Certificate

$ rpki-client -vvf rpki.netiface.net/repo/Apricot/1/D74D1E9DE9B77C518BBB849A31EDEC3F87D6BCDC.cer
File:                     D74D1E9DE9B77C518BBB849A31EDEC3F87D6BCDC.cer (raw, json)
Hash identifier:          Qpssaneu4/8CqR1C3raC8XRhnM9nVT/7HEsaBggAjsQ=
Subject key identifier:   D7:4D:1E:9D:E9:B7:7C:51:8B:BB:84:9A:31:ED:EC:3F:87:D6:BC:DC
Authority key identifier: 2A:1A:61:72:DA:4C:33:9F:D7:87:46:7E:26:F9:2A:11:E7:5D:BB:B3
Certificate issuer:       /CN=2A1A6172DA4C339FD787467E26F92A11E75DBBB3
Certificate serial:       704CB4E09382B6F8785BA74368E5EC1914D1081D
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/2A1A6172DA4C339FD787467E26F92A11E75DBBB3.cer
Manifest:                 rsync://rpki.netiface.net/repo/Pfcloud/2/D74D1E9DE9B77C518BBB849A31EDEC3F87D6BCDC.mft
caRepository:             rsync://rpki.netiface.net/repo/Pfcloud/2/
Notify URL:               https://rpki.netiface.net/rrdp/notification.xml
Certificate not before:   Sun 04 Feb 2024 13:34:41 +0000
Certificate not after:    Sun 02 Feb 2025 13:39:41 +0000
Subordinate resources:    IP: 2a14:4085::/32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:4c:b4:e0:93:82:b6:f8:78:5b:a7:43:68:e5:ec:19:14:d1:08:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2A1A6172DA4C339FD787467E26F92A11E75DBBB3
        Validity
            Not Before: Feb  4 13:34:41 2024 GMT
            Not After : Feb  2 13:39:41 2025 GMT
        Subject: CN=D74D1E9DE9B77C518BBB849A31EDEC3F87D6BCDC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c3:93:1d:de:8f:6c:bf:f4:49:10:e9:bb:94:
                    53:5d:9b:5a:85:ba:fb:f4:4a:04:5d:2e:ca:d5:ce:
                    06:20:b1:bb:40:f3:0f:e1:ba:9f:f8:7a:59:94:29:
                    c1:e4:c9:1a:a1:4b:95:d5:a7:46:e3:c1:53:cb:82:
                    25:82:a4:6b:f6:e0:10:49:97:af:fa:19:47:08:34:
                    3a:1e:19:a4:96:4d:e1:ae:78:91:1f:c7:0d:d6:5f:
                    71:27:eb:7c:55:b5:a4:a8:2d:f6:d1:b9:ee:f5:fe:
                    3a:69:d0:55:24:56:86:e8:3c:4e:28:12:69:a5:d1:
                    33:9a:85:fb:17:c6:e7:42:7b:bb:0d:9b:8e:29:81:
                    40:71:f4:44:1d:7c:40:59:6c:31:b1:6a:8e:bd:74:
                    0e:84:19:7c:b7:b8:3f:98:5b:d4:35:ac:a1:3d:de:
                    bd:0c:11:25:9c:cb:39:80:66:03:f6:b9:18:56:41:
                    6b:db:da:d1:5b:21:f5:b8:43:0c:83:2d:9e:e4:f7:
                    36:bb:af:ce:1d:70:5e:94:62:0b:d9:22:27:00:e4:
                    1f:ea:fa:e9:35:a3:d4:94:57:54:dc:08:c9:a6:0f:
                    90:3b:61:52:d1:61:40:fa:20:d6:11:f0:7a:59:d4:
                    79:3f:27:9c:57:67:d8:f1:b7:11:06:2d:44:24:ad:
                    8a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                D7:4D:1E:9D:E9:B7:7C:51:8B:BB:84:9A:31:ED:EC:3F:87:D6:BC:DC
            X509v3 Authority Key Identifier:
                keyid:2A:1A:61:72:DA:4C:33:9F:D7:87:46:7E:26:F9:2A:11:E7:5D:BB:B3

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.netiface.net/repo/Apricot/1/2A1A6172DA4C339FD787467E26F92A11E75DBBB3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/2A1A6172DA4C339FD787467E26F92A11E75DBBB3.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.netiface.net/repo/Pfcloud/2/
