Certificate 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2qsUu0O5LtVTnxeoiTcYXOANc2c.cer
File:                     2qsUu0O5LtVTnxeoiTcYXOANc2c.cer (raw, json)
Hash identifier:          5A2LgSFrTSvFE41zz8fv2WErgCNO3r1W41mPom1Y9JQ=
Subject key identifier:   DA:AB:14:BB:43:B9:2E:D5:53:9F:17:A8:89:37:18:5C:E0:0D:73:67
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       7905031BE1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/39/82fc3b-f3a6-433c-b401-e0a5fc51a671/1/2qsUu0O5LtVTnxeoiTcYXOANc2c.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/39/82fc3b-f3a6-433c-b401-e0a5fc51a671/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 01 Jan 2021 01:44:33 +0000
Certificate not after:    Fri 01 Jul 2022 00:00:00 +0000
Subordinate resources:    AS: 42358
                          IP: 46.255.96.0/21
                          IP: 77.72.136.0/21
                          IP: 2a01:680::/32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 519775132641 (0x7905031be1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:44:33 2021 GMT
            Not After : Jul  1 00:00:00 2022 GMT
        Subject: CN=daab14bb43b92ed5539f17a88937185ce00d7367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:39:d4:e0:8b:c8:ce:5b:28:99:64:af:11:42:
                    0d:45:d3:ad:90:5e:d5:38:14:76:83:56:fe:60:3d:
                    18:8a:20:55:dd:e2:5b:32:c6:a1:e1:16:54:e0:aa:
                    f7:78:a2:04:21:f2:2a:c3:7f:7d:d8:65:d3:0e:06:
                    d4:f2:a2:53:77:80:30:f4:ef:ca:01:a8:81:c5:ea:
                    ee:7e:ff:0a:0c:41:60:9c:de:59:ce:7b:61:a6:cc:
                    c5:31:f6:69:de:23:3b:a9:91:63:15:e4:70:ac:3b:
                    40:38:25:00:ce:4a:ad:af:35:ce:e3:80:cc:48:b6:
                    40:42:50:13:87:47:b2:f9:b7:9b:e1:ed:a9:fc:75:
                    e5:6f:9c:61:65:d1:ca:93:99:49:2a:4e:a6:a0:74:
                    1a:e8:4b:70:83:14:43:36:05:8f:42:12:cc:57:17:
                    1a:63:11:5f:74:ad:58:86:18:0a:09:df:b3:ad:e6:
                    fa:92:26:31:f7:2f:98:6e:c6:aa:87:0e:d2:1f:7c:
                    38:4c:08:84:e4:7e:d5:18:a0:ba:48:fe:8e:f2:33:
                    6c:99:93:3d:51:71:2e:02:91:5b:16:cf:f3:8c:0c:
                    23:5f:e4:82:8c:1b:b0:bd:45:17:da:02:b2:61:72:
                    58:f1:40:c4:e8:ab:be:d5:c2:4b:64:90:bd:b4:80:
                    20:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:AB:14:BB:43:B9:2E:D5:53:9F:17:A8:89:37:18:5C:E0:0D:73:67
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/82fc3b-f3a6-433c-b401-e0a5fc51a671/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/82fc3b-f3a6-433c-b401-e0a5fc51a671/1/2qsUu0O5LtVTnxeoiTcYXOANc2c.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.255.96.0/21
                  77.72.136.0/21
                IPv6:
                  2a01:680::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42358

    Signature Algorithm: sha256WithRSAEncryption
         0a:8f:24:4d:80:80:7c:d0:64:5e:d7:56:7b:79:ec:ae:5d:32:
