Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3fBI6gK3VRUzURv6kEDdq-EZdMY.cer
File:                     3fBI6gK3VRUzURv6kEDdq-EZdMY.cer (raw, json)
Hash identifier:          LCz09sXf6g+lPmOyCTe5jSzyiolPXuPiBRuwlEWHu58=
Subject key identifier:   DD:F0:48:EA:02:B7:55:15:33:51:1B:FA:90:40:DD:AB:E1:19:74:C6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01823F6BA47CDB03237F66B4A414043FB9E0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c1/aec6e1-a20d-4238-b07d-1d74cf376a1d/1/3fBI6gK3VRUzURv6kEDdq-EZdMY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c1/aec6e1-a20d-4238-b07d-1d74cf376a1d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 27 Jul 2022 11:29:55 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 35226
                          IP: 78.143.128.0/18
                          IP: 89.16.64.0/19
                          IP: 89.184.32.0/22
                          IP: 89.184.40.0 -- 89.184.57.255
                          IP: 109.106.96.0 -- 109.106.119.255
                          IP: 109.106.124.0/22
                          IP: 185.179.40.0/22
                          IP: 2a02:2158::/29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:3f:6b:a4:7c:db:03:23:7f:66:b4:a4:14:04:3f:b9:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 27 11:29:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ddf048ea02b7551533511bfa9040ddabe11974c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b1:b4:d6:b6:8b:94:7c:fc:01:2b:6f:42:e9:
                    84:ad:52:0b:06:c9:af:5d:95:b0:b3:07:dc:45:51:
                    7d:d8:3d:e2:12:3f:4a:00:e8:bd:40:d4:11:c6:71:
                    1a:e7:d0:25:96:ca:f0:de:ef:ed:56:e3:9f:ef:b7:
                    96:5f:aa:2c:92:66:b7:69:98:19:3f:fe:8d:40:fe:
                    bd:3b:8a:88:ec:84:b3:4e:57:3c:91:0a:cf:3d:fb:
                    ee:3d:9a:8c:e5:d5:bb:2d:8c:a8:6d:7a:87:63:f7:
                    d6:6c:d9:c9:e2:a3:90:cc:29:ce:23:2d:4c:c5:53:
                    68:36:cc:db:46:32:e2:00:88:58:e9:c4:ff:b5:de:
                    6f:b9:ef:22:cf:d2:f9:11:46:04:7e:02:70:47:de:
                    06:ab:e8:ab:ed:d0:5a:d7:c6:03:52:82:13:1e:24:
                    99:f3:46:e9:8c:79:87:65:63:63:51:36:7e:f1:39:
                    17:ad:90:25:a2:fb:6e:26:2b:b3:34:8b:3b:c1:15:
                    1e:a1:aa:25:06:c7:20:76:00:5a:f7:50:ea:06:d8:
                    5e:22:5f:81:bc:45:fb:80:ae:5d:80:74:1d:ee:cc:
                    14:f5:ca:b9:75:c3:b9:70:db:90:88:fc:40:ed:64:
                    f9:ab:ad:69:3e:ec:a2:1e:2a:b6:c6:3c:85:f8:49:
                    96:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:F0:48:EA:02:B7:55:15:33:51:1B:FA:90:40:DD:AB:E1:19:74:C6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/aec6e1-a20d-4238-b07d-1d74cf376a1d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/aec6e1-a20d-4238-b07d-1d74cf376a1d/1/3fBI6gK3VRUzURv6kEDdq-EZdMY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.128.0/18
