Certificate

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/2A1A6172DA4C339FD787467E26F92A11E75DBBB3.cer
File:                     2A1A6172DA4C339FD787467E26F92A11E75DBBB3.cer (raw, json)
Hash identifier:          naBJHt+Wrwa73zdbboukHVFPi1P/jvBILkB0bW9bf7Q=
Subject key identifier:   2A:1A:61:72:DA:4C:33:9F:D7:87:46:7E:26:F9:2A:11:E7:5D:BB:B3
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Certificate issuer:       /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial:       73D56450E50B531052FDD9F1DA4EA2A498561F24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Manifest:                 rsync://rpki.netiface.net/repo/Apricot/1/2A1A6172DA4C339FD787467E26F92A11E75DBBB3.mft
caRepository:             rsync://rpki.netiface.net/repo/Apricot/1/
Notify URL:               https://rpki.netiface.net/rrdp/notification.xml
Certificate not before:   Thu 08 Feb 2024 19:42:25 +0000
Certificate not after:    Thu 06 Feb 2025 19:47:25 +0000
Subordinate resources:    IP: 2a13:df87:2000::/36
                          IP: 2a13:df87:b400::/38

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:d5:64:50:e5:0b:53:10:52:fd:d9:f1:da:4e:a2:a4:98:56:1f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
        Validity
            Not Before: Feb  8 19:42:25 2024 GMT
            Not After : Feb  6 19:47:25 2025 GMT
        Subject: CN=2A1A6172DA4C339FD787467E26F92A11E75DBBB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:dc:47:71:55:ee:d2:59:dd:9e:aa:5f:d8:ae:
                    45:cd:8d:36:5f:84:01:21:15:c4:3a:ae:cc:6b:39:
                    01:01:83:1d:39:be:3b:90:f6:f3:3b:1c:90:60:93:
                    37:4b:fc:1e:23:71:2a:32:aa:32:46:d4:fc:7f:bc:
                    38:36:13:08:67:79:c8:8e:30:4a:46:0a:36:8b:f4:
                    6a:1a:7c:51:00:64:f6:7f:b7:cd:cf:17:a8:de:68:
                    b5:28:bf:b9:af:e4:db:8a:9f:4b:51:fb:50:c5:c0:
                    cc:3a:b0:03:e6:bd:62:3b:09:71:ea:2f:76:7b:68:
                    4b:0c:2e:2b:fc:b3:b9:40:53:b6:8a:43:c7:37:ac:
                    5f:7f:79:41:80:74:7e:ce:31:d4:bc:a0:ea:15:29:
                    53:58:34:9b:cc:56:bb:fa:24:94:be:d6:34:b6:50:
                    f3:d2:4e:33:88:d6:cb:7d:a6:d0:62:78:dc:2f:a3:
                    92:c7:53:99:33:b1:ff:c1:be:3b:61:90:68:89:12:
                    53:4d:e5:cd:3a:44:5c:e3:44:76:91:8b:b4:9d:d3:
                    cf:45:62:dc:b9:cd:9f:e1:a3:f5:7b:c2:08:93:04:
                    73:dd:98:c9:e3:51:81:60:f3:28:e9:8d:27:2e:4e:
                    d8:bd:39:a6:75:5f:c2:50:b3:1c:bd:eb:97:ae:e6:
                    4e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                2A:1A:61:72:DA:4C:33:9F:D7:87:46:7E:26:F9:2A:11:E7:5D:BB:B3
            X509v3 Authority Key Identifier:
                keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.netiface.net/repo/Apricot/1/
                RPKI Manifest - URI:rsync://rpki.netiface.net/repo/Apricot/1/2A1A6172DA4C339FD787467E26F92A11E75DBBB3.mft
                RPKI Notify - URI:https://rpki.netiface.net/rrdp/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:df87:2000::/36
                  2a13:df87:b400::/38

