Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3JQiNwAFJK-8MfkIn8V8A-0O5JY.cer
File:                     3JQiNwAFJK-8MfkIn8V8A-0O5JY.cer (raw, json)
Hash identifier:          r/PAUxwmgiHFqkUiHUze+t2hr6C64IE9hdX6T1NYNww=
Subject key identifier:   DC:94:22:37:00:05:24:AF:BC:31:F9:08:9F:C5:7C:03:ED:0E:E4:96
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A8DCC2C49B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f0/5daf4e-06a3-4d6f-bb86-cbec7128a245/1/3JQiNwAFJK-8MfkIn8V8A-0O5JY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f0/5daf4e-06a3-4d6f-bb86-cbec7128a245/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 14:05:14 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 207489
                          IP: 194.76.145.0/24
                          IP: 194.76.149.0 -- 194.76.150.255
                          IP: 194.76.186.0/24
                          IP: 2a0f:ae40::/32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 725258257563 (0xa8dcc2c49b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:05:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dc942237000524afbc31f9089fc57c03ed0ee496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a9:cd:bb:18:4a:32:37:07:40:7b:2e:88:97:
                    54:06:3f:69:ce:77:5f:5c:e5:c5:fb:e7:94:03:17:
                    0c:bd:58:a2:e8:83:28:12:76:0c:1e:44:b2:86:ff:
                    84:3e:15:07:c3:e1:95:61:dc:c2:5b:91:c7:96:64:
                    15:6a:f7:52:ca:90:89:8e:68:3b:f2:a3:b5:eb:f7:
                    10:eb:52:b9:57:df:64:0c:29:c5:85:3c:55:ac:f7:
                    24:b5:80:fd:eb:af:9c:2e:b9:d8:32:14:3a:90:16:
                    50:1f:70:4e:19:02:2f:95:6f:ad:6c:bf:06:b0:6c:
                    5b:0f:9e:09:93:b7:2e:6b:30:48:95:ee:5d:58:20:
                    74:3e:35:95:9a:3d:99:21:87:66:45:da:2f:1d:f2:
                    a6:ef:ac:08:e6:e6:6b:3c:86:c5:0b:16:24:ab:de:
                    fb:60:f3:e4:09:b9:be:29:db:48:24:43:35:08:b7:
                    a6:af:79:96:28:3f:7b:da:12:a3:63:d6:f0:91:81:
                    1e:5d:d1:f9:bf:6b:29:6c:fb:e1:d8:0d:fd:e4:23:
                    21:5a:01:23:25:4c:ce:95:1b:75:9f:d7:59:e5:ac:
                    b2:3b:13:6f:4e:c5:aa:69:47:9b:1e:07:86:db:0b:
                    c1:cd:6c:31:87:39:d9:56:d0:32:e6:6d:c0:0f:9e:
                    4a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:94:22:37:00:05:24:AF:BC:31:F9:08:9F:C5:7C:03:ED:0E:E4:96
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/5daf4e-06a3-4d6f-bb86-cbec7128a245/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/5daf4e-06a3-4d6f-bb86-cbec7128a245/1/3JQiNwAFJK-8MfkIn8V8A-0O5JY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.145.0/24
