:0a:6a:bc:da:04:23:b8:f0:c7:40:12:
                    90:4f:f5:b2:27:60:5d:f7:6d:1a:78:ee:0d:e1:e0:
                    51:78:ad:8f:a9:20:f9:9e:bc:9b:ac:8d:75:60:2b:
                    38:c9:d3:ef:ae:f0:16:f6:cb:19:41:b0:8f:a5:95:
                    df:c7:c4:a3:89:7e:c1:4a:63:84:24:65:be:20:a9:
                    d0:c7:23:8c:18:85:8b:de:22:b8:ae:a3:fa:4d:62:
                    a1:cf:2e:77:39:16:23:ad:6d:df:8c:a1:23:99:25:
                    b4:36:b9:cb:3f:05:bd:cc:72:99:3b:f1:9f:2f:17:
                    db:6d:be:6f:ae:bf:be:f2:bd:6d:c9:21:05:07:93:
                    0b:1f:ce:fe:26:24:25:ca:c5:c8:c1:30:82:ed:4c:
                    dd:66:48:6f:4e:54:46:dd:eb:54:56:2e:4e:30:32:
                    b4:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:AE:C3:EA:5F:91:C2:0B:6C:EB:3C:E7:0D:A8:CB:8A:8A:5B:30:B0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://nostromo.heficed.net/repo/1123852/0/
                RPKI Manifest - URI:rsync://nostromo.heficed.net/repo/1123852/0/D5AEC3EA5F91C20B6CEB3CE70DA8CB8A8A5B30B0.mft
                RPKI Notify - URI:https://nostromo.heficed.net/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.42.0/24
                  193.29.177.0/24
                  193.29.189.0/24
                  193.29.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:80:bf:b6:03:0d:ec:0e:c5:c2:25:a3:60:74:71:78:e5:0f:
         a5:10:90:77:64:f5:28:52:7a:5d:fb:60:3b:e2:71:e2:36:42:
         71:5c:68:9b:04:c4:b0:d2:78:6d:ed:88:2e:2f:f6:c4:89:88:
         41:12:46:4c:33:8d:65:c4:a8:e1:24:7a:9b:19:f0:a5:68:de:
         d0:4c:2e:f9:ef:a1:b9:0b:ab:66:13:85:53:de:d7:f3:88:59:
         83:fe:a4:be:e2:43:6d:a8:f1:28:2b:b4:34:02:af:68:35:b1:
         e6:b4:04:4e:67:38:6f:e1:ce:1f:56:8a:80:92:8c:41:67:0d:
         01:45:05:3e:60:c8:14:5d:6a:ca:3d:b1:1e:c4:a0:e6:99:9f:
         1c:0e:40:74:56:1b:3d:32:18:95:6f:37:42:51:a0:bb:98:d4:
         df:6d:17:c6:d4:d0:3c:77:f2:05:f0:ae:8e:80:c2:a0:c1:12:
         18:0b:5d:eb:5b:09:0c:83:ed:d0:c1:52:e7:5e:43:6b:43:12:
         2e:31:ca:82:6a:c4:25:e2:99:fc:3c:5e:19:07:88:2c:13:e3:
         c5:5f:12:21:ea:34:01:d7:2d:6f:aa:d8:7e:a3:fd:eb:3e:17:
         c2:8a:25:57:dc:f4:3d:ef:02:01:da:b6:15:73:77:03:ef:ec:
         8d:d1:39:2c
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgIGAJi0RVloMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDAwMDQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhkNWFlYzNlYTVm
OTFjMjBiNmNlYjNjZTcwZGE4Y2I4YThhNWIzMGIwMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAp+nHoYFr84SKUPf34Bn/ikl/j7TcvqS9uTBhKMb6kEPB
KTAetcEel6pbT2iANRMA3+2fp8hTp83gXuJlLxl1wQ4TRupLvKUDTt3HAdFPDOf8
HD6uYSpxtl5ubQNMCmq82gQjuPDHQBKQT/WyJ2Bd920aeO4N4eBReK2PqSD5nryb
rI11YCs4ydPvrvAW9ssZQbCPpZXfx8SjiX7BSmOEJGW+IKnQxyOMGIWL3iK4rqP6
TWKhzy53ORYjrW3fjKEjmSW0NrnLPwW9zHKZO/GfLxfbbb5vrr++8r1tySEFB5ML
H87+JiQlysXIwTCC7UzdZkhvTlRG3etUVi5OMDK0fwIDAQABo4ICYjCCAl4wHQYD
VR0OBBYEFNWuw+pfkcILbOs85w2oy4qKWzCwMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
gfAGCCsGAQUFBwELBIHjMIHgMDgGCCsGAQUFBzAFhixyc3luYzovL25vc3Ryb21v
LmhlZmljZWQubmV0L3JlcG8vMTEyMzg1Mi8wLzBkBggrBgEFBQcwCoZYcnN5bmM6
Ly9ub3N0cm9tby5oZWZpY2VkLm5ldC9yZXBvLzExMjM4NTIvMC9ENUFFQzNFQTVG
OTFDMjBCNkNFQjNDRTcwREE4Q0I4QThBNUIzMEIwLm1mdDA+BggrBgEFBQcwDYYy
aHR0cHM6Ly9ub3N0cm9tby5oZWZpY2VkLm5ldC9ycmRwL25vdGlmaWNhdGlvbi54
bWwwWQYDVR0fBFIwUDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9z
aXRvcnkvREVGQVVMVC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgAB
MBgDBADBHSoDBADBHbEDBADBHb0DBADBHfswDQYJKoZIhvcNAQELBQADggEBAFSA
v7YDDewOxcIlo2B0cXjlD6UQkHdk9ShSel37YDviceI2QnFcaJsExLDSeG3tiC4v
9sSJiEESRkwzjWXEqOEkepsZ8KVo3tBMLvnvobkLq2YThVPe1/OIWYP+pL7iQ22o
8SgrtDQCr2g1sea0BE5nOG/hzh9WioCSjEFnDQFFBT5gyBRdaso9sR7EoOaZnxwO
QHRWGz0yGJVvN0JRoLuY1N9tF8bU0Dx38gXwro6AwqDBEhgLXetbCQyD7dDBUude
Q2tDEi4xyoJqxCXimfw8XhkHiCwT48VfEiHqNAHXLW+q2H6j/es+F8KKJVfc9D3v
AgHathVzdwPv7I3ROSw=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:44:53 2023 by rpki-client on console-fra.rpki-client.org