Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/W2Ya3L9pYu7sglxtTem0SfAuhB0.cer
File:                     W2Ya3L9pYu7sglxtTem0SfAuhB0.cer (raw, json)
Hash identifier:          UQShopgDF6z3ey0EUnh6xIAa9osIq9umUUlUTVDYQEw=
Subject key identifier:   5B:66:1A:DC:BF:69:62:EE:EC:82:5C:6D:4D:E9:B4:49:F0:2E:84:1D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       AEEF3C9E21
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8d/cff31c-25d0-4d02-a696-4bcb629da545/1/W2Ya3L9pYu7sglxtTem0SfAuhB0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8d/cff31c-25d0-4d02-a696-4bcb629da545/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 22 Mar 2022 11:40:59 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    IP: 2a05:9a40::/29
                          IP: 2a06:5fc0::/29
                          IP: 2a0d:6f80::/29
                          IP: 2a0f:9ac0::/29
                          IP: 2a0f:9b40::/29
                          IP: 2a10:b40::/29
                          IP: 2a10:3c80::/29
                          IP: 2a10:3f80::/29
                          IP: 2a10:77c0::/29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 751338036769 (0xaeef3c9e21)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 22 11:40:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5b661adcbf6962eeec825c6d4de9b449f02e841d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:70:05:35:85:ec:05:51:5a:e6:63:03:6c:1c:
                    3a:8d:81:b5:39:a5:25:ca:d6:1f:7b:a4:79:a8:ff:
                    05:9d:f2:30:4b:aa:30:44:c6:d1:22:f0:1e:da:8a:
                    57:4c:b5:80:fd:84:28:d6:59:97:63:42:be:a5:6a:
                    aa:12:1d:f7:d7:80:19:fe:d9:32:70:0e:e9:1f:7d:
                    25:22:e0:cf:27:04:d8:f4:39:0c:4c:87:2b:d6:a5:
                    62:83:86:df:31:0e:c6:57:38:33:4b:9b:da:25:49:
                    af:2d:d2:1f:db:62:c5:29:54:47:0a:85:8a:4a:6d:
                    d0:1e:22:0f:b9:f8:cb:82:77:08:36:fe:a2:8b:1f:
                    97:ca:71:c7:5c:2e:fd:ae:5d:e8:ff:0a:f3:b5:bd:
                    4a:d7:fa:9c:e2:a6:84:36:af:f2:9b:f7:54:e1:21:
                    d5:41:16:de:16:0c:bb:85:30:6b:05:25:10:97:3e:
                    09:a0:74:93:d7:85:97:8c:1a:23:4a:2c:a2:75:6e:
                    f5:79:e9:0e:f9:ff:60:64:71:fc:e3:57:6c:47:10:
                    02:df:27:1b:d0:a8:01:f3:77:d6:0c:de:b0:2f:5f:
                    e1:8f:fb:92:a3:08:68:5b:1d:3e:3b:58:82:12:1d:
                    0c:28:15:8e:bc:11:4f:48:0b:40:dd:1c:5b:c0:0a:
                    33:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:66:1A:DC:BF:69:62:EE:EC:82:5C:6D:4D:E9:B4:49:F0:2E:84:1D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/cff31c-25d0-4d02-a696-4bcb629da545/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/cff31c-25d0-4d02-a696-4bcb629da545/1/W2Ya3L9pYu7sglxtTem0SfAuhB0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9a40::/29
