Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1IMxz0juMK6aJbJE4s1lIJiHkk.cer
File:                     f1IMxz0juMK6aJbJE4s1lIJiHkk.cer (raw, json)
Hash identifier:          nK3XQfuzIoH2tXJ2itOa5XzKejIP4gZgELj474TWBFE=
Subject key identifier:   7F:52:0C:C7:3D:23:B8:C2:BA:68:96:C9:13:8B:35:94:82:62:1E:49
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856B62EFB3754F4FA06F4FC096BEF73F54
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6d/089e89-7a30-45ad-b6dc-236f611e1f30/1/f1IMxz0juMK6aJbJE4s1lIJiHkk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6d/089e89-7a30-45ad-b6dc-236f611e1f30/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 03:32:04 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 197560
                          AS: 206689 -- 206690
                          AS: 206733
                          AS: 206934
                          AS: 213272
                          IP: 46.235.32.0/21
                          IP: 185.63.220.0/22
                          IP: 185.96.244.0/22
                          IP: 2a04:f640::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:62:ef:b3:75:4f:4f:a0:6f:4f:c0:96:be:f7:3f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:32:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7f520cc73d23b8c2ba6896c9138b359482621e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d2:f6:fc:d5:79:4e:01:37:35:d4:a9:7b:7a:
                    07:02:d3:b7:e9:18:bd:c4:81:39:39:91:35:d9:45:
                    de:04:05:86:f2:c0:00:45:b4:db:1e:1e:6d:53:da:
                    20:b1:76:f0:a7:89:5b:ce:72:94:76:ab:ee:dc:34:
                    3d:95:d5:3e:ae:ed:ca:c9:10:e0:7a:68:9b:0a:c2:
                    9f:a8:0f:07:4a:82:01:48:b6:2b:5d:1e:ce:86:71:
                    ab:fb:50:30:b1:ab:52:18:68:be:0e:8c:09:8e:68:
                    72:b8:bc:a4:f1:08:f0:2d:1c:cc:a4:94:b1:78:d2:
                    5e:72:2f:ad:42:df:10:9d:bc:0e:d2:dc:b8:47:f7:
                    4d:d4:44:9d:00:53:dd:5d:aa:56:da:95:62:cc:f7:
                    84:f6:da:14:d9:a6:8f:c0:6e:99:ea:1b:1a:2c:11:
                    29:f4:e4:0e:f4:51:f3:d4:2e:97:16:2b:e4:fe:24:
                    a7:c8:93:f6:5e:81:9c:0c:56:47:e5:87:d9:b1:9b:
                    d5:a8:b4:78:4a:49:c5:24:88:0d:90:8c:85:d3:50:
                    07:09:4c:7d:71:7d:d0:ff:20:4b:61:a3:1e:a4:e5:
                    06:8a:da:ad:4b:aa:c1:17:38:de:f9:8d:4e:00:42:
                    9b:0c:0f:80:d4:2f:d9:60:f2:ec:af:22:d7:c9:e8:
                    61:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:52:0C:C7:3D:23:B8:C2:BA:68:96:C9:13:8B:35:94:82:62:1E:49
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/089e89-7a30-45ad-b6dc-236f611e1f30/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/089e89-7a30-45ad-b6dc-236f611e1f30/1/f1IMxz0juMK6aJbJE4s1lIJiHkk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.32.0/21
