Certificate

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/B34DF925A0FAAF47E4E9460A3D51F3FBA08079A9.cer
File:                     B34DF925A0FAAF47E4E9460A3D51F3FBA08079A9.cer (raw, json)
Hash identifier:          Vu2i6jfuuwIKqjLRC5BBQVOqzKGj6uQdkwzImp8V7Y4=
Subject key identifier:   B3:4D:F9:25:A0:FA:AF:47:E4:E9:46:0A:3D:51:F3:FB:A0:80:79:A9
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Certificate issuer:       /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial:       34B8A1AED7A8203BE548E83EBE4803E762AB3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/3e90a3c5-3f38-4ddf-b2ca-a4d52ace3c14/1/B34DF925A0FAAF47E4E9460A3D51F3FBA08079A9.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/3e90a3c5-3f38-4ddf-b2ca-a4d52ace3c14/1/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sun 17 Mar 2024 12:13:09 +0000
Certificate not after:    Sun 16 Mar 2025 12:18:09 +0000
Subordinate resources:    IP: 2a13:df80:1f00::/40

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:b8:a1:ae:d7:a8:20:3b:e5:48:e8:3e:be:48:03:e7:62:ab:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
        Validity
            Not Before: Mar 17 12:13:09 2024 GMT
            Not After : Mar 16 12:18:09 2025 GMT
        Subject: CN=B34DF925A0FAAF47E4E9460A3D51F3FBA08079A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:1a:73:3d:da:44:b0:f7:25:0c:a3:dc:07:90:
                    cd:a2:a6:9b:e1:c7:49:9d:86:4b:99:ed:03:e0:3f:
                    33:90:5e:5e:67:bf:00:78:84:1b:63:b5:32:b8:3e:
                    9b:69:b2:14:46:b2:b4:07:96:50:19:41:f4:05:d0:
                    f6:0e:a1:a7:af:fd:ec:9d:5d:6d:67:85:66:bc:b8:
                    a2:d7:17:6b:d1:5d:9b:fa:05:7d:59:12:c0:14:51:
                    c3:fb:9f:36:e8:c5:af:5e:99:a5:bf:a2:0f:ec:64:
                    01:c1:dd:2f:e3:10:83:9e:ff:d1:08:5e:f3:b2:04:
                    19:08:83:19:a3:58:92:e2:f6:d9:e9:27:97:c1:61:
                    32:1b:d1:f6:17:64:52:7a:16:3e:ab:fd:6a:db:cd:
                    4a:88:e5:66:61:4b:ad:2a:08:77:aa:f7:4e:5a:14:
                    99:b8:d3:7f:23:f2:b4:0c:8e:7e:39:f6:2e:60:c9:
                    88:ce:64:f4:8b:49:42:2e:3d:15:a3:4f:13:82:70:
                    97:d7:b8:a6:7d:1e:7b:cd:2a:c7:a5:62:5a:23:12:
                    4b:07:85:3e:0d:6e:1e:3f:a5:0d:71:51:b4:5e:d4:
                    24:af:76:31:2a:c5:ce:fc:03:f2:7a:f5:8c:52:73:
                    ad:42:b9:d2:64:48:69:9f:e6:2b:ec:b3:1e:84:9d:
                    25:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                B3:4D:F9:25:A0:FA:AF:47:E4:E9:46:0A:3D:51:F3:FB:A0:80:79:A9
            X509v3 Authority Key Identifier:
                keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/3e90a3c5-3f38-4ddf-b2ca-a4d52ace3c14/1/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/3e90a3c5-3f38-4ddf-b2ca-a4d52ace3c14/1/B34DF925A0FAAF47E4E9460A3D51F3FBA08079A9.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:df80:1f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         b4:b2:2c:e5:fb:d6:19:7f:2c:90:5c:5d:98:41:8f:34:6a:5d:
