Certificate

$ rpki-client -vvf repo.kagl.me/rpki/KeatonAGLair/0/0D4273D949CE571D82BC050D369391F4AE2CB209.cer
File:                     0D4273D949CE571D82BC050D369391F4AE2CB209.cer (raw, json)
Hash identifier:          D9oYQDPLwQ6CkYAViu0FnrnKAzc02xPgEEdJQiA6XnM=
Subject key identifier:   0D:42:73:D9:49:CE:57:1D:82:BC:05:0D:36:93:91:F4:AE:2C:B2:09
Authority key identifier: 7E:C9:B5:D2:25:08:C0:23:1C:15:DA:BD:AF:51:35:99:0B:66:BF:ED
Certificate issuer:       /CN=02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351
Certificate serial:       6DD9C91897E60703F07F9B208CA7D37CE15165D7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/39065acc-beed-4115-bc6c-63de232f2a04/02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351.cer
Manifest:                 rsync://rpki.co/repo/August/12/0D4273D949CE571D82BC050D369391F4AE2CB209.mft
caRepository:             rsync://rpki.co/repo/August/12/
Notify URL:               https://rrdp.rpki.co/rrdp/notification.xml
Certificate not before:   Mon 22 May 2023 21:43:07 +0000
Certificate not after:    Mon 20 May 2024 21:48:07 +0000
Subordinate resources:    IP: 104.37.42.0/23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:d9:c9:18:97:e6:07:03:f0:7f:9b:20:8c:a7:d3:7c:e1:51:65:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351
        Validity
            Not Before: May 22 21:43:07 2023 GMT
            Not After : May 20 21:48:07 2024 GMT
        Subject: CN=0D4273D949CE571D82BC050D369391F4AE2CB209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:43:57:3a:f7:c3:29:4c:8f:4d:17:4e:3b:21:
                    25:aa:ee:35:ae:f7:c1:71:46:2c:7f:40:bc:17:9d:
                    ed:fa:3e:d8:46:a6:3f:52:16:ae:2f:e6:96:da:b5:
                    ea:e0:85:05:c1:0e:b6:32:e1:fe:2b:33:22:7a:c9:
                    3f:c1:01:9f:78:d4:fb:0b:b0:dd:ab:f9:70:6e:4b:
                    e5:57:aa:e2:f9:d1:31:4f:df:fe:f1:3d:f3:c0:18:
                    2a:82:8b:9e:ad:0e:e8:ad:64:f0:35:24:37:ac:8b:
                    bc:30:01:41:60:30:db:4b:b0:c9:f8:b0:68:1d:4d:
                    63:db:5b:75:57:c3:46:59:cf:3b:25:6c:11:0c:77:
                    a7:bf:9f:a0:fd:ba:72:80:02:d3:5c:29:1e:a5:f1:
                    63:78:14:80:e1:39:be:1b:45:27:b5:a2:68:aa:a4:
                    16:62:fb:f1:95:59:82:68:ce:fe:98:25:88:7e:ac:
                    b5:f0:f8:36:25:2e:11:22:48:aa:fb:3c:be:ba:94:
                    b7:40:cf:03:f6:99:82:3c:6d:cc:64:ae:e0:2e:71:
                    03:b7:04:4a:a0:32:f8:04:3f:41:7e:61:ca:13:cd:
                    c8:88:43:f3:f4:7f:41:b0:81:e4:c8:5f:26:d9:f3:
                    61:37:41:15:f5:a4:d8:37:29:20:a7:5d:d9:cf:44:
                    6c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                0D:42:73:D9:49:CE:57:1D:82:BC:05:0D:36:93:91:F4:AE:2C:B2:09
            X509v3 Authority Key Identifier:
                keyid:7E:C9:B5:D2:25:08:C0:23:1C:15:DA:BD:AF:51:35:99:0B:66:BF:ED

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.kagl.me/rpki/KeatonAGLair/0/7EC9B5D22508C0231C15DABDAF5135990B66BFED.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/39065acc-beed-4115-bc6c-63de232f2a04/02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.co/repo/August/12/