                RPKI Manifest - URI:rsync://rpki.netiface.net/repo/Pfcloud/2/D74D1E9DE9B77C518BBB849A31EDEC3F87D6BCDC.mft
                RPKI Notify - URI:https://rpki.netiface.net/rrdp/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4085::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:7d:c2:48:44:19:7b:d6:1a:eb:1d:99:97:a1:2f:92:fe:3a:
         fe:64:50:7b:41:0f:1d:a3:e5:9d:7a:a0:36:cc:0d:7f:51:88:
         a0:ac:65:e1:a6:af:84:2b:68:75:51:e5:4f:ba:e8:2c:d8:1c:
         4f:9d:07:f9:e6:53:f0:95:08:86:00:62:66:e3:64:50:79:00:
         fc:15:7a:99:2c:13:f6:69:81:e4:85:44:6e:8a:4a:5b:13:0d:
         7b:39:3c:1c:c4:11:85:c6:3f:09:7b:e7:ab:94:5c:91:b9:de:
         5b:10:aa:26:35:e7:73:26:47:2f:aa:59:79:01:30:43:c7:8d:
         55:1c:90:ad:6a:aa:ee:59:5c:57:fc:36:76:e7:5b:fa:fc:a3:
         b8:0e:c9:fb:25:3d:3c:8f:d4:68:30:5a:0d:c2:23:fa:2e:82:
         3f:ec:18:07:61:74:9b:c4:8a:4c:eb:82:c0:41:6d:bb:75:06:
         53:0f:e2:d8:27:3a:38:eb:1b:16:4e:41:bf:2e:24:cf:d1:70:
         13:97:a5:45:31:b1:e0:fc:07:9f:25:61:0b:92:0c:ec:9c:1a:
         02:6e:5d:66:81:be:76:72:10:64:33:3d:e1:34:14:07:b3:20:
         ed:31:0c:44:e4:8f:77:78:d2:2e:a6:c7:88:0d:43:5a:8c:bb:
         c4:fe:f1:bc
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgIUcEy04JOCtvh4W6dDaOXsGRTRCB0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkExQTYxNzJEQTRDMzM5RkQ3ODc0NjdFMjZGOTJBMTFF
NzVEQkJCMzAeFw0yNDAyMDQxMzM0NDFaFw0yNTAyMDIxMzM5NDFaMDMxMTAvBgNV
BAMTKEQ3NEQxRTlERTlCNzdDNTE4QkJCODQ5QTMxRURFQzNGODdENkJDREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSw5Md3o9sv/RJEOm7lFNdm1qF
uvv0SgRdLsrVzgYgsbtA8w/hup/4elmUKcHkyRqhS5XVp0bjwVPLgiWCpGv24BBJ
l6/6GUcINDoeGaSWTeGueJEfxw3WX3En63xVtaSoLfbRue71/jpp0FUkVoboPE4o
Emml0TOahfsXxudCe7sNm44pgUBx9EQdfEBZbDGxao69dA6EGXy3uD+YW9Q1rKE9
3r0MESWcyzmAZgP2uRhWQWvb2tFbIfW4QwyDLZ7k9za7r84dcF6UYgvZIicA5B/q
+uk1o9SUV1TcCMmmD5A7YVLRYUD6INYR8HpZ1Hk/J5xXZ9jxtxEGLUQkrYoXAgMB
AAGjggKUMIICkDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTXTR6d6bd8UYu7
hJox7ew/h9a83DAfBgNVHSMEGDAWgBQqGmFy2kwzn9eHRn4m+SoR5127szAOBgNV
HQ8BAf8EBAMCAQYwZgYDVR0fBF8wXTBboFmgV4ZVcnN5bmM6Ly9ycGtpLm5ldGlm
YWNlLm5ldC9yZXBvL0Fwcmljb3QvMS8yQTFBNjE3MkRBNEMzMzlGRDc4NzQ2N0Uy
NkY5MkExMUU3NURCQkIzLmNybDCBngYIKwYBBQUHAQEEgZEwgY4wgYsGCCsGAQUF
BzAChn9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzA0MDMyYzhmLTFkNTctNGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wLzJBMUE2MTcy
REE0QzMzOUZENzg3NDY3RTI2RjkyQTExRTc1REJCQjMuY2VyMIHnBggrBgEFBQcB
CwSB2jCB1zA1BggrBgEFBQcwBYYpcnN5bmM6Ly9ycGtpLm5ldGlmYWNlLm5ldC9y
ZXBvL1BmY2xvdWQvMi8wYQYIKwYBBQUHMAqGVXJzeW5jOi8vcnBraS5uZXRpZmFj
ZS5uZXQvcmVwby9QZmNsb3VkLzIvRDc0RDFFOURFOUI3N0M1MThCQkI4NDlBMzFF
REVDM0Y4N0Q2QkNEQy5tZnQwOwYIKwYBBQUHMA2GL2h0dHBzOi8vcnBraS5uZXRp
ZmFjZS5uZXQvcnJkcC9ub3RpZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqFECFMA0GCSqG
SIb3DQEBCwUAA4IBAQBofcJIRBl71hrrHZmXoS+S/jr+ZFB7QQ8do+WdeqA2zA1/
UYigrGXhpq+EK2h1UeVPuugs2BxPnQf55lPwlQiGAGJm42RQeQD8FXqZLBP2aYHk
hURuikpbEw17OTwcxBGFxj8Je+erlFyRud5bEKomNedzJkcvqll5ATBDx41VHJCt
aqruWVxX/DZ251v6/KO4Dsn7JT08j9RoMFoNwiP6LoI/7BgHYXSbxIpM64LAQW27
dQZTD+LYJzo46xsWTkG/LiTP0XATl6VFMbHg/AefJWELkgzsnBoCbl1mgb52chBk
Mz3hNBQHsyDtMQxE5I93eNIupseIDUNajLvE/vG8
-----END CERTIFICATE-----