Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43i9t2gvKPujpwKbHJhDHWZKhAw.cer
File:                     43i9t2gvKPujpwKbHJhDHWZKhAw.cer (raw, json)
Hash identifier:          +ljRgRnOIELKMz5ShAuB/Ugbygn2WhqVCSJ9Jym9bR0=
Subject key identifier:   E3:78:BD:B7:68:2F:28:FB:A3:A7:02:9B:1C:98:43:1D:66:4A:84:0C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A72BDBA6D4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/be/be3414-817a-4667-9b5b-95f2071bfcad/1/43i9t2gvKPujpwKbHJhDHWZKhAw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/be/be3414-817a-4667-9b5b-95f2071bfcad/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 12:56:50 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 209363
                          IP: 109.68.240.0/21
                          IP: 185.253.124.0/22
                          IP: 193.34.148.0/23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 717995353812 (0xa72bdba6d4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:56:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e378bdb7682f28fba3a7029b1c98431d664a840c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:96:ad:7f:f7:fc:54:8d:9b:9f:8d:ba:8a:2b:
                    8a:9a:5a:bf:e2:59:b5:98:8a:c1:ca:70:ca:d3:4a:
                    26:77:60:80:cf:a7:a6:ca:21:8a:ce:f1:97:4a:dd:
                    58:e5:30:5c:eb:ae:07:57:71:3f:90:2e:07:eb:47:
                    5a:20:08:cf:52:3f:16:73:5f:cd:ec:79:0e:fd:7e:
                    c4:e3:c7:08:78:b6:99:25:31:af:22:65:65:72:6e:
                    62:09:f6:09:46:b6:d1:7c:af:11:02:18:20:36:ae:
                    12:78:ec:1e:1c:30:a9:10:0b:60:e5:ec:83:23:04:
                    6f:16:50:fa:49:1a:62:43:4a:30:7c:25:6f:e0:c8:
                    6d:2b:73:1f:cb:c0:d4:36:9b:e7:60:c6:a2:35:ef:
                    a9:8b:a0:f8:57:9b:39:0b:6a:23:d2:1d:d5:8b:d1:
                    9b:f0:de:06:a9:84:62:f4:a8:30:dd:37:13:89:94:
                    db:9a:21:7c:f3:ff:4a:b3:37:20:5a:de:da:68:10:
                    79:76:87:ce:e3:9d:01:ae:c1:6b:62:fc:32:7e:d3:
                    97:94:2b:ba:fe:a0:3d:ef:78:37:bf:d7:e1:a3:16:
                    74:7a:49:47:9b:d4:f3:46:d7:3b:b7:7e:8e:b5:21:
                    95:ee:c1:13:f1:64:8b:06:9c:b7:08:ee:2a:aa:5a:
                    09:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:78:BD:B7:68:2F:28:FB:A3:A7:02:9B:1C:98:43:1D:66:4A:84:0C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/be3414-817a-4667-9b5b-95f2071bfcad/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/be3414-817a-4667-9b5b-95f2071bfcad/1/43i9t2gvKPujpwKbHJhDHWZKhAw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.240.0/21
                  185.253.124.0/22
                  193.34.148.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209363

    Signature Algorithm: sha256WithRSAEncryption
         56:5d:c0:a1:c2:01:f3:7d:98:c6:78:3c:ab:cf:60:7b:79:0e:
         b6:ef:28:53:7d:26:5f:62:cd:f3:a2:ab:2e:d8:fa:5d:12:2e:
         ed:c8:c3:4c:29:c3:41:69:48:0b:e5:ba:01:27:f1:ce:f9:95:
         e4:7a:11:d3:ce:61:29:8a:16:24:16:82:18:d6:cd:1f:9b:40:
         6e:d3:b1:e8:0f:18:be:ad:f9:e9:05:27:41:76:13:61:b8:2a:
         a3:7f:b0:a1:c7:d9:f2:f6:8e:ce:ed:88:6c:2c:d3:ce:68:76:
         3d:ae:c0:59:6c:d0:3b:6e:7b:f8:bd:da:37:36:80:68:75:16:
         7a:53:b3:14:35:11:ff:68:00:0a:02:41:4b:e3:5e:8d:b6:6b:
         4a:8f:f0:4b:f6:61:27:8b:a7:1c:08:36:9d:8a:20:c1:b8:79:
         f1:22:b5:2f:be:10:3c:6b:0a:7e:22:8d:ed:54:22:f5:94:5c:
         2b:31:69:18:2f:82:d3:42:cb:5d:de:45:68:c3:1f:4b:c4:57:
         5c:01:3a:39:a5:b2:09:ff:23:a9:78:2e:e2:61:1c:31:fb:40:
         55:62:ef:89:c7:f4:aa:97:e1:36:bd:40:f2:15:b9:91:ce:58:
         aa:3a:be:6e:7b:18:5a:30:dc:f9:da:51:60:56:be:e0:eb:01:
         e6:e9:d8:de
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgIGAKcr26bUMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTI1NjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhlMzc4YmRiNzY4
MmYyOGZiYTNhNzAyOWIxYzk4NDMxZDY2NGE4NDBjMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA25atf/f8VI2bn426iiuKmlq/4lm1mIrBynDK00omd2CA
z6emyiGKzvGXSt1Y5TBc664HV3E/kC4H60daIAjPUj8Wc1/N7HkO/X7E48cIeLaZ
JTGvImVlcm5iCfYJRrbRfK8RAhggNq4SeOweHDCpEAtg5eyDIwRvFlD6SRpiQ0ow
fCVv4MhtK3Mfy8DUNpvnYMaiNe+pi6D4V5s5C2oj0h3Vi9Gb8N4GqYRi9Kgw3TcT
iZTbmiF88/9KszcgWt7aaBB5dofO450BrsFrYvwyftOXlCu6/qA973g3v9fhoxZ0
eklHm9TzRtc7t36OtSGV7sET8WSLBpy3CO4qqloJKQIDAQABo4ICrDCCAqgwHQYD
VR0OBBYEFON4vbdoLyj7o6cCmxyYQx1mSoQMMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JlL2JlMzQxNC04MTdhLTQ2Njct
OWI1Yi05NWYyMDcxYmZjYWQvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUvYmUzNDE0LTgxN2EtNDY2Ny05
YjViLTk1ZjIwNzFiZmNhZC8xLzQzaTl0Mmd2S1B1anB3S2JISmhESFdaS2hBdy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAY
BAIAATASAwQDbUTwAwQCuf18AwQBwSKUMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMx0zANBgkqhkiG9w0BAQsFAAOCAQEAVl3AocIB832Yxng8q89ge3kOtu8oU30m
X2LN86KrLtj6XRIu7cjDTCnDQWlIC+W6ASfxzvmV5HoR085hKYoWJBaCGNbNH5tA
btOx6A8Yvq356QUnQXYTYbgqo3+wocfZ8vaOzu2IbCzTzmh2Pa7AWWzQO257+L3a
NzaAaHUWelOzFDUR/2gACgJBS+NejbZrSo/wS/ZhJ4unHAg2nYogwbh58SK1L74Q
PGsKfiKN7VQi9ZRcKzFpGC+C00LLXd5FaMMfS8RXXAE6OaWyCf8jqXgu4mEcMftA
VWLvicf0qpfhNr1A8hW5kc5Yqjq+bnsYWjDc+dpRYFa+4OsB5unY3g==
-----END CERTIFICATE-----