Certificate 

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/B96B8D4992D9B467CE859406542D783AE5B5427B.cer
File:                     B96B8D4992D9B467CE859406542D783AE5B5427B.cer (raw, json)
Hash identifier:          eaptPGPz2Ksr+EokQrxIF16xinKVRTWsYFqtnwP4wHI=
Subject key identifier:   B9:6B:8D:49:92:D9:B4:67:CE:85:94:06:54:2D:78:3A:E5:B5:42:7B
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Certificate issuer:       /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial:       520F1D0BCB06005BD06CA99BF9A4AFE62F07DA0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/18/B96B8D4992D9B467CE859406542D783AE5B5427B.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/18
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Thu 11 Jan 2024 08:40:29 +0000
Certificate not after:    Thu 09 Jan 2025 08:45:29 +0000
Subordinate resources:    IP: 2a14:4480::/29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:0f:1d:0b:cb:06:00:5b:d0:6c:a9:9b:f9:a4:af:e6:2f:07:da:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
        Validity
            Not Before: Jan 11 08:40:29 2024 GMT
            Not After : Jan  9 08:45:29 2025 GMT
        Subject: CN=B96B8D4992D9B467CE859406542D783AE5B5427B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:2c:7b:60:16:80:13:52:c1:84:a0:77:1d:29:
                    7c:49:b9:23:03:02:18:54:e5:d7:5f:85:cd:96:61:
                    6f:27:07:2e:77:26:c8:91:0e:94:ca:ef:4e:2d:b9:
                    6a:5b:3a:1e:40:95:cf:4d:be:14:1c:92:43:8a:ec:
                    53:3d:08:7f:55:f8:c0:47:a2:32:1f:0a:11:91:d9:
                    5e:b4:f3:1c:b1:22:23:69:1a:65:7f:dc:2c:d3:63:
                    7a:a3:68:50:ce:1a:a4:f1:a4:ca:d5:68:f5:af:83:
                    2d:4e:e5:b8:67:3b:8f:f6:0c:4f:94:7e:44:96:cf:
                    d6:e5:71:20:e1:7f:c0:84:3a:0f:2a:74:b0:8a:20:
                    a1:b4:47:e9:21:f4:4a:84:d6:f5:a8:9c:e5:a1:4c:
                    d0:34:c4:33:c8:6e:ab:52:6c:c7:91:aa:7b:53:db:
                    84:48:c9:81:ff:aa:94:89:be:b9:e0:84:42:50:65:
                    6d:b1:3e:87:83:c6:be:5c:d2:4d:cf:7b:be:d9:a1:
                    ed:58:e4:a2:85:a1:30:34:96:b9:7a:9d:0a:10:25:
                    cc:66:30:c8:29:f3:84:c2:d6:51:c4:2c:43:ae:db:
                    02:76:81:ea:30:af:79:a2:ad:a9:dd:f4:bd:17:eb:
                    28:88:41:82:41:ea:64:d3:84:d2:cb:5a:71:f5:85:
                    ab:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                B9:6B:8D:49:92:D9:B4:67:CE:85:94:06:54:2D:78:3A:E5:B5:42:7B
            X509v3 Authority Key Identifier:
                keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/18
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/18/B96B8D4992D9B467CE859406542D783AE5B5427B.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4480::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:d8:0e:6a:d7:05:1f:10:33:b7:21:0f:14:d1:91:d0:c2:7c:
         67:bf:fd:b3:1f:80:39:28:33:bc:0a:f2:2d:6e:6c:1a:55:ab:
