Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34uacDxU0jzyf-cRp7BZ270Ppjk.cer
File:                     34uacDxU0jzyf-cRp7BZ270Ppjk.cer (raw, json)
Hash identifier:          YgEvLtpYBtgRqFu1ZJWBDH8fpqxTH5OhmsXBLX4Htg4=
Subject key identifier:   DF:8B:9A:70:3C:54:D2:3C:F2:7F:E7:11:A7:B0:59:DB:BD:0F:A6:39
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A57CBFBD84
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fc/24994f-8dbf-4a34-be02-b21758390cf7/1/34uacDxU0jzyf-cRp7BZ270Ppjk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fc/24994f-8dbf-4a34-be02-b21758390cf7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 11:02:38 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 212012
                          IP: 91.240.72.0/24
                          IP: 91.241.42.0/24
                          IP: 185.42.232.0/22
                          IP: 194.88.222.0/23
                          IP: 2a04:7040::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 710762544516 (0xa57cbfbd84)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:02:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=df8b9a703c54d23cf27fe711a7b059dbbd0fa639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5b:91:28:8f:80:d3:3d:29:ae:3c:bd:7e:e2:
                    c0:0d:cf:16:93:cc:f7:e8:1a:8e:59:b6:9a:51:4e:
                    6c:7e:12:2b:b2:ad:5c:8e:8c:7e:f9:b3:76:48:c2:
                    c6:bc:14:88:2d:b8:e4:17:38:a3:15:0c:99:1e:1b:
                    2a:73:83:df:b2:13:28:b0:7c:cd:88:b0:79:60:9c:
                    2d:ae:6f:7b:39:a5:70:de:1f:2d:02:fe:14:6c:6b:
                    0a:e9:39:a7:04:c2:78:5f:f2:2b:2f:41:83:55:76:
                    a0:d0:f1:05:3e:34:f0:c6:b8:2f:f3:8c:c8:d0:5c:
                    7d:25:4b:53:f8:5e:00:f3:9d:39:13:45:95:fb:55:
                    51:9b:f5:99:5c:77:cd:d9:ed:f0:59:66:52:be:ed:
                    56:2e:9b:48:17:5e:5d:fe:54:e4:85:09:86:4b:f3:
                    93:ba:ef:c6:e5:c0:13:df:7c:58:94:e6:3b:0f:a8:
                    c8:07:1a:36:80:6c:4f:61:8e:79:41:4c:49:f0:af:
                    90:f7:08:74:72:62:df:ba:49:68:a0:91:ba:c0:39:
                    3e:35:02:f7:59:e6:b3:91:9b:f7:3f:0b:46:09:26:
                    23:aa:e3:42:9f:44:62:27:2f:4b:db:f3:22:e8:df:
                    95:32:85:21:34:32:c9:53:45:a6:93:37:00:16:ae:
                    4f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:8B:9A:70:3C:54:D2:3C:F2:7F:E7:11:A7:B0:59:DB:BD:0F:A6:39
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/24994f-8dbf-4a34-be02-b21758390cf7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/24994f-8dbf-4a34-be02-b21758390cf7/1/34uacDxU0jzyf-cRp7BZ270Ppjk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.72.0/24