         d6:58:75:cb:b5:df:86:18:0b:70:79:93:c5:6b:1b:ca:34:51:
         bd:f8:19:e6:bd:bc:9c:b1:d4:1c:3c:9d:93:26:ce:f1:40:9f:
         ef:b5:b8:11:d6:b6:a2:2a:e7:71:66:13:e5:d7:43:82:a5:a7:
         10:df:35:25:a3:98:84:d4:12:22:49:93:31:dd:3b:c3:a9:09:
         ac:b8:de:f8:cd:45:85:f2:aa:dc:5d:96:39:69:09:63:9b:94:
         a1:bb:ec:b8:3a:5b:36:3a:d8:f3:72:bb:51:b1:83:f9:35:05:
         ba:7b:1c:33:fd:7f:96:b1:91:09:31:a4:00:dd:7f:32:37:df:
         f6:cb:95:61:b7:09:e9:bd:cf:a5:3c:b3:1d:b5:1a:05:22:e8:
         16:92:09:4c:cf:10:a9:8e:e5:be:3d:67:cb:14:18:b7:28:ba:
         16:e3:45:7a:f7:07:32:40:53:42:29:af:42:78:84:8f:61:a9:
         55:da:24:ce:78:ae:e7:88:23:1d:9c:2e:c6:8d:99:c6:31:77:
         55:ad:1d:78:10:97:ef:cb:63:76:f6:a9:d1:a0:c7:69:09:27:
         0c:d6:95:99:75:c4:20:b4:fd:7d:5f:81:d1:f1:f8:02:af:2e:
         d2:c3:25:ec
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIFeQUDG+EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMo
MmE5NGE4ZGQ1NTRhZTcwMTA3MjA5OWM3MGI2NDA3NTU1ZGRkZTY2OTAeFw0yMTAx
MDEwMTQ0MzNaFw0yMjA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKGRhYWIxNGJiNDNi
OTJlZDU1MzlmMTdhODg5MzcxODVjZTAwZDczNjcwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcOdTgi8jOWyiZZK8RQg1F062QXtU4FHaDVv5gPRiKIFXd
4lsyxqHhFlTgqvd4ogQh8irDf33YZdMOBtTyolN3gDD078oBqIHF6u5+/woMQWCc
3lnOe2GmzMUx9mneIzupkWMV5HCsO0A4JQDOSq2vNc7jgMxItkBCUBOHR7L5t5vh
7an8deVvnGFl0cqTmUkqTqagdBroS3CDFEM2BY9CEsxXFxpjEV90rViGGAoJ37Ot
5vqSJjH3L5huxqqHDtIffDhMCITkftUYoLpI/o7yM2yZkz1RcS4CkVsWz/OMDCNf
5IKMG7C9RRfaArJhcljxQMToq77VwktkkL20gCBdAgMBAAGjggK1MIICsTAdBgNV
HQ4EFgQU2qsUu0O5LtVTnxeoiTcYXOANc2cwHwYDVR0jBBgwFoAUKpSo3VVK5wEH
IJnHC2QHVV3d5mkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwYAYI
KwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9hY2EvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNlcjCC
ASMGCCsGAQUFBwELBIIBFTCCAREwXQYIKwYBBQUHMAWGUXJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkvODJmYzNiLWYzYTYtNDMzYy1i
NDAxLWUwYTVmYzUxYTY3MS8xLzB8BggrBgEFBQcwCoZwcnN5bmM6Ly9ycGtpLnJp
cGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84MmZjM2ItZjNhNi00MzNjLWI0
MDEtZTBhNWZjNTFhNjcxLzEvMnFzVXUwTzVMdFZUbnhlb2lUY1lYT0FOYzJjLm1m
dDAyBggrBgEFBQcwDYYmaHR0cHM6Ly9ycmRwLnJpcGUubmV0L25vdGlmaWNhdGlv
bi54bWwwWQYDVR0fBFIwUDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3Js
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwNAYIKwYBBQUHAQcBAf8EJTAjMBIE
AgABMAwDBAMu/2ADBANNSIgwDQQCAAIwBwMFACoBBoAwGgYIKwYBBQUHAQgBAf8E
CzAJoAcwBQIDAKV2MA0GCSqGSIb3DQEBCwUAA4IBAQAKjyRNgIB80GRe11Z7eeyu
XTLWWHXLtd+GGAtweZPFaxvKNFG9+BnmvbycsdQcPJ2TJs7xQJ/vtbgR1raiKudx
ZhPl10OCpacQ3zUlo5iE1BIiSZMx3TvDqQmsuN74zUWF8qrcXZY5aQljm5Shu+y4
Ols2OtjzcrtRsYP5NQW6exwz/X+WsZEJMaQA3X8yN9/2y5Vhtwnpvc+lPLMdtRoF
IugWkglMzxCpjuW+PWfLFBi3KLoW40V69wcyQFNCKa9CeISPYalV2iTOeK7niCMd
nC7GjZnGMXdVrR14EJfvy2N29qnRoMdpCScM1pWZdcQgtP19X4HR8fgCry7SwyXs
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:50 2023 by rpki-client on console-ams.rpki-client.org