         f3:59:00:50:3d:9a:3a:74:79:8b:c3:37:df:75:5f:c9:e8:fc:
         c5:54:e5:22:5a:41:47:ce:b2:9c:45:be:52:13:27:f7:6b:5a:
         ce:e1:ef:45:54:07:a6:af:c4:02:60:62:ed:8a:15:c1:9f:2d:
         8c:93:3c:81:10:33:0c:9e:99:53:bc:94:c7:06:b1:39:44:e0:
         b5:02:17:bd:e0:5b:c7:8b:2d:2e:1d:94:a3:b8:9c:92:f7:ef:
         5b:dd:0a:b6:8f:67:f9:90:32:3d:8e:e2:dc:26:9d:fe:0d:bc:
         d9:f8:10:e9:53:a6:da:8f:1d:76:ce:9c:a9:1f:10:b9:3c:81:
         0a:af:dd:c4:46:e3:e1:2b:17:6f:e9:b9:b4:cc:f4:06:76:65:
         a8:ca:e3:7e:cf:58:cb:2c:91:36:45:3c:23:06:62:77:c6:ad:
         7b:d2:b0:9e:7b:83:84:d4:d8:18:5b:33:c7:ee:60:49:26:9b:
         96:36:b0:5f:bb:49:d5:39:79:f4:e0:2c:70:02:ce:b3:b7:2f:
         f2:5a:77:6f:20:c6:9f:4e:d7:89:7c:d0:11:6f:65:8b:73:09:
         1a:54:b1:89
-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgIUUg8dC8sGAFvQbKmb+aSv5i8H2g0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDAxMTEwODQwMjlaFw0yNTAxMDkwODQ1MjlaMDMxMTAvBgNV
BAMTKEI5NkI4RDQ5OTJEOUI0NjdDRTg1OTQwNjU0MkQ3ODNBRTVCNTQyN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQLHtgFoATUsGEoHcdKXxJuSMD
AhhU5ddfhc2WYW8nBy53JsiRDpTK704tuWpbOh5Alc9NvhQckkOK7FM9CH9V+MBH
ojIfChGR2V608xyxIiNpGmV/3CzTY3qjaFDOGqTxpMrVaPWvgy1O5bhnO4/2DE+U
fkSWz9blcSDhf8CEOg8qdLCKIKG0R+kh9EqE1vWonOWhTNA0xDPIbqtSbMeRqntT
24RIyYH/qpSJvrnghEJQZW2xPoeDxr5c0k3Pe77Zoe1Y5KKFoTA0lrl6nQoQJcxm
MMgp84TC1lHELEOu2wJ2geowr3mirand9L0X6yiIQYJB6mTThNLLWnH1hauzAgMB
AAGjggLkMIIC4DAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS5a41Jktm0Z86F
lAZULXg65bVCezAfBgNVHSMEGDAWgBTVw9XnD8mtELqQ1F3GZFTp46FGqDAOBgNV
HQ8BAf8EBAMCAQYwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8wNDAzMmM4Zi0xZDU3LTRj
M2ItOTA0My1hMGU3ZmViZjE2N2QvMC9ENUMzRDVFNzBGQzlBRDEwQkE5MEQ0NURD
NjY0NTRFOUUzQTE0NkE4LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKG
SHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWNQVjV3
X0pyUkM2a05SZHhtUlU2ZU9oUnFnLmNlcjCCAUEGCCsGAQUFBwELBIIBMzCCAS8w
XwYIKwYBBQUHMAWGU3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvYWU2ZWRlZWMtMDhiYS00Y2RlLTg5NzktNGZhZWE0YjFiYzEyLzE4
MIGNBggrBgEFBQcwCoaBgHJzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWU2ZWRlZWMtMDhiYS00Y2RlLTg5NzktNGZhZWE0YjFiYzEy
LzE4L0I5NkI4RDQ5OTJEOUI0NjdDRTg1OTQwNjU0MkQ3ODNBRTVCNTQyN0IubWZ0
MDwGCCsGAQUFBzANhjBodHRwczovL3JyZHAucGFhcy5ycGtpLnJpcGUubmV0L25v
dGlmaWNhdGlvbi54bWwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEF
BQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoURIAwDQYJKoZIhvcNAQELBQADggEBAD7Y
DmrXBR8QM7chDxTRkdDCfGe//bMfgDkoM7wK8i1ubBpVq/NZAFA9mjp0eYvDN991
X8no/MVU5SJaQUfOspxFvlITJ/drWs7h70VUB6avxAJgYu2KFcGfLYyTPIEQMwye
mVO8lMcGsTlE4LUCF73gW8eLLS4dlKO4nJL371vdCraPZ/mQMj2O4twmnf4NvNn4
EOlTptqPHXbOnKkfELk8gQqv3cRG4+ErF2/pubTM9AZ2ZajK437PWMsskTZFPCMG
YnfGrXvSsJ57g4TU2BhbM8fuYEkmm5Y2sF+7SdU5efTgLHACzrO3L/Jad28gxp9O
14l80BFvZYtzCRpUsYk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:08 2024 by rpki-client on console-fra.rpki-client.org