Certificate

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/21a797f9-3c10-4536-aa64-09ca2d9545c8/0/AB988C63F14514C64BA41F5464D70E7BB3EA8764.cer
File:                     AB988C63F14514C64BA41F5464D70E7BB3EA8764.cer (raw, json)
Hash identifier:          chx+B9anus/zy+EJkPnSNwLpqQPj8ik0zubrq7LS5+U=
Subject key identifier:   AB:98:8C:63:F1:45:14:C6:4B:A4:1F:54:64:D7:0E:7B:B3:EA:87:64
Authority key identifier: 07:D3:62:BD:D7:CA:6E:80:E2:C2:44:43:75:97:BD:47:EF:7A:4F:DE
Certificate issuer:       /CN=07d362bdd7ca6e80e2c244437597bd47ef7a4fde
Certificate serial:       15D742D36ED3E43F7A43869A57F2F03A7B39F2A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9NivdfKboDiwkRDdZe9R-96T94.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/79a5b9dc-f78c-40a9-beb9-0d35b8347854/1/AB988C63F14514C64BA41F5464D70E7BB3EA8764.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/79a5b9dc-f78c-40a9-beb9-0d35b8347854/1/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 27 Mar 2024 21:02:30 +0000
Certificate not after:    Wed 26 Mar 2025 21:07:30 +0000
Subordinate resources:    IP: 2a07:2483::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:d7:42:d3:6e:d3:e4:3f:7a:43:86:9a:57:f2:f0:3a:7b:39:f2:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d362bdd7ca6e80e2c244437597bd47ef7a4fde
        Validity
            Not Before: Mar 27 21:02:30 2024 GMT
            Not After : Mar 26 21:07:30 2025 GMT
        Subject: CN=AB988C63F14514C64BA41F5464D70E7BB3EA8764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:03:8c:ef:dd:b5:88:0e:13:59:37:b0:db:0e:
                    2c:56:89:6f:00:3f:03:16:ae:65:6a:5b:2e:26:20:
                    ae:94:73:cb:98:75:f3:96:d0:88:fd:2f:aa:8f:da:
                    3d:01:40:57:bd:46:df:00:9d:5b:cd:92:9f:9b:a3:
                    16:8a:9e:39:17:2e:1d:05:9d:7d:20:c9:f7:8e:8d:
                    be:62:b8:8a:69:20:06:79:7a:f9:e0:b9:d8:e1:68:
                    bc:1c:0c:5b:e7:da:b9:e5:10:07:a6:90:2e:69:0d:
                    09:58:b7:74:8e:1d:8a:2e:9a:4a:73:37:41:bd:8a:
                    51:bc:d8:66:f9:73:bb:92:8b:86:68:ca:25:7a:b6:
                    db:b3:2a:00:13:99:ca:3f:7a:2f:a1:8b:de:f3:15:
                    39:19:15:25:37:ab:31:e5:a3:fc:04:bd:28:98:c9:
                    7e:fd:49:c5:88:b0:8e:2a:9c:b5:34:a7:05:eb:5d:
                    6d:6c:df:a3:03:b2:a4:d8:69:ef:99:7a:36:fc:3c:
                    0a:e9:7d:d0:fd:bf:52:a3:d6:06:cc:41:db:55:1c:
                    13:a6:5e:b4:f6:51:8f:1c:3b:13:51:ab:ef:88:2a:
                    3c:f5:01:a2:74:4a:ed:21:1c:4b:15:0c:78:cc:9e:
                    42:bc:c2:e9:70:de:df:37:37:a1:96:a5:e9:08:12:
                    2a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                AB:98:8C:63:F1:45:14:C6:4B:A4:1F:54:64:D7:0E:7B:B3:EA:87:64
            X509v3 Authority Key Identifier:
                keyid:07:D3:62:BD:D7:CA:6E:80:E2:C2:44:43:75:97:BD:47:EF:7A:4F:DE

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/21a797f9-3c10-4536-aa64-09ca2d9545c8/0/07D362BDD7CA6E80E2C244437597BD47EF7A4FDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9NivdfKboDiwkRDdZe9R-96T94.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/79a5b9dc-f78c-40a9-beb9-0d35b8347854/1/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/79a5b9dc-f78c-40a9-beb9-0d35b8347854/1/AB988C63F14514C64BA41F5464D70E7BB3EA8764.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2483::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:b5:37:23:a0:58:d4:e7:a3:ad:9a:8d:7e:aa:15:af:24:c5:
