Certificate

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/B89BFA84DC5AFE05076A0800B960FEA22FC90D09.cer
File:                     B89BFA84DC5AFE05076A0800B960FEA22FC90D09.cer (raw, json)
Hash identifier:          +211NswqdTIbrsjWWZ5Vwn6uEnCMrJ3uyiHrc7Amlqc=
Subject key identifier:   B8:9B:FA:84:DC:5A:FE:05:07:6A:08:00:B9:60:FE:A2:2F:C9:0D:09
Authority key identifier: 57:A9:74:6F:E5:43:EB:3E:A0:D4:49:53:42:44:C9:3F:C8:8F:85:03
Certificate issuer:       /CN=57A9746FE543EB3EA0D449534244C93FC88F8503
Certificate serial:       1FD7840EBBB30833589FEDF1575DEB83EBEA0A9D
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/57A9746FE543EB3EA0D449534244C93FC88F8503.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/1/B89BFA84DC5AFE05076A0800B960FEA22FC90D09.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/1/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 22 Mar 2024 20:14:29 +0000
Certificate not after:    Fri 21 Mar 2025 20:19:29 +0000
Subordinate resources:    IP: 2a0a:6044:7c00::/40
                          IP: 2a0a:6044:8000::/36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:d7:84:0e:bb:b3:08:33:58:9f:ed:f1:57:5d:eb:83:eb:ea:0a:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57A9746FE543EB3EA0D449534244C93FC88F8503
        Validity
            Not Before: Mar 22 20:14:29 2024 GMT
            Not After : Mar 21 20:19:29 2025 GMT
        Subject: CN=B89BFA84DC5AFE05076A0800B960FEA22FC90D09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:af:f7:d8:17:eb:67:3a:f9:44:51:d9:ec:4b:
                    f5:3a:e2:70:da:13:3a:e5:49:ea:14:c7:e9:5e:5f:
                    b0:d1:a5:3c:9a:26:19:03:e6:25:4f:be:6c:6a:d7:
                    16:72:1c:0b:82:ce:c5:f5:88:80:6e:47:2a:8c:d3:
                    db:8b:f4:ed:10:65:80:cd:28:72:47:4e:19:6f:a1:
                    4c:fd:6e:94:3c:23:a2:a5:ef:31:f6:23:c2:65:4b:
                    33:7e:9e:19:c9:54:aa:3c:97:5f:6a:10:fc:0e:5e:
                    a2:e6:43:63:a4:ac:ad:c1:d7:24:47:83:23:71:87:
                    78:0c:93:01:fe:7d:09:5b:79:93:f6:4f:ba:e3:6c:
                    c2:7d:cc:fe:70:dc:27:37:0c:36:c2:05:d7:7d:42:
                    fc:db:ff:9d:62:47:f0:a4:5f:4f:62:63:45:33:17:
                    62:ea:82:fa:64:36:f2:e0:b9:b4:97:82:2b:e9:b8:
                    2b:da:1f:5e:3a:40:16:24:04:d3:22:77:d5:1f:37:
                    8f:84:ef:e0:dd:0c:1c:25:9c:12:f8:f1:d0:19:71:
                    87:a4:e9:1a:20:a9:69:c1:cc:d5:5b:a6:97:33:df:
                    b0:6c:82:4a:0b:9e:66:ad:8b:ea:82:3d:b8:96:67:
                    4b:a2:aa:e3:4b:be:96:33:2b:e9:8d:68:7d:08:20:
                    a8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                B8:9B:FA:84:DC:5A:FE:05:07:6A:08:00:B9:60:FE:A2:2F:C9:0D:09
            X509v3 Authority Key Identifier:
                keyid:57:A9:74:6F:E5:43:EB:3E:A0:D4:49:53:42:44:C9:3F:C8:8F:85:03

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/57A9746FE543EB3EA0D449534244C93FC88F8503.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/57A9746FE543EB3EA0D449534244C93FC88F8503.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/1/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/1/B89BFA84DC5AFE05076A0800B960FEA22FC90D09.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:7c00::/40
