Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4MK4EKf3Jo9pW9eab1_Hx1Ds7kg.cer
File:                     4MK4EKf3Jo9pW9eab1_Hx1Ds7kg.cer (raw, json)
Hash identifier:          Ab4LtaOwiKCn9nlea+nq9aQQlbbTEYo1GMRsIqW9Es4=
Subject key identifier:   E0:C2:B8:10:A7:F7:26:8F:69:5B:D7:9A:6F:5F:C7:C7:50:EC:EE:48
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9CE6A7A9B4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/27/b0209f-8b60-478a-b5cc-ec091e73b1ed/1/4MK4EKf3Jo9pW9eab1_Hx1Ds7kg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/27/b0209f-8b60-478a-b5cc-ec091e73b1ed/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 03:56:16 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 57877
                          IP: 37.139.120.0/21
                          IP: 185.76.216.0/22
                          IP: 2a05:5cc0::/29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 673884645812 (0x9ce6a7a9b4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:56:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e0c2b810a7f7268f695bd79a6f5fc7c750ecee48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e0:00:42:00:39:e0:3f:14:e6:83:56:b0:72:
                    a7:c9:fb:1c:d6:2e:18:f0:ef:d5:f6:af:fb:77:6d:
                    20:f2:2f:55:48:10:e9:42:ca:36:2c:31:4c:20:35:
                    bd:29:3f:1c:5b:d0:d0:7f:6e:41:49:4e:6e:3a:c8:
                    b1:62:11:dd:cd:62:d1:49:1b:0c:ff:5a:7e:07:01:
                    3e:96:77:8e:bb:c1:15:a7:e6:55:0f:2a:4b:8e:77:
                    0f:89:d6:49:6c:4c:7d:07:12:f7:2a:6b:e2:c1:61:
                    02:8d:81:d7:25:67:56:b6:07:aa:24:90:71:6d:74:
                    4e:92:be:70:a8:5f:76:c8:92:90:6f:70:90:20:bf:
                    84:f2:00:cc:4e:7d:1a:9b:45:6c:0e:4e:30:00:22:
                    0d:20:6e:c8:ba:57:e9:19:35:cb:bc:aa:14:30:5f:
                    ff:66:a1:79:25:2d:46:3a:20:21:e7:a5:01:5d:e2:
                    b0:5f:e8:ae:65:8f:f8:64:9b:de:f4:d3:c8:9b:e3:
                    a7:18:60:94:43:2a:bc:d7:7e:73:bc:1b:43:db:a5:
                    d5:7d:1c:77:9d:a4:ec:b4:2a:a9:17:5d:4b:ad:77:
                    96:91:b6:21:7e:64:23:ce:f6:7d:88:2b:3f:59:ce:
                    1e:8d:4d:d6:c4:d2:44:8a:15:1b:c9:e1:df:4f:f6:
                    f4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:C2:B8:10:A7:F7:26:8F:69:5B:D7:9A:6F:5F:C7:C7:50:EC:EE:48
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/b0209f-8b60-478a-b5cc-ec091e73b1ed/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/b0209f-8b60-478a-b5cc-ec091e73b1ed/1/4MK4EKf3Jo9pW9eab1_Hx1Ds7kg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.120.0/21
