Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/apkJ4CGHNE_FFKsFT7G2JefVfcw.cer
File:                     apkJ4CGHNE_FFKsFT7G2JefVfcw.cer (raw, json)
Hash identifier:          MhdfBVyu8MrKt0Pr3MVNMWd45tr8PLBDgiBSWV9hDsU=
Subject key identifier:   6A:99:09:E0:21:87:34:4F:C5:14:AB:05:4F:B1:B6:25:E7:D5:7D:CC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018571D51BDBC877B0B4557EB869B5E105B6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b7/81b044-a129-4874-a8a3-adb5e96631f7/1/apkJ4CGHNE_FFKsFT7G2JefVfcw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b7/81b044-a129-4874-a8a3-adb5e96631f7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 02 Jan 2023 09:34:29 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 193.30.12.0/22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d5:1b:db:c8:77:b0:b4:55:7e:b8:69:b5:e1:05:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:34:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a9909e02187344fc514ab054fb1b625e7d57dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d1:20:bf:07:d9:f3:a0:79:d0:63:4a:26:bc:
                    85:26:dc:47:5c:f7:9e:a8:f2:8a:5c:9b:36:89:f8:
                    36:64:f9:c8:13:4d:20:c5:f9:93:0e:1a:1f:c1:51:
                    1c:c1:91:b8:05:47:ca:ed:d7:15:98:1a:d0:1e:43:
                    6f:29:43:81:58:83:61:eb:75:12:12:7f:69:d8:ec:
                    62:fe:ed:d5:d8:49:d2:0f:36:e3:32:40:5e:50:a0:
                    34:aa:1a:84:09:1d:2f:67:7c:24:d0:e5:51:b9:6e:
                    1b:2d:1b:df:1d:c4:05:a6:60:ff:f2:7e:6b:32:b1:
                    12:f6:5a:a2:46:ff:4b:f5:bf:3d:99:c8:dd:52:18:
                    5e:7e:b7:30:60:2e:fd:28:04:cb:16:eb:20:48:fa:
                    dd:84:bb:f9:96:7f:89:49:6d:15:e8:d5:b6:ad:8b:
                    1e:f9:f7:64:65:e9:e0:23:db:dd:3a:4f:d9:1b:03:
                    eb:a1:0a:a9:28:98:60:bc:5c:f9:bb:c7:22:50:2f:
                    ae:c0:82:a5:c3:70:dd:37:f7:34:ce:3d:44:46:53:
                    d9:ff:c8:62:11:a5:13:9b:ea:00:61:49:9d:a2:63:
                    d5:ba:3f:6b:7a:89:8d:4b:34:7e:ea:ae:97:8f:31:
                    1f:be:6f:65:34:fc:a4:79:39:32:4d:ed:4a:fb:88:
                    64:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:99:09:E0:21:87:34:4F:C5:14:AB:05:4F:B1:B6:25:E7:D5:7D:CC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/81b044-a129-4874-a8a3-adb5e96631f7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/81b044-a129-4874-a8a3-adb5e96631f7/1/apkJ4CGHNE_FFKsFT7G2JefVfcw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:32:87:08:14:41:8f:e1:5c:13:5d:31:a9:4d:77:86:2d:b2:
         48:19:d3:73:df:ab:77:c8:f6:88:2a:74:2e:71:16:0e:97:f8:
         8c:2f:c9:f0:34:b4:b1:63:19:f8:8c:64:1a:ea:66:93:99:2b:
         07:95:2d:0a:13:32:3c:79:a5:45:ae:2e:d0:05:6f:a0:fe:09:
         31:a9:76:76:51:52:7a:4c:76:5f:ec:71:2d:02:18:c3:e2:0e:
         67:5f:3d:71:80:a3:37:52:64:4f:55:b2:20:6c:b2:b5:17:53:
         85:6e:39:62:b4:d7:1c:d0:f8:84:f5:f2:62:e0:7e:a1:4e:4b:
         59:de:f6:64:76:82:4d:83:33:14:d8:1c:92:0c:35:9e:64:7d:
         14:46:4e:d0:bb:2b:82:86:f6:ed:76:e6:23:ba:34:0f:1e:bd:
         42:5f:9e:ce:39:b8:1d:ed:12:03:fd:ed:32:99:a8:88:e5:44:
         7f:81:08:b7:29:99:8b:48:ac:1e:44:79:ff:4c:34:71:d3:7c:
         9e:88:60:c8:4f:6a:c7:ec:f8:4d:54:0c:7f:21:1e:de:d4:57:
         bf:55:04:49:bd:82:c5:ea:d8:5c:63:54:71:99:07:06:df:f2:
         3e:13:34:73:e9:c6:0b:4d:ed:2f:a1:6c:28:83:ea:11:a6:ba:
         9a:4b:c5:7e
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYVx1RvbyHewtFV+uGm14QW2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAyMDkzNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk5MDllMDIxODczNDRmYzUxNGFiMDU0ZmIxYjYyNWU3ZDU3ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9EgvwfZ86B50GNKJryFJtxHXPee
qPKKXJs2ifg2ZPnIE00gxfmTDhofwVEcwZG4BUfK7dcVmBrQHkNvKUOBWINh63US
En9p2Oxi/u3V2EnSDzbjMkBeUKA0qhqECR0vZ3wk0OVRuW4bLRvfHcQFpmD/8n5r
MrES9lqiRv9L9b89mcjdUhhefrcwYC79KATLFusgSPrdhLv5ln+JSW0V6NW2rYse
+fdkZengI9vdOk/ZGwProQqpKJhgvFz5u8ciUC+uwIKlw3DdN/c0zj1ERlPZ/8hi
EaUTm+oAYUmdomPVuj9reomNSzR+6q6XjzEfvm9lNPykeTkyTe1K+4hkgQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGqZCeAhhzRPxRSrBU+xtiXn1X3MMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I3LzgxYjA0
NC1hMTI5LTQ4NzQtYThhMy1hZGI1ZTk2NjMxZjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjcvODFiMDQ0
LWExMjktNDg3NC1hOGEzLWFkYjVlOTY2MzFmNy8xL2Fwa0o0Q0dITkVfRkZLc0ZU
N0cySmVmVmZjdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwR4MMA0GCSqGSIb3DQEBCwUAA4IBAQCEMocI
FEGP4VwTXTGpTXeGLbJIGdNz36t3yPaIKnQucRYOl/iML8nwNLSxYxn4jGQa6maT
mSsHlS0KEzI8eaVFri7QBW+g/gkxqXZ2UVJ6THZf7HEtAhjD4g5nXz1xgKM3UmRP
VbIgbLK1F1OFbjlitNcc0PiE9fJi4H6hTktZ3vZkdoJNgzMU2BySDDWeZH0URk7Q
uyuChvbtduYjujQPHr1CX57OObgd7RID/e0ymaiI5UR/gQi3KZmLSKweRHn/TDRx
03yeiGDIT2rH7PhNVAx/IR7e1Fe/VQRJvYLF6thcY1RxmQcG3/I+EzRz6cYLTe0v
oWwog+oRprqaS8V+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:39 2024 by rpki-client on console-ams.rpki-client.org