    Signature Algorithm: sha256WithRSAEncryption
         8c:71:c2:d7:e0:c8:ee:4b:74:03:cb:37:df:b1:1d:78:0c:63:
         a3:71:23:4c:0d:b2:9d:39:11:76:7a:6f:5b:6a:3d:8f:ed:4f:
         f2:84:e8:62:1c:e5:53:cf:21:9c:42:ac:07:a5:a4:8f:6c:1a:
         2d:e3:b7:1c:73:de:9f:0a:52:60:60:68:29:6b:24:09:8f:41:
         e4:73:0a:82:f3:d1:ae:2a:2a:8d:60:6d:a3:0e:f3:84:ac:2d:
         49:59:4f:d8:37:97:a2:ea:cf:4e:4d:82:a1:24:77:fc:a4:a3:
         41:b4:78:3b:98:13:fe:96:ec:a5:d4:e6:40:f8:3f:2c:05:a5:
         b6:66:f7:46:d1:34:9e:02:b3:59:64:a0:09:c5:1d:c9:c1:7e:
         a3:5b:43:2c:3b:b5:68:e9:9c:2e:04:8c:af:93:b4:67:d9:33:
         41:61:cc:c3:5b:d2:7e:93:22:89:bc:87:5b:9e:e1:99:9f:ae:
         42:6f:bc:90:44:9a:d5:04:ee:20:01:31:39:f7:21:87:11:96:
         22:0f:ab:0c:cf:48:25:51:38:6b:76:1b:86:00:70:66:98:22:
         3a:6b:08:e9:e5:c3:8e:1d:e9:06:e5:8c:71:fd:f9:1a:62:85:
         a2:60:23:41:fc:25:58:01:75:54:69:8a:07:03:38:47:f5:e3:
         48:3b:99:cb
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgIUc9VkUOULUxBS/dnx2k6ipJhWHyQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDAyMDgxOTQyMjVaFw0yNTAyMDYxOTQ3MjVaMDMxMTAvBgNV
BAMTKDJBMUE2MTcyREE0QzMzOUZENzg3NDY3RTI2RjkyQTExRTc1REJCQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf3EdxVe7SWd2eql/YrkXNjTZf
hAEhFcQ6rsxrOQEBgx05vjuQ9vM7HJBgkzdL/B4jcSoyqjJG1Px/vDg2EwhneciO
MEpGCjaL9GoafFEAZPZ/t83PF6jeaLUov7mv5NuKn0tR+1DFwMw6sAPmvWI7CXHq
L3Z7aEsMLiv8s7lAU7aKQ8c3rF9/eUGAdH7OMdS8oOoVKVNYNJvMVrv6JJS+1jS2
UPPSTjOI1st9ptBieNwvo5LHU5kzsf/BvjthkGiJElNN5c06RFzjRHaRi7Sd089F
Yty5zZ/ho/V7wgiTBHPdmMnjUYFg8yjpjScuTti9OaZ1X8JQsxy965eu5k57AgMB
AAGjggKSMIICjjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQqGmFy2kwzn9eH
Rn4m+SoR5127szAfBgNVHSMEGDAWgBTVw9XnD8mtELqQ1F3GZFTp46FGqDAOBgNV
HQ8BAf8EBAMCAQYwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8wNDAzMmM4Zi0xZDU3LTRj
M2ItOTA0My1hMGU3ZmViZjE2N2QvMC9ENUMzRDVFNzBGQzlBRDEwQkE5MEQ0NURD
NjY0NTRFOUUzQTE0NkE4LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKG
SHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWNQVjV3
X0pyUkM2a05SZHhtUlU2ZU9oUnFnLmNlcjCB5wYIKwYBBQUHAQsEgdowgdcwNQYI
KwYBBQUHMAWGKXJzeW5jOi8vcnBraS5uZXRpZmFjZS5uZXQvcmVwby9BcHJpY290
LzEvMGEGCCsGAQUFBzAKhlVyc3luYzovL3Jwa2kubmV0aWZhY2UubmV0L3JlcG8v
QXByaWNvdC8xLzJBMUE2MTcyREE0QzMzOUZENzg3NDY3RTI2RjkyQTExRTc1REJC
QjMubWZ0MDsGCCsGAQUFBzANhi9odHRwczovL3Jwa2kubmV0aWZhY2UubmV0L3Jy
ZHAvbm90aWZpY2F0aW9uLnhtbDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCkG
CCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKhPfhyADBgIqE9+HtDANBgkqhkiG
9w0BAQsFAAOCAQEAjHHC1+DI7kt0A8s337EdeAxjo3EjTA2ynTkRdnpvW2o9j+1P
8oToYhzlU88hnEKsB6Wkj2waLeO3HHPenwpSYGBoKWskCY9B5HMKgvPRrioqjWBt
ow7zhKwtSVlP2DeXourPTk2CoSR3/KSjQbR4O5gT/pbspdTmQPg/LAWltmb3RtE0
ngKzWWSgCcUdycF+o1tDLDu1aOmcLgSMr5O0Z9kzQWHMw1vSfpMiibyHW57hmZ+u
Qm+8kESa1QTuIAExOfchhxGWIg+rDM9IJVE4a3YbhgBwZpgiOmsI6eXDjh3pBuWM
cf35GmKFomAjQfwlWAF1VGmKBwM4R/XjSDuZyw==
-----END CERTIFICATE-----