Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2gpm79qyW7OypQzceWjjIaC-ikY.cer
File:                     2gpm79qyW7OypQzceWjjIaC-ikY.cer (raw, json)
Hash identifier:          YmOdWkhZCNEPlsAQKYrvXkDTlZaKHwOZS9Mna4NZ8mo=
Subject key identifier:   DA:0A:66:EF:DA:B2:5B:B3:B2:A5:0C:DC:79:68:E3:21:A0:BE:8A:46
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018BC3DCF3608663BD32531F55971C50923D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/9/DA0A66EFDAB25BB3B2A50CDC7968E321A0BE8A46.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/9/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sun 12 Nov 2023 14:08:39 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 60025
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:c3:dc:f3:60:86:63:bd:32:53:1f:55:97:1c:50:92:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 12 14:08:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da0a66efdab25bb3b2a50cdc7968e321a0be8a46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7e:0e:90:1a:93:82:ee:7b:9d:20:46:4b:f8:
                    53:e2:52:43:69:81:a3:89:f6:3f:2f:bc:49:5b:89:
                    e1:1e:1e:f7:6b:5b:7a:3a:ec:49:db:4d:23:29:80:
                    00:36:d3:cd:e5:d0:68:d5:04:6d:38:60:2c:ab:f6:
                    7e:ca:21:a2:6e:a5:02:f3:2a:79:d4:b9:e7:49:95:
                    57:3a:d0:a5:74:df:4e:f3:96:ea:3e:9e:34:29:1d:
                    d2:fa:f1:e6:02:e6:97:01:8b:65:00:db:7c:64:65:
                    94:63:9b:fd:31:36:be:80:45:12:f5:63:10:f7:88:
                    b9:8e:39:ba:ae:3c:a6:6c:58:bb:1c:6c:60:d3:ab:
                    23:d8:a2:d6:23:a7:d4:f8:1c:c3:8f:45:a4:56:2d:
                    d2:7a:bc:59:91:5a:86:19:ce:8b:42:aa:13:f6:71:
                    4c:4b:b3:a0:2f:cb:1d:ed:5b:25:15:ab:f9:31:15:
                    51:27:26:37:63:22:d0:e3:ef:71:90:3c:9c:57:67:
                    af:6b:3a:58:ed:2c:f2:29:85:0c:14:b3:72:7c:8f:
                    88:d4:08:94:78:f5:10:43:17:e5:75:80:3e:8c:4b:
                    c5:a3:7f:ab:84:76:f3:88:ff:af:a8:86:96:4c:31:
                    df:91:d8:29:27:4d:82:e0:48:5d:93:be:c4:9b:2b:
                    46:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:0A:66:EF:DA:B2:5B:B3:B2:A5:0C:DC:79:68:E3:21:A0:BE:8A:46
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/9/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/9/DA0A66EFDAB25BB3B2A50CDC7968E321A0BE8A46.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  60025

    Signature Algorithm: sha256WithRSAEncryption
         49:ff:9e:7c:81:1f:f9:fa:a2:5f:5b:f3:67:56:e9:d1:8e:76:
         e0:03:a2:9f:30:80:b8:eb:03:a2:81:ca:5d:f2:98:ce:d6:21:
         6f:08:d5:46:e9:c9:e6:66:ee:72:52:01:33:10:de:55:0c:bd:
         42:1e:94:71:5f:6b:49:46:31:3a:b8:73:0d:0e:bc:45:28:1d:
         20:57:0b:c7:5d:e8:b4:f9:86:0e:ff:07:e8:9f:52:a3:ed:eb:
         de:8c:d4:7c:be:73:d6:c7:59:2f:2b:d6:eb:d4:51:b5:d4:d7:
         12:53:87:24:3f:f2:b3:de:2b:ac:20:83:51:44:56:a0:12:3e:
         e2:66:e5:7e:27:1a:04:95:3a:28:38:cb:88:e3:a6:34:bc:d1:
         ae:04:49:05:2a:a5:c1:36:01:e9:4b:13:d3:e6:d2:3f:61:e7:
         dc:b5:21:a6:91:0e:4e:70:d5:3e:21:23:73:f2:dd:77:ed:ff:
         f9:c3:ff:fa:c5:2e:c5:72:11:e3:26:f0:fa:ad:4f:c0:1d:77:
         6a:06:47:76:66:36:b4:03:40:34:cd:2a:33:35:64:0c:2d:50:
         8e:ad:0e:99:bc:2c:e1:02:e6:9f:00:00:5a:f5:df:0a:c4:ee:
         85:48:1a:29:83:ce:cc:a1:fd:53:5f:6e:5d:22:70:67:bd:a1:
         fd:c7:77:69
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAYvD3PNghmO9MlMfVZccUJI9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMxMTEyMTQwODM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTBhNjZlZmRhYjI1YmIzYjJhNTBjZGM3OTY4ZTMyMWEwYmU4YTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq34OkBqTgu57nSBGS/hT4lJDaYGj
ifY/L7xJW4nhHh73a1t6OuxJ200jKYAANtPN5dBo1QRtOGAsq/Z+yiGibqUC8yp5
1LnnSZVXOtCldN9O85bqPp40KR3S+vHmAuaXAYtlANt8ZGWUY5v9MTa+gEUS9WMQ
94i5jjm6rjymbFi7HGxg06sj2KLWI6fU+BzDj0WkVi3SerxZkVqGGc6LQqoT9nFM
S7OgL8sd7VslFav5MRVRJyY3YyLQ4+9xkDycV2evazpY7SzyKYUMFLNyfI+I1AiU
ePUQQxfldYA+jEvFo3+rhHbziP+vqIaWTDHfkdgpJ02C4Ehdk77EmytGIwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFNoKZu/asluzsqUM3Hlo4yGgvopGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5
MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC85LzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNjZi
ZDkyZjEtNDE1Yi00NzY1LThhMTYtZGJmYzQ1OTNjMWE4LzkvREEwQTY2RUZEQUIy
NUJCM0IyQTUwQ0RDNzk2OEUzMjFBMEJFOEE0Ni5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMA6nkw
DQYJKoZIhvcNAQELBQADggEBAEn/nnyBH/n6ol9b82dW6dGOduADop8wgLjrA6KB
yl3ymM7WIW8I1UbpyeZm7nJSATMQ3lUMvUIelHFfa0lGMTq4cw0OvEUoHSBXC8dd
6LT5hg7/B+ifUqPt696M1Hy+c9bHWS8r1uvUUbXU1xJThyQ/8rPeK6wgg1FEVqAS
PuJm5X4nGgSVOig4y4jjpjS80a4ESQUqpcE2AelLE9Pm0j9h59y1IaaRDk5w1T4h
I3Py3Xft//nD//rFLsVyEeMm8PqtT8Add2oGR3ZmNrQDQDTNKjM1ZAwtUI6tDpm8
LOEC5p8AAFr13wrE7oVIGimDzsyh/VNfbl0icGe9of3Hd2k=
-----END CERTIFICATE-----