                  194.76.149.0-194.76.150.255
                  194.76.186.0/24
                IPv6:
                  2a0f:ae40::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207489

    Signature Algorithm: sha256WithRSAEncryption
         a2:26:5a:98:cf:81:20:4c:95:af:6e:d6:cd:63:e4:8c:15:a2:
         bc:a2:7f:7e:98:d0:db:78:d9:c0:9e:1b:4a:ad:34:66:10:47:
         e5:90:53:a1:03:06:97:c1:77:30:cd:0a:d1:4c:81:49:4a:a8:
         0c:27:b7:11:15:a9:ca:4f:cc:90:aa:28:55:5a:d5:b6:6e:b8:
         a3:fc:1e:47:d3:f6:24:4c:c9:3a:00:ff:3b:52:40:f1:a3:96:
         24:bf:da:82:5a:8a:14:75:d3:78:6e:02:84:fa:95:51:b0:00:
         f3:10:3f:83:0d:64:13:f2:c3:50:c6:10:92:58:54:de:34:b9:
         5b:3a:46:72:66:21:a2:a2:8e:e9:51:a6:5d:eb:ff:1a:0d:81:
         5d:cb:3c:10:a0:03:a1:92:9a:e7:fd:c3:f2:89:c4:87:c7:e4:
         bb:05:75:b4:bc:a4:0e:ee:31:c8:21:93:15:d4:02:08:82:ff:
         bf:2e:e1:a6:4c:28:94:cf:50:05:60:20:4b:8b:09:3b:c5:54:
         5b:95:ba:44:cc:0f:8c:bd:4e:2e:ff:78:cc:19:f9:be:c9:0e:
         fc:da:ec:a2:2c:81:fd:7b:ca:a6:26:f9:95:2c:cf:98:02:09:
         6f:24:db:bf:04:be:2f:77:6d:b8:f5:e4:d9:ad:9d:69:22:8c:
         66:3f:ce:c3
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgIGAKjcwsSbMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTQwNTE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhkYzk0MjIzNzAw
MDUyNGFmYmMzMWY5MDg5ZmM1N2MwM2VkMGVlNDk2MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAqanNuxhKMjcHQHsuiJdUBj9pzndfXOXF++eUAxcMvVii
6IMoEnYMHkSyhv+EPhUHw+GVYdzCW5HHlmQVavdSypCJjmg78qO16/cQ61K5V99k
DCnFhTxVrPcktYD966+cLrnYMhQ6kBZQH3BOGQIvlW+tbL8GsGxbD54Jk7cuazBI
le5dWCB0PjWVmj2ZIYdmRdovHfKm76wI5uZrPIbFCxYkq977YPPkCbm+KdtIJEM1
CLemr3mWKD972hKjY9bwkYEeXdH5v2spbPvh2A395CMhWgEjJUzOlRt1n9dZ5ayy
OxNvTsWqaUebHgeG2wvBzWwxhznZVtAy5m3AD55KMQIDAQABo4ICwzCCAr8wHQYD
VR0OBBYEFNyUIjcABSSvvDH5CJ/FfAPtDuSWMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YwLzVkYWY0ZS0wNmEzLTRkNmYt
YmI4Ni1jYmVjNzEyOGEyNDUvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjAvNWRhZjRlLTA2YTMtNGQ2Zi1i
Yjg2LWNiZWM3MTI4YTI0NS8xLzNKUWlOd0FGSkstOE1ma0luOFY4QS0wTzVKWS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAg
BAIAATAaAwQAwkyRMAwDBADCTJUDBADCTJYDBADCTLowDQQCAAIwBwMFACoPrkAw
GgYIKwYBBQUHAQgBAf8ECzAJoAcwBQIDAyqBMA0GCSqGSIb3DQEBCwUAA4IBAQCi
JlqYz4EgTJWvbtbNY+SMFaK8on9+mNDbeNnAnhtKrTRmEEflkFOhAwaXwXcwzQrR
TIFJSqgMJ7cRFanKT8yQqihVWtW2brij/B5H0/YkTMk6AP87UkDxo5Ykv9qCWooU
ddN4bgKE+pVRsADzED+DDWQT8sNQxhCSWFTeNLlbOkZyZiGioo7pUaZd6/8aDYFd
yzwQoAOhkprn/cPyicSHx+S7BXW0vKQO7jHIIZMV1AIIgv+/LuGmTCiUz1AFYCBL
iwk7xVRblbpEzA+MvU4u/3jMGfm+yQ782uyiLIH9e8qmJvmVLM+YAglvJNu/BL4v
d2249eTZrZ1pIoxmP87D
-----END CERTIFICATE-----