Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bvV-1OLX9TRwswI1N3vq3XvThA0.cer
File:                     bvV-1OLX9TRwswI1N3vq3XvThA0.cer (raw, json)
Hash identifier:          obcx6I/gS58/+LFCh6j5lRFLPLfVc0ZtH4MSgcNbZvU=
Subject key identifier:   6E:F5:7E:D4:E2:D7:F5:34:70:B3:02:35:37:7B:EA:DD:7B:D3:84:0D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258FAAD31F9341CC614FDC407C5CE462
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7f/cae5be-79fb-4eee-91f6-c3d6cb9d0a0a/1/bvV-1OLX9TRwswI1N3vq3XvThA0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7f/cae5be-79fb-4eee-91f6-c3d6cb9d0a0a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:19 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 35696
                          IP: 194.246.40.0/22
                          IP: 2a07:f480::/29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:aa:d3:1f:93:41:cc:61:4f:dc:40:7c:5c:e4:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ef57ed4e2d7f53470b30235377beadd7bd3840d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d7:9d:6b:df:73:ee:7a:91:22:2f:0e:71:73:
                    e0:c5:95:37:11:50:11:d8:5f:07:9f:0b:6d:0f:44:
                    6e:59:07:34:ad:e4:e6:e9:20:4d:06:be:e7:d4:42:
                    a5:f8:c5:64:b9:62:ab:b1:a7:98:1b:58:51:2f:4e:
                    8b:06:90:3f:a6:2e:82:fa:88:bb:25:0b:ca:42:5c:
                    12:fa:2a:22:0a:5f:4f:b2:b6:70:26:3a:88:c1:08:
                    17:74:4a:99:0d:3c:87:f9:4f:db:fe:59:b4:53:73:
                    fe:8d:c4:cf:81:18:aa:98:22:c5:e5:4c:c9:06:ea:
                    e5:9c:ef:87:e9:5e:6a:50:d2:21:fd:bb:78:9d:1b:
                    c6:c1:4a:94:0d:79:4b:b6:75:48:f1:15:4c:93:f4:
                    8f:1e:00:e4:13:f5:4e:dc:8d:f3:a6:b1:84:22:a2:
                    ec:70:9f:77:35:ab:f9:54:dd:f6:cd:75:5a:22:ab:
                    db:34:d2:f1:db:15:fa:41:2e:6e:70:b8:74:11:6e:
                    46:2e:d2:95:c4:db:c9:41:7e:c8:87:60:8f:57:51:
                    06:06:fc:c6:39:42:40:13:18:c5:cc:64:03:19:20:
                    9e:3a:ec:14:56:2e:7b:71:9f:2a:8e:da:95:fe:8f:
                    52:57:6a:0b:73:67:7b:a3:39:df:e5:e6:2d:5d:06:
                    8a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:F5:7E:D4:E2:D7:F5:34:70:B3:02:35:37:7B:EA:DD:7B:D3:84:0D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/cae5be-79fb-4eee-91f6-c3d6cb9d0a0a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/cae5be-79fb-4eee-91f6-c3d6cb9d0a0a/1/bvV-1OLX9TRwswI1N3vq3XvThA0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.40.0/22
                IPv6:
                  2a07:f480::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  35696

    Signature Algorithm: sha256WithRSAEncryption
         a3:73:0e:41:4b:c7:3f:37:4f:88:cf:6d:a5:e0:32:8e:da:55:
         53:32:ad:8c:7f:d6:3a:b0:e7:02:e7:95:69:45:ae:14:ae:b0:
         52:73:ae:a1:7c:24:6f:45:ec:a1:d5:17:38:60:0e:8b:81:e1:
         ba:5f:30:00:9f:83:b4:d3:59:7e:95:18:f7:b0:4b:db:c9:63:
         cf:a7:9a:18:59:ca:ff:6d:68:eb:f8:b7:ab:41:a3:0b:0c:12:
         a3:fe:ae:26:56:2d:f2:8e:c2:a5:44:58:68:bd:b5:11:61:3d:
         01:30:0f:03:e5:3b:a6:48:4c:cf:ac:24:cb:23:48:6f:c1:08:
         4c:0f:de:94:4d:14:1d:d6:5c:c8:f5:c8:51:60:a5:0a:a9:b1:
         e6:a0:f0:5b:fc:61:89:8d:fd:c1:5d:f1:14:f2:5e:d9:86:81:
         b3:be:a5:62:8e:93:38:2a:59:24:b2:07:eb:16:44:b4:e5:6d:
         99:4c:7d:cf:39:d4:e5:b5:f7:2b:b3:3c:c5:1f:0f:d4:8d:72:
         ee:78:60:12:68:00:1c:a4:0c:00:c9:bf:02:d3:85:71:75:f5:
         b4:f5:9e:36:e6:b2:e4:58:53:e6:d9:d4:df:7f:9c:14:4a:1c:
         da:27:06:b3:17:1f:34:dd:83:a1:e3:70:c3:e5:ec:e0:99:50:
         86:11:67:a2
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQlj6rTH5NBzGFP3EB8XORiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWY1N2VkNGUyZDdmNTM0NzBiMzAyMzUzNzdiZWFkZDdiZDM4NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdeda99z7nqRIi8OcXPgxZU3EVAR
2F8HnwttD0RuWQc0reTm6SBNBr7n1EKl+MVkuWKrsaeYG1hRL06LBpA/pi6C+oi7
JQvKQlwS+ioiCl9PsrZwJjqIwQgXdEqZDTyH+U/b/lm0U3P+jcTPgRiqmCLF5UzJ
BurlnO+H6V5qUNIh/bt4nRvGwUqUDXlLtnVI8RVMk/SPHgDkE/VO3I3zprGEIqLs
cJ93Nav5VN32zXVaIqvbNNLx2xX6QS5ucLh0EW5GLtKVxNvJQX7Ih2CPV1EGBvzG
OUJAExjFzGQDGSCeOuwUVi57cZ8qjtqV/o9SV2oLc2d7oznf5eYtXQaKvwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFG71ftTi1/U0cLMCNTd76t1704QNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdmL2NhZTVi
ZS03OWZiLTRlZWUtOTFmNi1jM2Q2Y2I5ZDBhMGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2YvY2FlNWJl
LTc5ZmItNGVlZS05MWY2LWMzZDZjYjlkMGEwYS8xL2J2Vi0xT0xYOVRSd3N3STFO
M3ZxM1h2VGhBMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCwvYoMA0EAgACMAcDBQMqB/SAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCLcDANBgkqhkiG9w0BAQsFAAOCAQEAo3MOQUvHPzdP
iM9tpeAyjtpVUzKtjH/WOrDnAueVaUWuFK6wUnOuoXwkb0XsodUXOGAOi4Hhul8w
AJ+DtNNZfpUY97BL28ljz6eaGFnK/21o6/i3q0GjCwwSo/6uJlYt8o7CpURYaL21
EWE9ATAPA+U7pkhMz6wkyyNIb8EITA/elE0UHdZcyPXIUWClCqmx5qDwW/xhiY39
wV3xFPJe2YaBs76lYo6TOCpZJLIH6xZEtOVtmUx9zznU5bX3K7M8xR8P1I1y7nhg
EmgAHKQMAMm/AtOFcXX1tPWeNuay5FhT5tnU33+cFEoc2icGsxcfNN2DoeNww+Xs
4JlQhhFnog==
-----END CERTIFICATE-----