Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2R17WrW_GsjoI07mjZ6yClHXzUk.cer
File:                     2R17WrW_GsjoI07mjZ6yClHXzUk.cer (raw, json)
Hash identifier:          g9pXbedGgX9ag4fweQlQHmEA/LlqqB1PIGeHS6edyqg=
Subject key identifier:   D9:1D:7B:5A:B5:BF:1A:C8:E8:23:4E:E6:8D:9E:B2:0A:51:D7:CD:49
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A8A11A99A2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/aa/c376af-762d-4ae0-8179-642c8df7eaf2/1/2R17WrW_GsjoI07mjZ6yClHXzUk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/aa/c376af-762d-4ae0-8179-642c8df7eaf2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 14:01:40 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 24973
                          IP: 81.88.32.0/20
                          IP: 185.117.248.0/22
                          IP: 2001:880::/32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 724257380770 (0xa8a11a99a2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:01:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d91d7b5ab5bf1ac8e8234ee68d9eb20a51d7cd49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7c:61:17:9f:85:92:8d:e0:0d:7c:26:40:a5:
                    a5:99:62:bc:3a:5f:ce:17:9e:89:80:11:c8:49:07:
                    fe:54:04:dc:38:8d:fc:eb:ef:b4:80:ad:4d:2f:55:
                    65:dd:80:18:59:44:e6:74:c3:45:9d:53:76:06:16:
                    f0:a0:27:5b:f4:44:38:10:d7:88:05:6b:b3:f1:b6:
                    e8:e3:59:f9:77:4d:a3:dc:61:68:c9:ed:fa:a2:6f:
                    41:86:85:14:7b:b6:99:47:fa:fa:e5:1e:8f:e4:72:
                    e3:8e:77:02:d7:e3:52:9f:f8:65:8a:98:45:7a:2b:
                    35:73:22:3b:1c:27:fb:f6:45:5f:56:1c:40:77:44:
                    1f:a9:55:95:ae:ae:fd:f9:a6:fc:95:10:c3:4e:73:
                    c6:b8:fa:be:b2:47:2d:f7:2b:43:55:04:65:97:38:
                    1b:40:b6:cf:95:1f:ce:60:e6:b1:1d:64:e5:7f:ea:
                    4e:9f:1c:87:4c:3c:c7:91:df:52:34:31:83:c1:e7:
                    61:39:8e:e7:7d:8a:86:44:48:20:02:3c:c1:fe:ad:
                    15:c4:07:6f:4b:30:5b:ea:97:cf:18:06:da:21:26:
                    9c:dd:98:47:4e:98:72:be:b0:24:c8:d8:6e:78:43:
                    5b:57:c7:da:c2:fb:af:37:2f:13:59:5d:83:75:55:
                    f3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:1D:7B:5A:B5:BF:1A:C8:E8:23:4E:E6:8D:9E:B2:0A:51:D7:CD:49
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/c376af-762d-4ae0-8179-642c8df7eaf2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/c376af-762d-4ae0-8179-642c8df7eaf2/1/2R17WrW_GsjoI07mjZ6yClHXzUk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.32.0/20
                  185.117.248.0/22
                IPv6:
                  2001:880::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  24973

    Signature Algorithm: sha256WithRSAEncryption
         27:e9:8e:3a:e8:c2:ad:3e:79:db:65:da:00:b4:cd:59:ec:98:
         6b:50:85:67:9b:fe:e5:40:7b:59:dc:29:8b:aa:7e:ff:ef:a0:
         63:0e:a8:e0:5e:b3:2c:64:6f:d2:7c:27:e6:21:32:19:0b:17:
         ad:37:58:0c:d6:18:c2:1e:67:4c:97:e2:8f:e9:e4:ff:ca:7b:
         89:38:08:bb:e1:32:f4:f1:a1:54:b5:e0:e3:bb:89:ff:3e:cc:
         fc:3e:d8:16:b2:e3:80:e1:35:b8:d2:4f:71:54:45:0b:52:c4:
         4a:55:20:9c:e9:5b:91:b1:a6:00:40:42:63:d3:2a:39:be:be:
         c7:6d:bf:0a:77:32:54:8a:fc:73:f0:ad:cf:6b:99:a4:a2:ed:
         4a:69:dd:8d:8b:95:ac:65:df:98:99:cc:01:aa:f7:d7:8d:2f:
         3f:a5:99:11:88:27:e3:7a:e9:60:53:03:75:2d:aa:82:c0:99:
         aa:1b:3e:d4:16:d3:e9:77:e5:f5:3b:ab:4b:e6:7c:88:e7:ce:
         cc:e6:8d:f8:a3:8b:de:85:ec:df:2c:99:83:62:3f:17:92:9d:
         f0:03:54:75:b3:1d:47:3e:4e:ff:1a:53:ad:43:19:fa:3f:41:
         01:15:bd:c4:9c:30:a1:cc:2f:db:96:ad:44:6f:3c:15:d0:63:
         ba:a4:cb:d2
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIGAKihGpmiMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTQwMTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhkOTFkN2I1YWI1
YmYxYWM4ZTgyMzRlZTY4ZDllYjIwYTUxZDdjZDQ5MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAx3xhF5+Fko3gDXwmQKWlmWK8Ol/OF56JgBHISQf+VATc
OI386++0gK1NL1Vl3YAYWUTmdMNFnVN2BhbwoCdb9EQ4ENeIBWuz8bbo41n5d02j
3GFoye36om9BhoUUe7aZR/r65R6P5HLjjncC1+NSn/hliphFeis1cyI7HCf79kVf
VhxAd0QfqVWVrq79+ab8lRDDTnPGuPq+skct9ytDVQRllzgbQLbPlR/OYOaxHWTl
f+pOnxyHTDzHkd9SNDGDwedhOY7nfYqGREggAjzB/q0VxAdvSzBb6pfPGAbaISac
3ZhHTphyvrAkyNhueENbV8fawvuvNy8TWV2DdVXzlQIDAQABo4ICtDCCArAwHQYD
VR0OBBYEFNkde1q1vxrI6CNO5o2esgpR181JMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FhL2MzNzZhZi03NjJkLTRhZTAt
ODE3OS02NDJjOGRmN2VhZjIvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEvYzM3NmFmLTc2MmQtNGFlMC04
MTc5LTY0MmM4ZGY3ZWFmMi8xLzJSMTdXcldfR3Nqb0kwN21qWjZ5Q2xIWHpVay5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAS
BAIAATAMAwQEUVggAwQCuXX4MA0EAgACMAcDBQAgAQiAMBkGCCsGAQUFBwEIAQH/
BAowCKAGMAQCAmGNMA0GCSqGSIb3DQEBCwUAA4IBAQAn6Y466MKtPnnbZdoAtM1Z
7JhrUIVnm/7lQHtZ3CmLqn7/76BjDqjgXrMsZG/SfCfmITIZCxetN1gM1hjCHmdM
l+KP6eT/ynuJOAi74TL08aFUteDju4n/Psz8PtgWsuOA4TW40k9xVEULUsRKVSCc
6VuRsaYAQEJj0yo5vr7Hbb8KdzJUivxz8K3Pa5mkou1Kad2Ni5WsZd+YmcwBqvfX
jS8/pZkRiCfjeulgUwN1LaqCwJmqGz7UFtPpd+X1O6tL5nyI587M5o34o4vehezf
LJmDYj8Xkp3wA1R1sx1HPk7/GlOtQxn6P0EBFb3EnDChzC/blq1EbzwV0GO6pMvS
-----END CERTIFICATE-----