Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2Rd8_ThRpdUeRXKfUVZ0kkh4SIU.cer
File:                     2Rd8_ThRpdUeRXKfUVZ0kkh4SIU.cer (raw, json)
Hash identifier:          Iq43dvob4ABv6nIkzV/K8xlsuhA7+jW6Rwu8mvsY+88=
Subject key identifier:   D9:17:7C:FD:38:51:A5:D5:1E:45:72:9F:51:56:74:92:48:78:48:85
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018C34AEC510FA423935196D1AEE9F117B17
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/81/4891c4-53bd-4ad6-bade-e4b23f768957/1/2Rd8_ThRpdUeRXKfUVZ0kkh4SIU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/81/4891c4-53bd-4ad6-bade-e4b23f768957/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 04 Dec 2023 11:55:18 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 201697
                          IP: 2001:678:72c::/48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:34:ae:c5:10:fa:42:39:35:19:6d:1a:ee:9f:11:7b:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Dec  4 11:55:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d9177cfd3851a5d51e45729f5156749248784885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:89:47:69:ae:1e:49:1e:56:58:67:2e:08:1f:
                    73:bc:26:fe:17:c8:49:cd:3e:48:76:f8:35:e1:fc:
                    88:4e:c5:6e:fe:ef:71:b6:44:7f:96:89:14:f6:e6:
                    b7:7d:2e:77:a9:2a:f7:5c:2e:75:b3:ba:56:fe:b6:
                    6b:02:d9:e4:1d:f5:be:a1:7c:03:2c:8b:29:6c:8a:
                    f9:ec:ca:62:9d:b1:46:b6:0d:c1:94:c7:93:58:ef:
                    ea:86:f1:c7:24:af:57:db:d2:b2:56:8b:eb:32:5d:
                    18:3a:d0:01:8d:44:a8:b7:9d:8a:55:a1:1f:6c:5d:
                    a4:ec:e6:7d:e6:d7:9e:ae:10:17:95:3c:d7:c6:80:
                    51:d8:9a:44:4d:a6:fb:3e:6f:d3:0a:f1:13:bb:06:
                    f5:33:b3:4c:7c:d6:a9:fe:42:ab:49:63:43:68:2a:
                    44:52:fb:77:ad:b7:a4:21:46:a1:a5:52:96:58:b3:
                    f4:d3:54:2c:37:d6:d1:48:47:72:65:8a:4a:0b:d3:
                    ad:38:6e:a0:10:36:65:9a:c1:e8:8b:3c:ce:84:72:
                    8a:96:f1:ab:04:79:e3:28:d4:79:36:18:9e:22:e3:
                    04:84:8e:3e:b6:5e:04:1c:ae:19:0f:ab:e0:65:65:
                    a9:8e:c8:4c:46:3c:b0:64:ba:7d:b8:6b:ac:49:37:
                    38:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:17:7C:FD:38:51:A5:D5:1E:45:72:9F:51:56:74:92:48:78:48:85
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4891c4-53bd-4ad6-bade-e4b23f768957/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4891c4-53bd-4ad6-bade-e4b23f768957/1/2Rd8_ThRpdUeRXKfUVZ0kkh4SIU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:72c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201697

    Signature Algorithm: sha256WithRSAEncryption
         7d:ad:f9:a5:d1:f0:77:8f:ff:4f:72:e6:fd:fd:31:99:7c:7d:
         f3:f3:68:c8:d5:c9:90:0c:3c:c5:4f:e2:e7:0f:1b:98:05:38:
         a6:8e:58:07:0a:a0:54:0e:23:f9:5e:5e:b9:e1:d5:e3:f0:76:
         9a:16:3e:81:aa:03:e5:97:f2:ce:80:0a:76:27:d5:c3:ab:14:
         2d:f6:de:e5:41:b2:d7:dc:b0:cf:d0:a9:a9:b4:9b:d2:cc:a7:
         25:32:38:c9:96:fd:d0:1d:e5:4d:bc:96:14:ef:f2:34:7a:58:
         40:41:b2:b0:61:80:0a:74:d8:67:dd:b6:60:d6:d4:15:a9:b4:
         f7:b2:a3:b3:3c:a7:cb:dd:45:8a:a5:8b:e2:71:f2:34:4b:f0:
         ef:95:ec:76:ad:a8:64:ec:35:0c:99:b3:81:e1:ae:bc:f4:dd:
         4b:53:e0:2a:35:a0:a4:a6:aa:6b:1a:bc:89:83:36:94:dd:c2:
         94:cf:7a:36:e8:bf:f9:d4:1a:9e:d9:56:52:73:3e:1c:9d:e9:
         d3:39:94:43:e3:e6:a6:5a:9d:fe:85:68:25:13:94:0f:d2:ea:
         80:49:ae:b1:fa:43:28:86:0b:e0:aa:ff:b5:65:7e:cf:95:4a:
         1c:58:14:84:36:53:a5:ef:cf:0d:89:48:7b:08:8e:c7:5e:36:
         64:3b:a9:3f
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYw0rsUQ+kI5NRltGu6fEXsXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMxMjA0MTE1NTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTE3N2NmZDM4NTFhNWQ1MWU0NTcyOWY1MTU2NzQ5MjQ4Nzg0ODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4lHaa4eSR5WWGcuCB9zvCb+F8hJ
zT5Idvg14fyITsVu/u9xtkR/lokU9ua3fS53qSr3XC51s7pW/rZrAtnkHfW+oXwD
LIspbIr57MpinbFGtg3BlMeTWO/qhvHHJK9X29KyVovrMl0YOtABjUSot52KVaEf
bF2k7OZ95teerhAXlTzXxoBR2JpETab7Pm/TCvETuwb1M7NMfNap/kKrSWNDaCpE
Uvt3rbekIUahpVKWWLP001QsN9bRSEdyZYpKC9OtOG6gEDZlmsHoizzOhHKKlvGr
BHnjKNR5NhieIuMEhI4+tl4EHK4ZD6vgZWWpjshMRjywZLp9uGusSTc4XwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFNkXfP04UaXVHkVyn1FWdJJIeEiFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgxLzQ4OTFj
NC01M2JkLTRhZDYtYmFkZS1lNGIyM2Y3Njg5NTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODEvNDg5MWM0
LTUzYmQtNGFkNi1iYWRlLWU0YjIzZjc2ODk1Ny8xLzJSZDhfVGhScGRVZVJYS2ZV
Vlowa2toNFNJVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAcsMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMT4TANBgkqhkiG9w0BAQsFAAOCAQEAfa35pdHwd4//T3Lm/f0xmXx98/No
yNXJkAw8xU/i5w8bmAU4po5YBwqgVA4j+V5eueHV4/B2mhY+gaoD5ZfyzoAKdifV
w6sULfbe5UGy19ywz9CpqbSb0synJTI4yZb90B3lTbyWFO/yNHpYQEGysGGACnTY
Z922YNbUFam097Kjszyny91FiqWL4nHyNEvw75Xsdq2oZOw1DJmzgeGuvPTdS1Pg
KjWgpKaqaxq8iYM2lN3ClM96Nui/+dQantlWUnM+HJ3p0zmUQ+Pmplqd/oVoJROU
D9LqgEmusfpDKIYL4Kr/tWV+z5VKHFgUhDZTpe/PDYlIewiOx142ZDupPw==
-----END CERTIFICATE-----