                  2a06:5fc0::/29
                  2a0d:6f80::/29
                  2a0f:9ac0::/29
                  2a0f:9b40::/29
                  2a10:b40::/29
                  2a10:3c80::/29
                  2a10:3f80::/29
                  2a10:77c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:04:d0:a7:60:a2:fd:6f:f8:a7:75:1d:26:4e:33:78:7e:b9:
         55:18:e5:12:02:25:b3:35:f2:96:cb:41:f4:f7:b3:9f:44:1c:
         4c:65:47:46:9a:b5:5a:81:34:9b:bc:3e:f4:ca:7b:42:d9:1c:
         98:43:05:f5:6f:1a:84:b9:6f:41:27:85:d6:27:b9:8d:38:f6:
         82:11:e6:af:d6:74:e3:57:6c:f1:4e:09:d4:e3:01:f7:cf:f2:
         37:7d:7e:93:d3:c5:4c:48:f8:18:ac:6b:63:85:ba:ba:a4:b8:
         f2:5b:e3:a3:0b:66:86:af:ee:4b:2d:51:7a:86:70:85:18:45:
         57:14:35:df:08:3d:65:6e:5c:b1:f4:28:72:27:0f:62:da:07:
         78:d8:76:fb:62:e0:f3:ed:c0:8e:5a:52:f1:ac:06:fe:a6:5d:
         e3:b1:2b:42:f0:0e:03:69:31:fe:8e:1e:c6:46:46:b3:1b:ef:
         a2:e6:fc:22:ef:8c:b4:8b:99:b3:eb:34:f5:8d:51:ba:ea:3a:
         6d:ab:da:1f:83:16:e5:46:f8:ce:c2:fd:e8:a3:96:6b:c4:69:
         9f:e4:e2:20:bf:29:06:d4:70:53:0f:73:03:ea:c9:01:f7:c1:
         3e:43:88:d1:a9:14:b5:54:08:88:0e:46:f5:84:82:19:98:84:
         fb:ae:a3:ee
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgIGAK7vPJ4hMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MzIyMTE0MDU5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1YjY2MWFkY2Jm
Njk2MmVlZWM4MjVjNmQ0ZGU5YjQ0OWYwMmU4NDFkMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzHAFNYXsBVFa5mMDbBw6jYG1OaUlytYfe6R5qP8FnfIw
S6owRMbRIvAe2opXTLWA/YQo1lmXY0K+pWqqEh3314AZ/tkycA7pH30lIuDPJwTY
9DkMTIcr1qVig4bfMQ7GVzgzS5vaJUmvLdIf22LFKVRHCoWKSm3QHiIPufjLgncI
Nv6iix+XynHHXC79rl3o/wrztb1K1/qc4qaENq/ym/dU4SHVQRbeFgy7hTBrBSUQ
lz4JoHST14WXjBojSiyidW71eekO+f9gZHH841dsRxAC3ycb0KgB83fWDN6wL1/h
j/uSowhoWx0+O1iCEh0MKBWOvBFPSAtA3RxbwAozKwIDAQABo4ICvTCCArkwHQYD
VR0OBBYEFFtmGty/aWLu7IJcbU3ptEnwLoQdMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhkL2NmZjMxYy0yNWQwLTRkMDIt
YTY5Ni00YmNiNjI5ZGE1NDUvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGQvY2ZmMzFjLTI1ZDAtNGQwMi1h
Njk2LTRiY2I2MjlkYTU0NS8xL1cyWWEzTDlwWXU3c2dseHRUZW0wU2ZBdWhCMC5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBF
BAIAAjA/AwUDKgWaQAMFAyoGX8ADBQMqDW+AAwUDKg+awAMFAyoPm0ADBQMqEAtA
AwUDKhA8gAMFAyoQP4ADBQMqEHfAMA0GCSqGSIb3DQEBCwUAA4IBAQAvBNCnYKL9
b/indR0mTjN4frlVGOUSAiWzNfKWy0H097OfRBxMZUdGmrVagTSbvD70yntC2RyY
QwX1bxqEuW9BJ4XWJ7mNOPaCEeav1nTjV2zxTgnU4wH3z/I3fX6T08VMSPgYrGtj
hbq6pLjyW+OjC2aGr+5LLVF6hnCFGEVXFDXfCD1lblyx9ChyJw9i2gd42Hb7YuDz
7cCOWlLxrAb+pl3jsStC8A4DaTH+jh7GRkazG++i5vwi74y0i5mz6zT1jVG66jpt
q9ofgxblRvjOwv3oo5ZrxGmf5OIgvykG1HBTD3MD6skB98E+Q4jRqRS1VAiIDkb1
hIIZmIT7rqPu
-----END CERTIFICATE-----