                  89.16.64.0/19
                  89.184.32.0/22
                  89.184.40.0-89.184.57.255
                  109.106.96.0-109.106.119.255
                  109.106.124.0/22
                  185.179.40.0/22
                IPv6:
                  2a02:2158::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  35226

    Signature Algorithm: sha256WithRSAEncryption
         06:e4:70:3d:f4:9d:69:46:83:34:70:05:69:75:8d:ca:e0:b4:
         a1:83:6d:ed:1f:6f:e3:54:a1:b9:6b:8d:32:49:62:01:3c:3e:
         32:86:1f:e1:73:1a:c0:a8:09:e3:58:f4:6c:f0:d4:8e:ca:3a:
         cf:82:4d:58:2a:2a:83:b3:e7:0b:f1:f7:91:70:15:e2:f8:45:
         fa:81:f1:77:93:37:c6:c2:5a:0d:c0:10:1f:ab:2c:c1:b1:bf:
         12:68:db:eb:94:96:0a:f0:a8:0a:04:ac:a2:16:bf:2e:9c:67:
         d4:b6:35:64:77:93:1e:84:ea:9b:d2:a4:1c:db:9f:c8:80:20:
         8d:8c:0c:80:38:c0:40:21:17:6d:72:c1:ae:11:c6:4e:a7:2d:
         b1:1c:a0:14:8b:05:d7:84:31:8d:1a:25:46:de:be:84:12:e5:
         55:c3:6b:bc:9e:30:8c:02:2a:4e:cd:56:43:fb:a5:47:c8:41:
         88:7e:38:2e:0a:6e:ac:a2:81:34:9e:e8:7e:45:ea:30:d5:89:
         bc:59:94:cb:b3:ad:d6:04:6b:99:dd:94:c5:8b:b8:ab:93:15:
         77:db:d1:36:4f:d5:76:1f:7d:17:08:44:cf:f6:1e:f7:12:25:
         b0:b4:e0:20:26:d4:9d:70:fd:57:a2:6c:f9:48:b9:f7:89:86:
         87:c4:97:ba
-----BEGIN CERTIFICATE-----
MIIF1zCCBL+gAwIBAgISAYI/a6R82wMjf2a0pBQEP7ngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjIwNzI3MTEyOTU1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGYwNDhlYTAyYjc1NTE1MzM1MTFiZmE5MDQwZGRhYmUxMTk3NGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7G01raLlHz8AStvQumErVILBsmv
XZWwswfcRVF92D3iEj9KAOi9QNQRxnEa59Allsrw3u/tVuOf77eWX6oskma3aZgZ
P/6NQP69O4qI7ISzTlc8kQrPPfvuPZqM5dW7LYyobXqHY/fWbNnJ4qOQzCnOIy1M
xVNoNszbRjLiAIhY6cT/td5vue8iz9L5EUYEfgJwR94Gq+ir7dBa18YDUoITHiSZ
80bpjHmHZWNjUTZ+8TkXrZAlovtuJiuzNIs7wRUeoaolBscgdgBa91DqBtheIl+B
vEX7gK5dgHQd7swU9cq5dcO5cNuQiPxA7WT5q61pPuyiHiq2xjyF+EmWTQIDAQAB
o4IC4zCCAt8wHQYDVR0OBBYEFN3wSOoCt1UVM1Eb+pBA3avhGXTGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxL2FlYzZl
MS1hMjBkLTQyMzgtYjA3ZC0xZDc0Y2YzNzZhMWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzEvYWVjNmUx
LWEyMGQtNDIzOC1iMDdkLTFkNzRjZjM3NmExZC8xLzNmQkk2Z0szVlJVelVSdjZr
RURkcS1FWmRNWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGIGCCsGAQUF
BwEHAQH/BFMwUTBABAIAATA6AwQGTo+AAwQFWRBAAwQCWbggMAwDBANZuCgDBAFZ
uDgwDAMEBW1qYAMEA21qcAMEAm1qfAMEArmzKDANBAIAAjAHAwUDKgIhWDAaBggr
BgEFBQcBCAEB/wQLMAmgBzAFAgMAiZowDQYJKoZIhvcNAQELBQADggEBAAbkcD30
nWlGgzRwBWl1jcrgtKGDbe0fb+NUoblrjTJJYgE8PjKGH+FzGsCoCeNY9Gzw1I7K
Os+CTVgqKoOz5wvx95FwFeL4RfqB8XeTN8bCWg3AEB+rLMGxvxJo2+uUlgrwqAoE
rKIWvy6cZ9S2NWR3kx6E6pvSpBzbn8iAII2MDIA4wEAhF21ywa4Rxk6nLbEcoBSL
BdeEMY0aJUbevoQS5VXDa7yeMIwCKk7NVkP7pUfIQYh+OC4KbqyigTSe6H5F6jDV
ibxZlMuzrdYEa5ndlMWLuKuTFXfb0TZP1XYffRcIRM/2HvcSJbC04CAm1J1w/Vei
bPlIufeJhofEl7o=
-----END CERTIFICATE-----