                  2a0a:6044:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         b7:89:b7:fa:9b:be:cd:ab:46:2b:71:e5:2e:f9:67:2e:48:54:
         5f:4a:fc:e3:f1:97:17:41:f3:b3:78:7c:04:1a:93:d8:57:f6:
         ee:ed:31:58:b3:91:07:60:c9:f8:50:c5:d7:9a:7e:cc:3b:80:
         a1:3a:21:dc:d4:9c:93:ac:1b:1b:75:b5:56:f8:b8:dd:5e:ad:
         e4:15:2e:f0:32:ee:f6:ae:bb:6d:7c:a2:9a:61:d9:51:bf:8b:
         cf:53:6d:f5:04:c5:b7:a2:c2:58:4f:0f:cd:a7:9f:3f:d9:85:
         01:05:1e:d8:07:c7:bb:9b:14:3e:05:0e:7d:f6:0b:5a:54:51:
         10:29:6c:f4:3d:3d:8e:35:e3:47:e3:0d:85:d2:20:a2:b9:3b:
         d1:49:dc:95:e3:50:2f:34:2f:d1:cb:a8:8c:5a:35:b9:fc:26:
         34:cf:7e:60:6b:20:37:c5:84:49:11:7b:96:0b:92:12:eb:e5:
         fc:98:17:d5:20:b8:dd:0e:b3:b3:80:1e:48:dd:c1:5b:87:f3:
         95:a8:33:64:c8:da:d5:0f:7b:70:70:e1:0f:de:e3:55:66:16:
         c3:a5:ee:fb:a1:88:3f:69:b9:ab:d0:df:13:6c:8d:30:8f:4f:
         d0:df:83:0a:ad:5e:79:cc:aa:43:ba:6e:a2:50:51:ba:77:44:
         a4:98:90:3a
-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgIUH9eEDruzCDNYn+3xV13rg+vqCp0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTdBOTc0NkZFNTQzRUIzRUEwRDQ0OTUzNDI0NEM5M0ZD
ODhGODUwMzAeFw0yNDAzMjIyMDE0MjlaFw0yNTAzMjEyMDE5MjlaMDMxMTAvBgNV
BAMTKEI4OUJGQTg0REM1QUZFMDUwNzZBMDgwMEI5NjBGRUEyMkZDOTBEMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVr/fYF+tnOvlEUdnsS/U64nDa
EzrlSeoUx+leX7DRpTyaJhkD5iVPvmxq1xZyHAuCzsX1iIBuRyqM09uL9O0QZYDN
KHJHThlvoUz9bpQ8I6Kl7zH2I8JlSzN+nhnJVKo8l19qEPwOXqLmQ2OkrK3B1yRH
gyNxh3gMkwH+fQlbeZP2T7rjbMJ9zP5w3Cc3DDbCBdd9Qvzb/51iR/CkX09iY0Uz
F2LqgvpkNvLgubSXgivpuCvaH146QBYkBNMid9UfN4+E7+DdDBwlnBL48dAZcYek
6RogqWnBzNVbppcz37BsgkoLnmati+qCPbiWZ0uiquNLvpYzK+mNaH0IIKgnAgMB
AAGjggMbMIIDFzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS4m/qE3Fr+BQdq
CAC5YP6iL8kNCTAfBgNVHSMEGDAWgBRXqXRv5UPrPqDUSVNCRMk/yI+FAzAOBgNV
HQ8BAf8EBAMCAQYwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8zMjUzZDk3My1kNWJmLTQ1
NDEtYmNjMS0yNzY1NDNhMjVjN2QvMC81N0E5NzQ2RkU1NDNFQjNFQTBENDQ5NTM0
MjQ0QzkzRkM4OEY4NTAzLmNybDCBkwYIKwYBBQUHAQEEgYYwgYMwgYAGCCsGAQUF
BzAChnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRvcnkvOGE4NDhh
ZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi81N0E5NzQ2RkU1NDNFQjNFQTBE
NDQ5NTM0MjQ0QzkzRkM4OEY4NTAzLmNlcjCCAT8GCCsGAQUFBwELBIIBMTCCAS0w
XwYIKwYBBQUHMAWGU3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvNDkxYTQzYmMtNzZlYy00YWJlLWJhN2QtZTczZTkwZDY2MmNiLzEv
MIGLBggrBgEFBQcwCoZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS80OTFhNDNiYy03NmVjLTRhYmUtYmE3ZC1lNzNlOTBkNjYyY2Iv
MS9CODlCRkE4NERDNUFGRTA1MDc2QTA4MDBCOTYwRkVBMjJGQzkwRDA5Lm1mdDA8
BggrBgEFBQcwDYYwaHR0cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3Rp
ZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwKQYIKwYBBQUH
AQcBAf8EGjAYMBYEAgACMBADBgAqCmBEfAMGBCoKYESAMA0GCSqGSIb3DQEBCwUA
A4IBAQC3ibf6m77Nq0YrceUu+WcuSFRfSvzj8ZcXQfOzeHwEGpPYV/bu7TFYs5EH
YMn4UMXXmn7MO4ChOiHc1JyTrBsbdbVW+LjdXq3kFS7wMu72rrttfKKaYdlRv4vP
U231BMW3osJYTw/Np58/2YUBBR7YB8e7mxQ+BQ599gtaVFEQKWz0PT2ONeNH4w2F
0iCiuTvRSdyV41AvNC/Ry6iMWjW5/CY0z35gayA3xYRJEXuWC5IS6+X8mBfVILjd
DrOzgB5I3cFbh/OVqDNkyNrVD3twcOEP3uNVZhbDpe77oYg/abmr0N8TbI0wj0/Q
34MKrV55zKpDum6iUFG6d0SkmJA6
-----END CERTIFICATE-----