Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52KY78lQrypGHNjce-5QBrqi_Yw.cer
File:                     52KY78lQrypGHNjce-5QBrqi_Yw.cer (raw, json)
Hash identifier:          6cWGR+p59FWHz+tUvWwJEhaUKePhMNgUrdIpK3EdSUE=
Subject key identifier:   E7:62:98:EF:C9:50:AF:2A:46:1C:D8:DC:7B:EE:50:06:BA:A2:FD:8C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       ACB83A98E6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7b/491559-84b8-45b9-be83-35189d44df80/1/52KY78lQrypGHNjce-5QBrqi_Yw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7b/491559-84b8-45b9-be83-35189d44df80/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 31 Jan 2022 14:32:20 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 206074
                          AS: 206092
                          AS: 206150
                          AS: 206164
                          AS: 213060
                          AS: 213074
                          AS: 213085
                          IP: 193.84.111.0/24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 741825222886 (0xacb83a98e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 31 14:32:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e76298efc950af2a461cd8dc7bee5006baa2fd8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:76:c1:4c:19:d8:9d:14:9d:dd:30:26:54:6b:
                    eb:fc:b6:80:94:e1:a7:bd:78:b3:bd:99:52:a6:3b:
                    90:9c:46:9d:c3:f7:d0:b5:1b:09:95:42:3e:2c:ec:
                    a4:fe:b1:97:94:36:9a:cf:ef:c7:1f:96:dd:34:82:
                    89:50:fa:f7:46:da:f0:6c:98:53:8e:14:3c:a0:1b:
                    33:4e:d1:fa:23:25:a6:e1:01:f7:8c:2a:73:34:f2:
                    21:46:72:6d:7b:ac:f5:26:a0:24:8e:95:36:5d:46:
                    9d:ee:16:dd:52:71:59:e3:80:32:85:0b:f8:73:4c:
                    71:b1:2b:02:f5:3e:db:a5:19:6c:22:9b:b8:f8:20:
                    68:c9:df:4f:f3:28:cd:33:36:88:39:04:e4:b3:c0:
                    bf:78:39:36:ad:36:12:b9:3d:e7:07:a6:ad:44:3f:
                    ae:54:b6:cf:33:af:e3:ec:2a:8f:74:62:9d:ca:72:
                    18:cb:97:fb:23:41:ba:24:b4:8c:1f:67:59:8b:4d:
                    b3:2f:ae:62:3f:26:e7:95:61:f1:26:44:45:06:1c:
                    35:7b:65:23:3a:c1:76:7e:33:89:69:54:c8:15:bc:
                    6b:02:6b:4a:20:ca:1e:b2:f1:24:37:21:84:ea:3e:
                    f8:53:b5:df:f5:1b:05:61:a9:1f:ed:8f:61:cf:8e:
                    3b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:62:98:EF:C9:50:AF:2A:46:1C:D8:DC:7B:EE:50:06:BA:A2:FD:8C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/491559-84b8-45b9-be83-35189d44df80/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/491559-84b8-45b9-be83-35189d44df80/1/52KY78lQrypGHNjce-5QBrqi_Yw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.111.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206074
                  206092
                  206150
                  206164
                  213060
                  213074
                  213085

    Signature Algorithm: sha256WithRSAEncryption
         75:d1:b5:65:ae:3a:5e:89:3a:e2:51:16:2f:5b:7b:b1:00:7b:
         ad:dc:d6:59:97:b6:29:57:ac:62:51:9d:67:6e:19:db:54:f2:
         e0:16:a1:d0:00:c5:2a:19:33:89:b2:8e:e8:fe:e3:6e:15:ae:
         99:ab:3c:30:31:f7:b7:fb:74:b1:01:b5:33:0c:45:e9:59:48:
         ab:d6:ef:cc:f8:b5:bd:3b:a4:89:68:52:10:84:c5:7b:00:d2:
         a2:0e:a0:c3:ba:08:8b:3e:bd:32:2a:5e:93:65:fa:fb:33:1e:
         53:68:e3:82:12:99:2f:f3:e7:23:a0:de:83:84:11:6c:c7:98:
         ea:8d:24:82:c1:1e:45:d9:f9:3b:ed:80:66:f1:fb:d3:de:70:
         b9:c5:8b:d8:33:b9:b8:bb:07:ce:ce:80:6b:d8:40:53:d4:2b:
         77:bb:7f:8a:e2:37:95:f0:20:7b:44:5a:e5:36:8c:71:a9:6f:
         2d:56:3d:cf:c5:07:84:e3:34:ed:37:d1:8d:44:4b:31:40:75:
         57:bf:f7:a1:ae:c6:c3:70:e8:3a:1b:35:54:f3:48:f4:33:62:
         5c:e7:c7:51:0e:d4:ac:bf:83:0c:ca:25:ee:89:79:e7:1e:a1:
         92:c5:44:ac:05:98:e0:e7:8e:9e:c9:60:48:5c:01:55:ef:7f:
         dc:eb:80:9f
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgIGAKy4OpjmMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTMxMTQzMjIwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhlNzYyOThlZmM5
NTBhZjJhNDYxY2Q4ZGM3YmVlNTAwNmJhYTJmZDhjMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0HbBTBnYnRSd3TAmVGvr/LaAlOGnvXizvZlSpjuQnEad
w/fQtRsJlUI+LOyk/rGXlDaaz+/HH5bdNIKJUPr3RtrwbJhTjhQ8oBszTtH6IyWm
4QH3jCpzNPIhRnJte6z1JqAkjpU2XUad7hbdUnFZ44AyhQv4c0xxsSsC9T7bpRls
Ipu4+CBoyd9P8yjNMzaIOQTks8C/eDk2rTYSuT3nB6atRD+uVLbPM6/j7CqPdGKd
ynIYy5f7I0G6JLSMH2dZi02zL65iPybnlWHxJkRFBhw1e2UjOsF2fjOJaVTIFbxr
AmtKIMoesvEkNyGE6j74U7Xf9RsFYakf7Y9hz447KwIDAQABo4ICvjCCArowHQYD
VR0OBBYEFOdimO/JUK8qRhzY3HvuUAa6ov2MMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdiLzQ5MTU1OS04NGI4LTQ1Yjkt
YmU4My0zNTE4OWQ0NGRmODAvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvNDkxNTU5LTg0YjgtNDViOS1i
ZTgzLTM1MTg5ZDQ0ZGY4MC8xLzUyS1k3OGxRcnlwR0hOamNlLTVRQnJxaV9Zdy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAwVRvMDgGCCsGAQUFBwEIAQH/BCkwJ6AlMCMCAwMk+gIDAyUMAgMD
JUYCAwMlVAIDA0BEAgMDQFICAwNAXTANBgkqhkiG9w0BAQsFAAOCAQEAddG1Za46
Xok64lEWL1t7sQB7rdzWWZe2KVesYlGdZ24Z21Ty4Bah0ADFKhkzibKO6P7jbhWu
mas8MDH3t/t0sQG1MwxF6VlIq9bvzPi1vTukiWhSEITFewDSog6gw7oIiz69Mipe
k2X6+zMeU2jjghKZL/PnI6Deg4QRbMeY6o0kgsEeRdn5O+2AZvH7095wucWL2DO5
uLsHzs6Aa9hAU9Qrd7t/iuI3lfAge0Ra5TaMcalvLVY9z8UHhOM07TfRjURLMUB1
V7/3oa7Gw3DoOhs1VPNI9DNiXOfHUQ7UrL+DDMol7ol55x6hksVErAWY4OeOnslg
SFwBVe9/3OuAnw==
-----END CERTIFICATE-----