Certificate

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/21a797f9-3c10-4536-aa64-09ca2d9545c8/0/28FA507C2092BDD1BBD1B0816C9D71CD4681096C.cer
File:                     28FA507C2092BDD1BBD1B0816C9D71CD4681096C.cer (raw, json)
Hash identifier:          dQ0N9CKVy3hxnwywpwJUo8yLDsXpt3wwg/MmomIjiLs=
Subject key identifier:   28:FA:50:7C:20:92:BD:D1:BB:D1:B0:81:6C:9D:71:CD:46:81:09:6C
Authority key identifier: 07:D3:62:BD:D7:CA:6E:80:E2:C2:44:43:75:97:BD:47:EF:7A:4F:DE
Certificate issuer:       /CN=07d362bdd7ca6e80e2c244437597bd47ef7a4fde
Certificate serial:       264E0E50D0FC042F36DB41514A1473242F7BD623
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9NivdfKboDiwkRDdZe9R-96T94.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/5/28FA507C2092BDD1BBD1B0816C9D71CD4681096C.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/5/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sat 13 Apr 2024 12:26:13 +0000
Certificate not after:    Sat 12 Apr 2025 12:31:13 +0000
Subordinate resources:    IP: 2a07:2486::/36
                          IP: 2a07:2487::/32

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:4e:0e:50:d0:fc:04:2f:36:db:41:51:4a:14:73:24:2f:7b:d6:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d362bdd7ca6e80e2c244437597bd47ef7a4fde
        Validity
            Not Before: Apr 13 12:26:13 2024 GMT
            Not After : Apr 12 12:31:13 2025 GMT
        Subject: CN=28FA507C2092BDD1BBD1B0816C9D71CD4681096C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:54:39:c4:cd:74:e0:dc:54:8a:ee:b8:a0:0a:
                    4d:a8:ea:57:b1:87:0c:32:07:4b:f6:21:28:75:9b:
                    12:33:19:58:95:60:05:61:16:a7:74:94:d2:ed:08:
                    a5:47:6e:62:1f:b2:01:ea:cb:17:62:e0:17:82:77:
                    ef:a3:e0:81:bf:54:6e:db:7e:63:68:e2:61:ac:99:
                    4b:34:c1:59:97:ee:68:39:7c:66:dd:3e:fc:09:b1:
                    20:cb:e4:ab:65:94:88:69:ac:6c:29:18:04:4e:b6:
                    88:08:92:8c:da:0f:33:d4:a7:80:f0:bd:96:52:2d:
                    ae:e6:c6:da:32:3c:85:ec:6d:98:77:81:db:35:e8:
                    be:8f:00:57:9e:39:15:b4:6b:ed:58:25:98:d1:3a:
                    3b:ef:4d:52:ad:a7:3c:e9:7d:03:d3:60:ac:05:9e:
                    f4:cd:ea:6b:f1:de:9e:b4:82:36:07:f2:10:91:a6:
                    a0:b9:9e:c5:ce:4f:31:06:3a:e5:7a:ba:5e:ac:87:
                    c3:f9:c2:5e:1a:37:e3:79:4e:a2:2e:1d:d1:e8:1b:
                    eb:91:32:d4:0d:b9:61:4b:54:53:2f:bb:b3:6d:00:
                    a7:c0:11:09:c6:9b:a7:c5:13:a6:3b:a6:ea:6c:87:
                    47:41:7c:8a:0a:9d:e9:2d:6d:5d:ff:ea:57:77:a5:
                    32:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                28:FA:50:7C:20:92:BD:D1:BB:D1:B0:81:6C:9D:71:CD:46:81:09:6C
            X509v3 Authority Key Identifier:
                keyid:07:D3:62:BD:D7:CA:6E:80:E2:C2:44:43:75:97:BD:47:EF:7A:4F:DE