                RPKI Manifest - URI:rsync://rpki.co/repo/August/12/0D4273D949CE571D82BC050D369391F4AE2CB209.mft
                RPKI Notify - URI:https://rrdp.rpki.co/rrdp/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.37.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:d3:a6:83:4d:47:e4:14:04:4c:0b:c1:37:8d:91:36:9a:22:
         e7:c7:a9:88:b9:44:67:7a:43:ea:fd:19:6b:25:04:19:e0:3a:
         f8:62:d4:f0:23:5e:f6:c5:36:93:44:69:66:86:14:45:6a:b4:
         12:c3:98:14:f4:cf:e7:d9:83:ce:b1:99:7d:0b:ec:61:79:ad:
         02:bf:5d:62:2f:68:44:1a:1f:d9:23:f1:fa:7e:ec:36:ca:4e:
         7c:7f:dc:c6:8a:24:d0:d5:b4:66:49:a2:89:f5:9f:4c:31:be:
         b0:cd:a7:a8:dc:cc:6b:24:e8:08:1d:05:d3:bf:51:07:f5:69:
         89:53:7f:02:13:91:ca:a3:e6:cf:56:10:dc:b8:70:c5:10:6c:
         ee:b5:79:ea:73:b1:23:e5:7e:c0:45:df:a5:9e:b3:b0:f9:b7:
         3c:48:3c:71:02:c9:1f:df:d9:17:35:d1:f4:a2:9a:18:d5:26:
         c9:37:00:90:fa:6f:a9:32:66:18:cb:fb:6a:39:c6:ec:a6:cb:
         db:ce:f1:f4:a5:10:87:59:31:5f:81:5a:db:f5:d6:7e:89:a5:
         92:39:b2:15:69:a4:68:d6:db:77:a5:99:c2:a8:5c:ee:04:48:
         6a:b9:a7:35:e5:3c:c0:11:86:84:25:51:2b:28:13:0f:61:46:
         74:48:a7:dd
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIUbdnJGJfmBwPwf5sgjKfTfOFRZdcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMDJiYTNmNTI1NGI4ODY4MWVjNmM1NDUwYTM4NzE3NDc5
YzA1ODliOTk1NmM1MWUzNTEwHhcNMjMwNTIyMjE0MzA3WhcNMjQwNTIwMjE0ODA3
WjAzMTEwLwYDVQQDEygwRDQyNzNEOTQ5Q0U1NzFEODJCQzA1MEQzNjkzOTFGNEFF
MkNCMjA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsENXOvfDKUyP
TRdOOyElqu41rvfBcUYsf0C8F53t+j7YRqY/UhauL+aW2rXq4IUFwQ62MuH+KzMi
esk/wQGfeNT7C7Ddq/lwbkvlV6ri+dExT9/+8T3zwBgqgouerQ7orWTwNSQ3rIu8
MAFBYDDbS7DJ+LBoHU1j21t1V8NGWc87JWwRDHenv5+g/bpygALTXCkepfFjeBSA
4Tm+G0UntaJoqqQWYvvxlVmCaM7+mCWIfqy18Pg2JS4RIkiq+zy+upS3QM8D9pmC
PG3MZK7gLnEDtwRKoDL4BD9BfmHKE83IiEPz9H9BsIHkyF8m2fNhN0EV9aTYNykg
p13Zz0RsqQIDAQABo4ICzzCCAsswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
DUJz2UnOVx2CvAUNNpOR9K4ssgkwHwYDVR0jBBgwFoAUfsm10iUIwCMcFdq9r1E1
mQtmv+0wDgYDVR0PAQH/BAQDAgEGMGYGA1UdHwRfMF0wW6BZoFeGVXJzeW5jOi8v
cmVwby5rYWdsLm1lL3Jwa2kvS2VhdG9uQUdMYWlyLzAvN0VDOUI1RDIyNTA4QzAy
MzFDMTVEQUJEQUY1MTM1OTkwQjY2QkZFRC5jcmwwgfMGCCsGAQUFBwEBBIHmMIHj
MIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5
L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3
ZDMvMDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzM5MDY1YWNj
LWJlZWQtNDExNS1iYzZjLTYzZGUyMzJmMmEwNC8wMmJhM2Y1MjU0Yjg4NjgxZWM2
YzU0NTBhMzg3MTc0NzljMDU4OWI5OTU2YzUxZTM1MS5jZXIwgc4GCCsGAQUFBwEL
BIHBMIG+MCsGCCsGAQUFBzAFhh9yc3luYzovL3Jwa2kuY28vcmVwby9BdWd1c3Qv
MTIvMFcGCCsGAQUFBzAKhktyc3luYzovL3Jwa2kuY28vcmVwby9BdWd1c3QvMTIv
MEQ0MjczRDk0OUNFNTcxRDgyQkMwNTBEMzY5MzkxRjRBRTJDQjIwOS5tZnQwNgYI
KwYBBQUHMA2GKmh0dHBzOi8vcnJkcC5ycGtpLmNvL3JyZHAvbm90aWZpY2F0aW9u
LnhtbDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQBaCUqMA0GCSqGSIb3DQEBCwUAA4IBAQBp06aDTUfkFARMC8E3
jZE2miLnx6mIuURnekPq/RlrJQQZ4Dr4YtTwI172xTaTRGlmhhRFarQSw5gU9M/n
2YPOsZl9C+xhea0Cv11iL2hEGh/ZI/H6fuw2yk58f9zGiiTQ1bRmSaKJ9Z9MMb6w
zaeo3MxrJOgIHQXTv1EH9WmJU38CE5HKo+bPVhDcuHDFEGzutXnqc7Ej5X7ARd+l
nrOw+bc8SDxxAskf39kXNdH0opoY1SbJNwCQ+m+pMmYYy/tqOcbspsvbzvH0pRCH
WTFfgVrb9dZ+iaWSObIVaaRo1tt3pZnCqFzuBEhquac15TzAEYaEJVErKBMPYUZ0
SKfd
-----END CERTIFICATE-----