Certificate

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/749282E9AF88D3EC461A32FE84F0AEA353C62B66.cer
File:                     749282E9AF88D3EC461A32FE84F0AEA353C62B66.cer (raw, json)
Hash identifier:          a7rKZ0nobxD3ttWWIuIxsos+OkwF7W3iRUhOd4xxjxY=
Subject key identifier:   74:92:82:E9:AF:88:D3:EC:46:1A:32:FE:84:F0:AE:A3:53:C6:2B:66
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Certificate issuer:       /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial:       11A2CA2D666768F4A313AA67F80585E2CF174D10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd3/2/749282E9AF88D3EC461A32FE84F0AEA353C62B66.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd3/2/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 13 Mar 2024 16:51:43 +0000
Certificate not after:    Wed 12 Mar 2025 16:56:43 +0000
Subordinate resources:    IP: 2a13:df87:1000::/38
                          IP: 2a13:df87:7000::/36
                          IP: 2a13:df87:b800::/38

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:a2:ca:2d:66:67:68:f4:a3:13:aa:67:f8:05:85:e2:cf:17:4d:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
        Validity
            Not Before: Mar 13 16:51:43 2024 GMT
            Not After : Mar 12 16:56:43 2025 GMT
        Subject: CN=749282E9AF88D3EC461A32FE84F0AEA353C62B66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d8:0f:71:e4:ca:82:34:f1:d8:09:61:ba:cf:
                    38:b7:f6:41:65:d8:de:9c:ff:26:16:ce:74:26:73:
                    93:e0:23:e6:3e:d2:f3:ce:0e:c7:bf:32:93:9d:df:
                    a7:80:50:69:df:8e:52:ef:a9:fc:00:72:e2:bd:bd:
                    6a:c6:82:bb:ce:80:73:86:33:01:d0:22:97:d3:de:
                    e8:ba:10:66:d7:54:99:2a:ff:e3:81:77:f4:0f:4e:
                    68:57:22:f6:c5:cd:43:c8:65:19:27:a3:38:e1:15:
                    79:8b:49:b6:10:ab:3c:87:bd:73:98:6c:d3:9f:5f:
                    fb:f5:05:81:5a:9b:65:c4:56:e8:7b:16:6d:1d:e7:
                    b4:d8:09:4a:fa:b2:63:45:c1:8e:20:40:3d:a1:99:
                    af:27:a8:00:b4:bf:2e:7c:95:9a:bd:08:ab:11:a0:
                    47:b8:47:2e:3b:bb:af:4d:78:49:7d:a2:ed:aa:d6:
                    73:29:c1:c4:a7:02:ba:d9:80:76:63:1c:8b:62:79:
                    23:12:e2:4d:63:ec:8c:8c:d2:e9:8e:15:f0:3d:6f:
                    e4:a8:c8:24:8a:34:2c:37:8d:6c:86:4b:5e:c3:fa:
                    29:c2:b4:1f:13:ff:ac:1e:e7:57:3e:27:57:bf:46:
                    aa:28:e9:8b:98:38:91:9b:5e:52:7d:d0:93:84:6e:
                    28:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                74:92:82:E9:AF:88:D3:EC:46:1A:32:FE:84:F0:AE:A3:53:C6:2B:66
            X509v3 Authority Key Identifier:
                keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd3/2/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd3/2/749282E9AF88D3EC461A32FE84F0AEA353C62B66.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:df87:1000::/38
                  2a13:df87:7000::/36
                  2a13:df87:b800::/38