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/21a797f9-3c10-4536-aa64-09ca2d9545c8/0/07D362BDD7CA6E80E2C244437597BD47EF7A4FDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9NivdfKboDiwkRDdZe9R-96T94.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/5/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c0ed046-fa95-45c3-9146-971db8a9e8bb/5/28FA507C2092BDD1BBD1B0816C9D71CD4681096C.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486::/36
                  2a07:2487::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:76:c8:f6:f8:4f:5b:94:1b:49:6c:85:63:4a:22:42:c5:48:
         d8:40:2e:44:4d:65:6e:4f:37:d7:6a:3b:9d:98:23:15:3d:6c:
         04:c6:18:19:77:aa:e1:79:85:7d:02:ef:c1:00:d3:5a:e7:03:
         14:56:3a:d4:c6:26:11:72:79:b5:f1:54:00:e8:85:77:56:f2:
         20:87:38:c6:f5:90:3b:ae:59:55:1d:9d:41:85:9f:9b:50:0b:
         11:05:26:86:64:ca:41:d0:4f:1a:6e:cf:06:c4:7e:18:91:10:
         92:1d:75:8f:fa:0b:70:12:28:b4:cc:f4:32:27:aa:47:92:d6:
         55:c6:d9:e4:f9:a9:e1:a1:dc:0f:5b:6f:17:ec:4e:bd:75:2e:
         50:8b:a3:fe:62:d8:34:52:a6:3f:da:01:8a:b6:1e:65:40:b0:
         1c:1e:42:1a:14:a0:72:30:a3:86:93:2a:fb:23:c0:9a:b7:7e:
         81:24:93:c4:cd:22:58:48:14:a4:98:e2:5f:f2:80:a4:01:1b:
         1c:c0:10:d4:46:3c:a0:d5:08:d0:2c:18:05:3d:61:ce:40:19:
         f3:a5:05:32:48:8f:59:bf:7d:03:00:37:34:f6:f3:cc:94:58:
         4d:4a:01:93:03:a2:93:4b:c3:b1:00:af:66:ba:56:87:e2:cb:
         15:e7:9e:b2
-----BEGIN CERTIFICATE-----
MIIF4DCCBMigAwIBAgIUJk4OUND8BC8220FRShRzJC971iMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDdkMzYyYmRkN2NhNmU4MGUyYzI0NDQzNzU5N2JkNDdl
ZjdhNGZkZTAeFw0yNDA0MTMxMjI2MTNaFw0yNTA0MTIxMjMxMTNaMDMxMTAvBgNV
BAMTKDI4RkE1MDdDMjA5MkJERDFCQkQxQjA4MTZDOUQ3MUNENDY4MTA5NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2VDnEzXTg3FSK7rigCk2o6lex
hwwyB0v2ISh1mxIzGViVYAVhFqd0lNLtCKVHbmIfsgHqyxdi4BeCd++j4IG/VG7b
fmNo4mGsmUs0wVmX7mg5fGbdPvwJsSDL5KtllIhprGwpGAROtogIkozaDzPUp4Dw
vZZSLa7mxtoyPIXsbZh3gds16L6PAFeeORW0a+1YJZjROjvvTVKtpzzpfQPTYKwF
nvTN6mvx3p60gjYH8hCRpqC5nsXOTzEGOuV6ul6sh8P5wl4aN+N5TqIuHdHoG+uR
MtQNuWFLVFMvu7NtAKfAEQnGm6fFE6Y7pupsh0dBfIoKnektbV3/6ld3pTI5AgMB
AAGjggLqMIIC5jAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQo+lB8IJK90bvR
sIFsnXHNRoEJbDAfBgNVHSMEGDAWgBQH02K918pugOLCREN1l71H73pP3jAOBgNV
HQ8BAf8EBAMCAQYwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8yMWE3OTdmOS0zYzEwLTQ1
MzYtYWE2NC0wOWNhMmQ5NTQ1YzgvMC8wN0QzNjJCREQ3Q0E2RTgwRTJDMjQ0NDM3
NTk3QkQ0N0VGN0E0RkRFLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKG
SHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvQjlOaXZk
Zktib0Rpd2tSRGRaZTlSLTk2VDk0LmNlcjCCAT8GCCsGAQUFBwELBIIBMTCCAS0w
XwYIKwYBBQUHMAWGU3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvOWMwZWQwNDYtZmE5NS00NWMzLTkxNDYtOTcxZGI4YTllOGJiLzUv
MIGLBggrBgEFBQcwCoZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS85YzBlZDA0Ni1mYTk1LTQ1YzMtOTE0Ni05NzFkYjhhOWU4YmIv
NS8yOEZBNTA3QzIwOTJCREQxQkJEMUIwODE2QzlENzFDRDQ2ODEwOTZDLm1mdDA8
BggrBgEFBQcwDYYwaHR0cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3Rp
ZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwKAYIKwYBBQUH
AQcBAf8EGTAXMBUEAgACMA8DBgQqBySGAAMFACoHJIcwDQYJKoZIhvcNAQELBQAD
ggEBAF92yPb4T1uUG0lshWNKIkLFSNhALkRNZW5PN9dqO52YIxU9bATGGBl3quF5
hX0C78EA01rnAxRWOtTGJhFyebXxVADohXdW8iCHOMb1kDuuWVUdnUGFn5tQCxEF
JoZkykHQTxpuzwbEfhiREJIddY/6C3ASKLTM9DInqkeS1lXG2eT5qeGh3A9bbxfs
Tr11LlCLo/5i2DRSpj/aAYq2HmVAsBweQhoUoHIwo4aTKvsjwJq3foEkk8TNIlhI
FKSY4l/ygKQBGxzAENRGPKDVCNAsGAU9Yc5AGfOlBTJIj1m/fQMANzT288yUWE1K
AZMDopNLw7EAr2a6VofiyxXnnrI=
-----END CERTIFICATE-----