         43:6d:d2:d3:8b:77:9e:e9:6b:e0:30:3d:6a:26:ac:55:1e:41:
         c5:e0:39:cc:27:f3:79:9e:90:52:08:13:75:f9:6d:98:56:1c:
         53:94:9b:52:88:76:4b:c4:23:19:ee:40:87:da:e3:d7:17:e5:
         28:cf:3c:a2:8f:bb:b5:d6:f1:5d:bd:37:62:13:21:f9:5c:25:
         5f:b6:0f:10:06:13:dd:b5:2a:41:53:7c:9b:7b:18:22:16:e2:
         61:f4:e8:81:c4:47:ee:bd:7f:87:b1:7b:2e:16:04:4b:a8:ec:
         54:ab:eb:e5:b1:5b:e7:2e:17:8c:93:fa:16:0d:73:d6:97:ad:
         c5:27:ab:3f:e7:95:a7:a9:a9:0c:a4:03:0e:c0:08:ac:2a:76:
         58:4a:ca:83:35:61:2a:fd:6f:0f:0e:1b:87:da:87:16:77:d1:
         2f:61:e4:eb:e9:d6:75:76:e1:de:56:a5:61:e9:03:52:20:5b:
         77:75:bd:cc:43:2d:6d:f3:d3:79:f7:6b:8b:52:82:d3:98:a7:
         c6:d9:55:a0:d5:8a:11:aa:0c:92:1f:78:37:a3:0c:aa:af:5a:
         62:67:2b:cf:05:e5:dd:bf:24:c0:57:0e:89:ae:33:43:22:dc:
         27:b2:ab:3f
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgIUFddC027T5D96Q4aaV/LwOns58qIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDdkMzYyYmRkN2NhNmU4MGUyYzI0NDQzNzU5N2JkNDdl
ZjdhNGZkZTAeFw0yNDAzMjcyMTAyMzBaFw0yNTAzMjYyMTA3MzBaMDMxMTAvBgNV
BAMTKEFCOTg4QzYzRjE0NTE0QzY0QkE0MUY1NDY0RDcwRTdCQjNFQTg3NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8A4zv3bWIDhNZN7DbDixWiW8A
PwMWrmVqWy4mIK6Uc8uYdfOW0Ij9L6qP2j0BQFe9Rt8AnVvNkp+boxaKnjkXLh0F
nX0gyfeOjb5iuIppIAZ5evngudjhaLwcDFvn2rnlEAemkC5pDQlYt3SOHYoumkpz
N0G9ilG82Gb5c7uSi4ZoyiV6ttuzKgATmco/ei+hi97zFTkZFSU3qzHlo/wEvSiY
yX79ScWIsI4qnLU0pwXrXW1s36MDsqTYae+Zejb8PArpfdD9v1Kj1gbMQdtVHBOm
XrT2UY8cOxNRq++IKjz1AaJ0Su0hHEsVDHjMnkK8wulw3t83N6GWpekIEio1AgMB
AAGjggLiMIIC3jAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSrmIxj8UUUxkuk
H1Rk1w57s+qHZDAfBgNVHSMEGDAWgBQH02K918pugOLCREN1l71H73pP3jAOBgNV
HQ8BAf8EBAMCAQYwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8yMWE3OTdmOS0zYzEwLTQ1
MzYtYWE2NC0wOWNhMmQ5NTQ1YzgvMC8wN0QzNjJCREQ3Q0E2RTgwRTJDMjQ0NDM3
NTk3QkQ0N0VGN0E0RkRFLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKG
SHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvQjlOaXZk
Zktib0Rpd2tSRGRaZTlSLTk2VDk0LmNlcjCCAT8GCCsGAQUFBwELBIIBMTCCAS0w
XwYIKwYBBQUHMAWGU3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvNzlhNWI5ZGMtZjc4Yy00MGE5LWJlYjktMGQzNWI4MzQ3ODU0LzEv
MIGLBggrBgEFBQcwCoZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS83OWE1YjlkYy1mNzhjLTQwYTktYmViOS0wZDM1YjgzNDc4NTQv
MS9BQjk4OEM2M0YxNDUxNEM2NEJBNDFGNTQ2NEQ3MEU3QkIzRUE4NzY0Lm1mdDA8
BggrBgEFBQcwDYYwaHR0cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3Rp
ZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUH
AQcBAf8EETAPMA0EAgACMAcDBQAqBySDMA0GCSqGSIb3DQEBCwUAA4IBAQAatTcj
oFjU56Otmo1+qhWvJMVDbdLTi3ee6WvgMD1qJqxVHkHF4DnMJ/N5npBSCBN1+W2Y
VhxTlJtSiHZLxCMZ7kCH2uPXF+Uozzyij7u11vFdvTdiEyH5XCVftg8QBhPdtSpB
U3ybexgiFuJh9OiBxEfuvX+HsXsuFgRLqOxUq+vlsVvnLheMk/oWDXPWl63FJ6s/
55WnqakMpAMOwAisKnZYSsqDNWEq/W8PDhuH2ocWd9EvYeTr6dZ1duHeVqVh6QNS
IFt3db3MQy1t89N592uLUoLTmKfG2VWg1YoRqgySH3g3owyqr1piZyvPBeXdvyTA
Vw6JrjNDItwnsqs/
-----END CERTIFICATE-----