    Signature Algorithm: sha256WithRSAEncryption
         03:d6:a6:f8:e6:cc:50:63:e7:4a:65:50:d2:aa:2c:a5:6c:65:
         d8:4d:d5:5b:6a:8c:c1:71:c9:62:ac:58:e6:88:c1:2e:4b:9a:
         e8:c0:f9:ae:5d:e8:e3:29:d3:0b:0d:df:bb:5d:d7:72:42:d1:
         76:5b:14:8a:c0:1a:ae:31:df:ae:13:15:d7:37:aa:db:d3:f1:
         81:63:78:89:9f:5b:d2:71:52:f3:8e:0b:70:ab:02:0b:e7:f1:
         e1:ae:8c:c5:66:ee:8b:7f:2e:23:37:2c:39:00:0d:70:8a:80:
         e1:16:5f:65:7e:6e:74:73:b8:95:84:f2:aa:e3:dc:2f:2c:10:
         ee:63:12:da:e4:5f:16:60:62:7f:35:99:ce:32:f2:34:a7:4f:
         90:b4:5e:69:5d:f0:e8:57:e6:77:c4:3f:0c:47:82:bf:6d:ff:
         a6:8e:79:1d:db:a5:4f:b5:2f:73:b7:ba:b1:87:ff:7e:00:34:
         0a:f1:38:f9:c7:f1:75:25:50:df:87:34:17:6f:af:d4:6c:3e:
         d6:2a:c9:05:0a:5c:ba:27:98:2a:50:bb:59:6a:ee:68:bc:7e:
         3f:f2:da:ef:da:9f:2f:cf:49:9b:b0:cc:e5:ee:44:16:70:b0:
         64:72:1c:67:3f:5e:ca:5a:31:c7:8c:2d:f6:ab:8d:09:00:d6:
         d9:9d:4a:af
-----BEGIN CERTIFICATE-----
MIIF6TCCBNGgAwIBAgIUEaLKLWZnaPSjE6pn+AWF4s8XTRAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDAzMTMxNjUxNDNaFw0yNTAzMTIxNjU2NDNaMDMxMTAvBgNV
BAMTKDc0OTI4MkU5QUY4OEQzRUM0NjFBMzJGRTg0RjBBRUEzNTNDNjJCNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg2A9x5MqCNPHYCWG6zzi39kFl
2N6c/yYWznQmc5PgI+Y+0vPODse/MpOd36eAUGnfjlLvqfwAcuK9vWrGgrvOgHOG
MwHQIpfT3ui6EGbXVJkq/+OBd/QPTmhXIvbFzUPIZRknozjhFXmLSbYQqzyHvXOY
bNOfX/v1BYFam2XEVuh7Fm0d57TYCUr6smNFwY4gQD2hma8nqAC0vy58lZq9CKsR
oEe4Ry47u69NeEl9ou2q1nMpwcSnArrZgHZjHItieSMS4k1j7IyM0umOFfA9b+So
yCSKNCw3jWyGS17D+inCtB8T/6we51c+J1e/Rqoo6YuYOJGbXlJ90JOEbijhAgMB
AAGjggLzMIIC7zAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR0koLpr4jT7EYa
Mv6E8K6jU8YrZjAfBgNVHSMEGDAWgBTVw9XnD8mtELqQ1F3GZFTp46FGqDAOBgNV
HQ8BAf8EBAMCAQYwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8wNDAzMmM4Zi0xZDU3LTRj
M2ItOTA0My1hMGU3ZmViZjE2N2QvMC9ENUMzRDVFNzBGQzlBRDEwQkE5MEQ0NURD
NjY0NTRFOUUzQTE0NkE4LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKG
SHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWNQVjV3
X0pyUkM2a05SZHhtUlU2ZU9oUnFnLmNlcjCCAT8GCCsGAQUFBwELBIIBMTCCAS0w
XwYIKwYBBQUHMAWGU3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvZjUzNmExZTQtM2JmMC00MzUyLTkwNjEtNjY2OTRkMmJjYmQzLzIv
MIGLBggrBgEFBQcwCoZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9mNTM2YTFlNC0zYmYwLTQzNTItOTA2MS02NjY5NGQyYmNiZDMv
Mi83NDkyODJFOUFGODhEM0VDNDYxQTMyRkU4NEYwQUVBMzUzQzYyQjY2Lm1mdDA8
BggrBgEFBQcwDYYwaHR0cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3Rp
ZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUH
AQcBAf8EIjAgMB4EAgACMBgDBgIqE9+HEAMGBCoT34dwAwYCKhPfh7gwDQYJKoZI
hvcNAQELBQADggEBAAPWpvjmzFBj50plUNKqLKVsZdhN1VtqjMFxyWKsWOaIwS5L
mujA+a5d6OMp0wsN37td13JC0XZbFIrAGq4x364TFdc3qtvT8YFjeImfW9JxUvOO
C3CrAgvn8eGujMVm7ot/LiM3LDkADXCKgOEWX2V+bnRzuJWE8qrj3C8sEO5jEtrk
XxZgYn81mc4y8jSnT5C0Xmld8OhX5nfEPwxHgr9t/6aOeR3bpU+1L3O3urGH/34A
NArxOPnH8XUlUN+HNBdvr9RsPtYqyQUKXLonmCpQu1lq7mi8fj/y2u/any/PSZuw
zOXuRBZwsGRyHGc/XspaMceMLfarjQkA1tmdSq8=
-----END CERTIFICATE-----