                  185.76.216.0/22
                IPv6:
                  2a05:5cc0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57877

    Signature Algorithm: sha256WithRSAEncryption
         38:2f:08:a0:e7:67:e6:c9:a2:77:6a:40:c4:10:4f:04:bd:84:
         9e:71:09:27:d1:dc:91:a5:b6:d6:50:15:d2:f4:9d:97:71:c8:
         57:6a:d1:76:46:68:53:82:1b:8e:b0:0c:c1:b9:d4:18:21:b0:
         76:f8:3c:1f:23:c7:16:f4:1b:43:17:60:3b:8b:44:29:c5:a0:
         72:dc:37:54:8f:6b:0a:f1:30:f0:34:54:2e:76:e8:e6:c7:73:
         ee:7f:4c:00:c3:79:d4:bc:8e:fc:1b:99:b4:2c:82:d1:c6:48:
         ec:51:33:55:99:e8:c4:cb:a4:f0:af:39:2c:9f:ba:3d:63:15:
         e3:6a:ee:2c:f8:e6:ab:9f:73:52:f8:7c:d5:de:a6:24:45:36:
         75:42:b3:aa:e6:c9:a2:46:9c:b7:3c:4d:23:ec:c1:a6:85:70:
         09:9c:11:3f:b1:6b:03:46:97:08:b1:3c:7f:e3:3e:c8:f3:9e:
         5f:bf:6d:63:ce:15:1c:1a:1f:8c:d9:bd:44:9c:27:f3:36:6c:
         c5:af:4c:4a:0a:fe:cd:11:0a:3d:e2:ed:51:39:bd:f1:f1:71:
         ff:30:8f:4e:56:65:d0:f7:07:07:a6:7f:cd:c6:a5:4b:00:c7:
         ab:01:fe:7e:f0:ac:af:68:ba:b5:22:c7:7a:a0:82:41:d1:be:
         43:44:13:a2
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIGAJzmp6m0MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDM1NjE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhlMGMyYjgxMGE3
ZjcyNjhmNjk1YmQ3OWE2ZjVmYzdjNzUwZWNlZTQ4MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAuuAAQgA54D8U5oNWsHKnyfsc1i4Y8O/V9q/7d20g8i9V
SBDpQso2LDFMIDW9KT8cW9DQf25BSU5uOsixYhHdzWLRSRsM/1p+BwE+lneOu8EV
p+ZVDypLjncPidZJbEx9BxL3KmviwWECjYHXJWdWtgeqJJBxbXROkr5wqF92yJKQ
b3CQIL+E8gDMTn0am0VsDk4wACINIG7IulfpGTXLvKoUMF//ZqF5JS1GOiAh56UB
XeKwX+iuZY/4ZJve9NPIm+OnGGCUQyq8135zvBtD26XVfRx3naTstCqpF11LrXeW
kbYhfmQjzvZ9iCs/Wc4ejU3WxNJEihUbyeHfT/b0PQIDAQABo4ICtTCCArEwHQYD
VR0OBBYEFODCuBCn9yaPaVvXmm9fx8dQ7O5IMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI3L2IwMjA5Zi04YjYwLTQ3OGEt
YjVjYy1lYzA5MWU3M2IxZWQvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcvYjAyMDlmLThiNjAtNDc4YS1i
NWNjLWVjMDkxZTczYjFlZC8xLzRNSzRFS2YzSm85cFc5ZWFiMV9IeDFEczdrZy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAS
BAIAATAMAwQDJYt4AwQCuUzYMA0EAgACMAcDBQMqBVzAMBoGCCsGAQUFBwEIAQH/
BAswCaAHMAUCAwDiFTANBgkqhkiG9w0BAQsFAAOCAQEAOC8IoOdn5smid2pAxBBP
BL2EnnEJJ9HckaW21lAV0vSdl3HIV2rRdkZoU4IbjrAMwbnUGCGwdvg8HyPHFvQb
QxdgO4tEKcWgctw3VI9rCvEw8DRULnbo5sdz7n9MAMN51LyO/BuZtCyC0cZI7FEz
VZnoxMuk8K85LJ+6PWMV42ruLPjmq59zUvh81d6mJEU2dUKzqubJokactzxNI+zB
poVwCZwRP7FrA0aXCLE8f+M+yPOeX79tY84VHBofjNm9RJwn8zZsxa9MSgr+zREK
PeLtUTm98fFx/zCPTlZl0PcHB6Z/zcalSwDHqwH+fvCsr2i6tSLHeqCCQdG+Q0QT
og==
-----END CERTIFICATE-----