         2d:c8:e7:2d:bd:a8:a7:0b:a3:bc:f2:94:0b:f0:9e:da:d9:1e:
         fe:b0:56:e2:f6:de:b1:dd:e6:d3:1b:fa:93:4c:e2:16:56:11:
         31:72:cc:20:a2:ea:ae:e2:5a:e3:ff:7a:0e:56:a0:2c:4f:d4:
         c3:36:a7:aa:84:9a:e2:30:7e:f8:87:ae:49:56:bb:fb:1b:c0:
         01:ac:28:bf:51:9f:6a:8d:8e:66:39:8b:94:f0:88:ea:ac:d8:
         69:6c:14:2b:5c:bc:61:d0:ec:61:ae:48:24:5c:44:87:24:93:
         01:e1:63:f7:52:8b:9b:79:1d:23:25:f6:26:f0:d7:65:74:e6:
         d3:b5:0a:e9:2e:e6:1b:a4:3c:7e:98:af:42:e6:25:16:ef:d2:
         15:90:29:cd:4a:19:af:d0:1e:d2:ec:0a:99:51:72:8f:ac:c7:
         4c:ec:0f:c2:10:c5:80:36:5b:24:42:f1:d5:c7:2d:90:11:3e:
         fb:cf:b9:ca:fe:2c:15:e8:c8:f9:9a:a0:38:6d:bf:2a:65:88:
         f9:c4:7e:24:9d:b5:7f:b9:6a:7d:81:14:69:a1:20:a4:a9:27:
         b8:79:7c:f3:9e:6f:63:01:e6:4d:e7:92:05:62:f7:87:f7:e8:
         7f:8c:ab:d1
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgITNLihrteoIDvlSOg+vkgD52KrPTANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyhkNWMzZDVlNzBmYzlhZDEwYmE5MGQ0NWRjNjY0NTRlOWUz
YTE0NmE4MB4XDTI0MDMxNzEyMTMwOVoXDTI1MDMxNjEyMTgwOVowMzExMC8GA1UE
AxMoQjM0REY5MjVBMEZBQUY0N0U0RTk0NjBBM0Q1MUYzRkJBMDgwNzlBOTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQacz3aRLD3JQyj3AeQzaKmm+HH
SZ2GS5ntA+A/M5BeXme/AHiEG2O1Mrg+m2myFEaytAeWUBlB9AXQ9g6hp6/97J1d
bWeFZry4otcXa9Fdm/oFfVkSwBRRw/ufNujFr16Zpb+iD+xkAcHdL+MQg57/0Qhe
87IEGQiDGaNYkuL22eknl8FhMhvR9hdkUnoWPqv9atvNSojlZmFLrSoId6r3TloU
mbjTfyPytAyOfjn2LmDJiM5k9ItJQi49FaNPE4Jwl9e4pn0ee80qx6ViWiMSSweF
Pg1uHj+lDXFRtF7UJK92MSrFzvwD8nr1jFJzrUK50mRIaZ/mK+yzHoSdJWECAwEA
AaOCAuMwggLfMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLNN+SWg+q9H5OlG
Cj1R8/uggHmpMB8GA1UdIwQYMBaAFNXD1ecPya0QupDUXcZkVOnjoUaoMA4GA1Ud
DwEB/wQEAwIBBjCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5j
LnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTctNGMz
Yi05MDQzLWEwZTdmZWJmMTY3ZC8wL0Q1QzNENUU3MEZDOUFEMTBCQTkwRDQ1REM2
NjQ1NEU5RTNBMTQ2QTguY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZI
cnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xY1BWNXdf
SnJSQzZrTlJkeG1SVTZlT2hScWcuY2VyMIIBPwYIKwYBBQUHAQsEggExMIIBLTBf
BggrBgEFBQcwBYZTcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS8zZTkwYTNjNS0zZjM4LTRkZGYtYjJjYS1hNGQ1MmFjZTNjMTQvMS8w
gYsGCCsGAQUFBzAKhn9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5LzNlOTBhM2M1LTNmMzgtNGRkZi1iMmNhLWE0ZDUyYWNlM2MxNC8x
L0IzNERGOTI1QTBGQUFGNDdFNEU5NDYwQTNENTFGM0ZCQTA4MDc5QTkubWZ0MDwG
CCsGAQUFBzANhjBodHRwczovL3JyZHAucGFhcy5ycGtpLnJpcGUubmV0L25vdGlm
aWNhdGlvbi54bWwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcB
BwEB/wQSMBAwDgQCAAIwCAMGACoT34AfMA0GCSqGSIb3DQEBCwUAA4IBAQC0sizl
+9YZfyyQXF2YQY80al0tyOctvainC6O88pQL8J7a2R7+sFbi9t6x3ebTG/qTTOIW
VhExcswgouqu4lrj/3oOVqAsT9TDNqeqhJriMH74h65JVrv7G8ABrCi/UZ9qjY5m
OYuU8IjqrNhpbBQrXLxh0OxhrkgkXESHJJMB4WP3UoubeR0jJfYm8NdldObTtQrp
LuYbpDx+mK9C5iUW79IVkCnNShmv0B7S7AqZUXKPrMdM7A/CEMWANlskQvHVxy2Q
ET77z7nK/iwV6Mj5mqA4bb8qZYj5xH4knbV/uWp9gRRpoSCkqSe4eXzznm9jAeZN
55IFYveH9+h/jKvR
-----END CERTIFICATE-----