                  91.241.42.0/24
                  185.42.232.0/22
                  194.88.222.0/23
                IPv6:
                  2a04:7040::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212012

    Signature Algorithm: sha256WithRSAEncryption
         0d:a5:92:26:5a:c0:d1:6f:76:90:ea:a4:94:be:07:c3:2e:b9:
         92:b9:23:70:ca:a8:9a:c4:af:c8:14:ab:48:8c:8d:f4:df:69:
         87:4d:0d:9d:22:c5:3f:36:c0:f2:68:14:b1:9d:63:8c:57:fa:
         2f:68:82:a0:91:7b:15:9f:0d:62:c0:36:9c:9b:3a:5f:dd:20:
         e2:22:90:f4:e4:86:c9:9d:2c:b4:b8:09:42:f9:4d:26:a9:be:
         79:f7:35:95:a2:2b:33:24:0d:c6:cc:c0:29:fc:73:74:2c:39:
         d4:5d:e3:8d:27:f6:68:df:72:48:54:01:3a:b7:44:92:03:de:
         e6:a3:22:c9:26:0b:16:45:45:dc:d4:70:d0:2a:d2:ed:8a:b7:
         97:36:97:13:61:f0:04:a7:02:2a:82:82:be:89:a2:4a:a1:4d:
         6c:73:6d:bc:05:d7:68:d9:25:f6:8f:c2:bb:0f:38:96:31:d5:
         60:81:07:28:f6:89:d3:cc:66:81:d9:fd:b8:a5:9f:2e:62:4f:
         c9:e2:9a:6f:ef:48:65:8a:f2:c0:e0:b2:29:72:27:11:71:f9:
         df:23:61:eb:d5:2f:76:1a:c8:b4:c4:4d:ef:2e:b3:0d:91:cc:
         54:91:8b:df:de:9c:4b:6b:88:6e:5d:5f:04:3c:83:fb:19:6d:
         5a:9e:a4:d3
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgIGAKV8v72EMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTEwMjM4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhkZjhiOWE3MDNj
NTRkMjNjZjI3ZmU3MTFhN2IwNTlkYmJkMGZhNjM5MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA3FuRKI+A0z0prjy9fuLADc8Wk8z36BqOWbaaUU5sfhIr
sq1cjox++bN2SMLGvBSILbjkFzijFQyZHhsqc4PfshMosHzNiLB5YJwtrm97OaVw
3h8tAv4UbGsK6TmnBMJ4X/IrL0GDVXag0PEFPjTwxrgv84zI0Fx9JUtT+F4A8505
E0WV+1VRm/WZXHfN2e3wWWZSvu1WLptIF15d/lTkhQmGS/OTuu/G5cAT33xYlOY7
D6jIBxo2gGxPYY55QUxJ8K+Q9wh0cmLfuklooJG6wDk+NQL3WeazkZv3PwtGCSYj
quNCn0RiJy9L2/Mi6N+VMoUhNDLJU0WmkzcAFq5P4wIDAQABo4ICwTCCAr0wHQYD
VR0OBBYEFN+LmnA8VNI88n/nEaewWdu9D6Y5MB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZjLzI0OTk0Zi04ZGJmLTRhMzQt
YmUwMi1iMjE3NTgzOTBjZjcvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmMvMjQ5OTRmLThkYmYtNGEzNC1i
ZTAyLWIyMTc1ODM5MGNmNy8xLzM0dWFjRHhVMGp6eWYtY1JwN0JaMjcwUHBqay5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAe
BAIAATAYAwQAW/BIAwQAW/EqAwQCuSroAwQBwljeMA0EAgACMAcDBQMqBHBAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwM8LDANBgkqhkiG9w0BAQsFAAOCAQEADaWS
JlrA0W92kOqklL4Hwy65krkjcMqomsSvyBSrSIyN9N9ph00NnSLFPzbA8mgUsZ1j
jFf6L2iCoJF7FZ8NYsA2nJs6X90g4iKQ9OSGyZ0stLgJQvlNJqm+efc1laIrMyQN
xszAKfxzdCw51F3jjSf2aN9ySFQBOrdEkgPe5qMiySYLFkVF3NRw0CrS7Yq3lzaX
E2HwBKcCKoKCvomiSqFNbHNtvAXXaNkl9o/Cuw84ljHVYIEHKPaJ08xmgdn9uKWf
LmJPyeKab+9IZYrywOCyKXInEXH53yNh69UvdhrItMRN7y6zDZHMVJGL396cS2uI
bl1fBDyD+xltWp6k0w==
-----END CERTIFICATE-----