Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3ohn8cH6ZSnugD-3XBugCzZ8dZo.cer
File:                     3ohn8cH6ZSnugD-3XBugCzZ8dZo.cer (raw, json)
Hash identifier:          7xZRfmArZbdLfqhDZ7xlinpCQ8yKjFHe3hCWWloimFM=
Subject key identifier:   DE:88:67:F1:C1:FA:65:29:EE:80:3F:B7:5C:1B:A0:0B:36:7C:75:9A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       604C53235F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d1/11b604-4bb1-4952-b165-13caa0c3ad8c/1/3ohn8cH6ZSnugD-3XBugCzZ8dZo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d1/11b604-4bb1-4952-b165-13caa0c3ad8c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 24 Feb 2020 15:18:32 +0000
Certificate not after:    Thu 01 Jul 2021 00:00:00 +0000
Subordinate resources:    AS: 205670
                          IP: 185.67.224.0/22
                          IP: 185.148.20.0/22
                          IP: 2a03:27a0::/32
                          IP: 2a07:5bc0::/29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 413597377375 (0x604c53235f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 24 15:18:32 2020 GMT
            Not After : Jul  1 00:00:00 2021 GMT
        Subject: CN=de8867f1c1fa6529ee803fb75c1ba00b367c759a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5e:df:8a:7e:4f:d2:55:ef:4a:7d:2a:28:d0:
                    33:39:f2:68:f5:2c:9e:9d:e4:4d:30:b6:7d:ef:72:
                    d2:5d:e4:40:a2:67:fa:d6:81:e6:cb:b0:5b:37:d5:
                    bd:01:25:dc:e7:74:5e:0d:0e:65:33:64:d4:44:71:
                    63:12:56:1c:23:d0:0a:5e:7e:11:44:0d:7f:5c:7e:
                    24:4c:39:ce:ae:8c:a7:19:7b:74:3e:f8:7f:e0:cc:
                    1a:c0:2f:38:0b:4d:05:d0:b6:45:d8:9d:a4:ab:a6:
                    7c:14:2d:fd:ab:d4:49:cb:80:27:9b:95:e7:e5:3d:
                    a0:bf:bb:b0:a0:09:f7:09:a0:39:0a:aa:00:ac:47:
                    ba:06:af:00:3e:e7:27:32:e2:83:be:54:9e:53:29:
                    cb:2b:89:35:57:5b:ee:e4:58:1a:fa:94:c9:9e:36:
                    25:19:31:a9:24:b3:cb:01:de:97:e0:4d:01:29:1f:
                    9f:01:19:b5:e0:94:bc:5d:bf:a2:08:78:a0:a3:32:
                    a1:f9:69:4d:68:46:82:ac:1b:8b:00:36:48:b3:50:
                    86:c4:63:0c:2d:df:b4:12:74:82:a8:46:a2:4b:66:
                    49:a3:1b:7d:68:55:ef:84:c6:fd:b4:4f:99:95:9a:
                    00:de:1a:f2:b3:9b:71:bf:e8:89:ed:48:b5:44:23:
                    58:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:88:67:F1:C1:FA:65:29:EE:80:3F:B7:5C:1B:A0:0B:36:7C:75:9A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/11b604-4bb1-4952-b165-13caa0c3ad8c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/11b604-4bb1-4952-b165-13caa0c3ad8c/1/3ohn8cH6ZSnugD-3XBugCzZ8dZo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.224.0/22
                  185.148.20.0/22
                IPv6:
                  2a03:27a0::/32
                  2a07:5bc0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205670

    Signature Algorithm: sha256WithRSAEncryption