                  185.63.220.0/22
                  185.96.244.0/22
                IPv6:
                  2a04:f640::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197560
                  206689-206690
                  206733
                  206934
                  213272

    Signature Algorithm: sha256WithRSAEncryption
         70:36:86:5d:c5:f1:0d:e0:5d:43:47:1f:33:98:ea:eb:27:ce:
         93:0b:50:75:32:a5:fb:48:dc:1d:5b:1a:c3:c1:32:91:a9:25:
         54:09:46:cc:e4:df:27:08:aa:16:00:21:0a:9d:85:dc:45:32:
         e1:41:31:71:71:97:7e:95:01:c2:08:c8:a2:d0:29:1d:73:9a:
         d0:b8:4f:42:fb:e4:ad:11:ec:38:5a:6b:89:0d:57:3e:dc:73:
         3d:b5:6d:31:6e:81:ab:4a:43:f6:18:fd:1b:f6:e4:d9:ad:c8:
         da:f4:30:a8:3c:a3:8a:bf:a6:1a:b9:f1:3b:1f:97:e2:75:6d:
         9c:a2:d2:9f:61:2b:83:99:d0:1a:fa:4e:01:94:fb:77:3c:84:
         48:1a:89:b0:41:8c:3b:38:91:af:cb:4f:73:c4:3f:d3:45:b7:
         b8:05:50:14:57:0d:43:86:f5:ef:5f:9b:57:9b:61:67:44:f4:
         ea:9c:72:a5:aa:2f:e6:d5:0f:f4:80:02:e4:ed:80:8f:00:4f:
         67:55:ed:19:86:d3:5d:9c:01:d4:f0:4d:e9:b4:5d:db:61:42:
         51:cf:b0:91:c0:c2:0e:aa:13:0c:f5:a1:4b:7a:f0:2c:9e:fa:
         7d:2a:3d:3e:58:4b:03:fb:fd:8c:b5:2b:33:d3:4e:c2:0b:fd:
         4a:a7:15:82
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAYVrYu+zdU9PoG9PwJa+9z9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDMzMjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjUyMGNjNzNkMjNiOGMyYmE2ODk2YzkxMzhiMzU5NDgyNjIxZTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptL2/NV5TgE3NdSpe3oHAtO36Ri9
xIE5OZE12UXeBAWG8sAARbTbHh5tU9ogsXbwp4lbznKUdqvu3DQ9ldU+ru3KyRDg
emibCsKfqA8HSoIBSLYrXR7OhnGr+1AwsatSGGi+DowJjmhyuLyk8QjwLRzMpJSx
eNJeci+tQt8QnbwO0ty4R/dN1ESdAFPdXapW2pVizPeE9toU2aaPwG6Z6hsaLBEp
9OQO9FHz1C6XFivk/iSnyJP2XoGcDFZH5YfZsZvVqLR4SknFJIgNkIyF01AHCUx9
cX3Q/yBLYaMepOUGitqtS6rBFzje+Y1OAEKbDA+A1C/ZYPLsryLXyehh0QIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFH9SDMc9I7jCumiWyROLNZSCYh5JMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZkLzA4OWU4
OS03YTMwLTQ1YWQtYjZkYy0yMzZmNjExZTFmMzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQvMDg5ZTg5
LTdhMzAtNDVhZC1iNmRjLTIzNmY2MTFlMWYzMC8xL2YxSU14ejBqdU1LNmFKYkpF
NHMxbElKaUhray5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQDLusgAwQCuT/cAwQCuWD0MA0EAgACMAcDBQMq
BPZAMDUGCCsGAQUFBwEIAQH/BCYwJKAiMCACAwMDuDAKAgMDJ2ECAwMnYgIDAyeN
AgMDKFYCAwNBGDANBgkqhkiG9w0BAQsFAAOCAQEAcDaGXcXxDeBdQ0cfM5jq6yfO
kwtQdTKl+0jcHVsaw8EykaklVAlGzOTfJwiqFgAhCp2F3EUy4UExcXGXfpUBwgjI
otApHXOa0LhPQvvkrRHsOFpriQ1XPtxzPbVtMW6Bq0pD9hj9G/bk2a3I2vQwqDyj
ir+mGrnxOx+X4nVtnKLSn2Erg5nQGvpOAZT7dzyESBqJsEGMOziRr8tPc8Q/00W3
uAVQFFcNQ4b171+bV5thZ0T06pxypaov5tUP9IAC5O2AjwBPZ1XtGYbTXZwB1PBN
6bRd22FCUc+wkcDCDqoTDPWhS3rwLJ76fSo9PlhLA/v9jLUrM9NOwgv9SqcVgg==
-----END CERTIFICATE-----