         2d:dd:16:32:eb:e1:c0:33:bb:68:05:2b:01:02:99:fd:9c:ca:
         de:c5:c4:fe:cc:89:63:5f:51:34:7d:97:fe:a4:f2:08:5a:0f:
         a9:9d:8c:6e:b2:2a:cc:a1:e7:76:67:d1:1d:fa:0a:a4:44:9e:
         36:6a:c4:5c:3b:a5:d6:3a:a4:9c:5e:dc:f6:bc:30:33:3b:60:
         f6:25:e6:ef:77:fc:d0:d1:3b:1d:9f:d2:dd:e3:22:40:15:9d:
         ea:cb:17:b9:d7:3b:05:7e:b8:a3:3f:f6:ef:e2:3f:d4:01:16:
         1b:48:80:f0:09:a8:64:af:50:e1:47:f0:3e:62:b9:c9:e8:05:
         12:ff:62:08:2f:67:d1:56:66:2e:74:a8:12:f8:ba:d8:c5:3f:
         0f:4a:5f:7e:dc:71:67:2e:34:17:3f:a7:b9:f1:f3:df:19:78:
         5f:0b:9f:9b:ae:40:21:d0:9b:8f:07:ad:ac:10:82:57:95:69:
         74:09:54:f0:b0:c9:c7:d8:6b:53:71:c5:b0:36:bf:68:f8:16:
         b1:d1:17:d3:e8:dd:7f:3a:43:17:05:d8:ca:37:14:4b:a0:8b:
         47:67:3b:b4:5f:f8:36:67:9d:e0:6d:12:eb:eb:3d:6b:ce:8f:
         84:7d:13:d7:9c:cd:12:f3:ef:2c:5a:9f:ce:dc:1d:65:b4:43:
         2e:04:37:e1
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgIFYExTI18wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMo
MmE5NGE4ZGQ1NTRhZTcwMTA3MjA5OWM3MGI2NDA3NTU1ZGRkZTY2OTAeFw0yMDAy
MjQxNTE4MzJaFw0yMTA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKGRlODg2N2YxYzFm
YTY1MjllZTgwM2ZiNzVjMWJhMDBiMzY3Yzc1OWEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNXt+Kfk/SVe9KfSoo0DM58mj1LJ6d5E0wtn3vctJd5ECi
Z/rWgebLsFs31b0BJdzndF4NDmUzZNREcWMSVhwj0ApefhFEDX9cfiRMOc6ujKcZ
e3Q++H/gzBrALzgLTQXQtkXYnaSrpnwULf2r1EnLgCebleflPaC/u7CgCfcJoDkK
qgCsR7oGrwA+5ycy4oO+VJ5TKcsriTVXW+7kWBr6lMmeNiUZMakks8sB3pfgTQEp
H58BGbXglLxdv6IIeKCjMqH5aU1oRoKsG4sANkizUIbEYwwt37QSdIKoRqJLZkmj
G31oVe+Exv20T5mVmgDeGvKzm3G/6IntSLVEI1jXAgMBAAGjggK8MIICuDAdBgNV
HQ4EFgQU3ohn8cH6ZSnugD+3XBugCzZ8dZowHwYDVR0jBBgwFoAUKpSo3VVK5wEH
IJnHC2QHVV3d5mkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwYAYI
KwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9hY2EvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNlcjCC
ASMGCCsGAQUFBwELBIIBFTCCAREwXQYIKwYBBQUHMAWGUXJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEvMTFiNjA0LTRiYjEtNDk1Mi1i
MTY1LTEzY2FhMGMzYWQ4Yy8xLzB8BggrBgEFBQcwCoZwcnN5bmM6Ly9ycGtpLnJp
cGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8xMWI2MDQtNGJiMS00OTUyLWIx
NjUtMTNjYWEwYzNhZDhjLzEvM29objhjSDZaU251Z0QtM1hCdWdDelo4ZFpvLm1m
dDAyBggrBgEFBQcwDYYmaHR0cHM6Ly9ycmRwLnJpcGUubmV0L25vdGlmaWNhdGlv
bi54bWwwWQYDVR0fBFIwUDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3Js
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwOwYIKwYBBQUHAQcBAf8ELDAqMBIE
AgABMAwDBAK5Q+ADBAK5lBQwFAQCAAIwDgMFACoDJ6ADBQMqB1vAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMjZjANBgkqhkiG9w0BAQsFAAOCAQEALd0WMuvhwDO7
aAUrAQKZ/ZzK3sXE/syJY19RNH2X/qTyCFoPqZ2MbrIqzKHndmfRHfoKpESeNmrE
XDul1jqknF7c9rwwMztg9iXm73f80NE7HZ/S3eMiQBWd6ssXudc7BX64oz/27+I/
1AEWG0iA8AmoZK9Q4UfwPmK5yegFEv9iCC9n0VZmLnSoEvi62MU/D0pfftxxZy40
Fz+nufHz3xl4Xwufm65AIdCbjwetrBCCV5VpdAlU8LDJx9hrU3HFsDa/aPgWsdEX
0+jdfzpDFwXYyjcUS6CLR2c7tF/4Nmed4G0S6+s9a86PhH0T15zNEvPvLFqfztwd
ZbRDLgQ34Q==
-----END CERTIFICATE-----