Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5RPsC2aHVtQ_qxQlIVx7GyH4wIs.cer
File:                     5RPsC2aHVtQ_qxQlIVx7GyH4wIs.cer (raw, json)
Hash identifier:          fbwHOVi+ooXONT2DsPaaFogqSXqHhqIUDUXN8CQY318=
Subject key identifier:   E5:13:EC:0B:66:87:56:D4:3F:AB:14:25:21:5C:7B:1B:21:F8:C0:8B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9E2E54B47B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/97/ecea2c-01e5-4fc2-b283-09501e864cd3/1/5RPsC2aHVtQ_qxQlIVx7GyH4wIs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/97/ecea2c-01e5-4fc2-b283-09501e864cd3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 05:00:11 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 13057
                          IP: 194.0.236.0/24
                          IP: 194.29.207.0/24
                          IP: 194.242.42.0/24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 679382135931 (0x9e2e54b47b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:00:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e513ec0b668756d43fab1425215c7b1b21f8c08b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ae:e1:f4:b1:0e:ea:12:d4:5f:4d:47:19:1b:
                    f3:e4:ee:d9:9f:ac:5f:fc:dd:0d:46:45:da:46:e8:
                    6e:e4:3f:00:62:a3:1d:d3:b8:c0:29:d6:e0:6f:6b:
                    f5:67:98:9a:cf:38:1b:e5:af:9b:8e:e3:80:34:a7:
                    4d:8e:d1:82:b9:68:88:0b:b2:8f:28:16:20:27:7a:
                    b9:aa:00:dd:76:28:49:de:e3:ee:a4:a0:51:72:a9:
                    39:ea:e0:32:1a:ef:48:db:60:dd:b3:51:9f:d7:5e:
                    27:e7:fb:73:c7:9f:2a:a3:ae:c3:69:f4:52:b6:0c:
                    e2:62:19:3c:87:32:84:a0:46:c1:54:b2:8b:c2:e3:
                    af:f1:08:97:bb:87:1c:75:15:c5:20:cd:04:1d:1a:
                    0f:33:e1:fd:47:8c:25:e9:41:84:6d:9e:8f:7c:4e:
                    f0:95:6a:6b:2e:ae:b9:b4:8a:f1:8f:29:68:40:84:
                    70:15:bd:a0:f5:ad:19:11:64:8e:a7:77:23:fa:b7:
                    e1:60:60:bc:b1:72:9d:10:15:f1:4b:c0:78:b5:db:
                    d5:11:a1:4c:59:33:68:b6:0a:2d:37:d8:f8:58:02:
                    31:78:20:7b:34:ca:b9:0b:93:f9:b7:69:b6:60:61:
                    d5:a5:76:06:94:5a:06:60:23:a5:57:87:92:f5:ae:
                    a0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:13:EC:0B:66:87:56:D4:3F:AB:14:25:21:5C:7B:1B:21:F8:C0:8B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/ecea2c-01e5-4fc2-b283-09501e864cd3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/ecea2c-01e5-4fc2-b283-09501e864cd3/1/5RPsC2aHVtQ_qxQlIVx7GyH4wIs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.236.0/24
                  194.29.207.0/24
                  194.242.42.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  13057

    Signature Algorithm: sha256WithRSAEncryption
         9b:11:01:5f:1d:91:94:0e:a0:c4:fe:db:32:6b:8c:f8:f2:2f:
         3d:e0:ae:6e:32:04:79:f7:db:eb:81:b5:c3:6f:ab:85:9a:34:
         62:1a:a3:27:a7:c8:18:6b:10:7d:ac:67:fa:f2:1b:13:2a:a0:
         52:79:95:ed:a8:1e:5b:81:c6:08:d9:4f:88:33:37:e8:b7:1d:
         2e:26:93:8a:8b:f7:b1:64:3b:af:16:04:2e:8f:8c:b8:38:39:
         cf:06:eb:cc:a2:70:d9:71:a6:6e:0d:2f:17:d8:56:8f:db:4d:
         11:31:51:c2:82:9b:dc:ec:f7:c9:3d:56:70:36:05:88:06:21:
         bc:eb:66:92:87:76:a6:7e:81:35:20:3b:88:3d:86:97:09:96:
         8c:d8:d8:c3:17:49:98:7f:57:6b:11:c8:56:22:80:50:86:df:
         69:77:9a:36:c9:63:1c:8a:cd:e8:81:48:4b:96:62:4a:bb:63:
         dd:76:5c:cf:a6:5c:6c:7f:55:d1:6a:49:a5:2b:ad:50:b2:ed:
         a8:20:cb:0f:54:76:c0:9c:ba:f2:68:69:a0:11:2d:1f:a8:d2:
         e6:09:e8:65:74:69:cf:9b:23:3a:00:59:e6:cd:ae:91:ee:d2:
         ca:79:78:47:67:e9:85:7e:3e:00:cf:8b:21:33:53:55:46:7d:
         b9:27:66:1d
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgIGAJ4uVLR7MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDUwMDExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhlNTEzZWMwYjY2
ODc1NmQ0M2ZhYjE0MjUyMTVjN2IxYjIxZjhjMDhiMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAua7h9LEO6hLUX01HGRvz5O7Zn6xf/N0NRkXaRuhu5D8A
YqMd07jAKdbgb2v1Z5iazzgb5a+bjuOANKdNjtGCuWiIC7KPKBYgJ3q5qgDddihJ
3uPupKBRcqk56uAyGu9I22Dds1Gf114n5/tzx58qo67DafRStgziYhk8hzKEoEbB
VLKLwuOv8QiXu4ccdRXFIM0EHRoPM+H9R4wl6UGEbZ6PfE7wlWprLq65tIrxjylo
QIRwFb2g9a0ZEWSOp3cj+rfhYGC8sXKdEBXxS8B4tdvVEaFMWTNotgotN9j4WAIx
eCB7NMq5C5P5t2m2YGHVpXYGlFoGYCOlV4eS9a6gvwIDAQABo4ICqzCCAqcwHQYD
VR0OBBYEFOUT7Atmh1bUP6sUJSFcexsh+MCLMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk3L2VjZWEyYy0wMWU1LTRmYzIt
YjI4My0wOTUwMWU4NjRjZDMvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTcvZWNlYTJjLTAxZTUtNGZjMi1i
MjgzLTA5NTAxZTg2NGNkMy8xLzVSUHNDMmFIVnRRX3F4UWxJVng3R3lINHdJcy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAY
BAIAATASAwQAwgDsAwQAwh3PAwQAwvIqMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AjMBMA0GCSqGSIb3DQEBCwUAA4IBAQCbEQFfHZGUDqDE/tsya4z48i894K5uMgR5
99vrgbXDb6uFmjRiGqMnp8gYaxB9rGf68hsTKqBSeZXtqB5bgcYI2U+IMzfotx0u
JpOKi/exZDuvFgQuj4y4ODnPBuvMonDZcaZuDS8X2FaP200RMVHCgpvc7PfJPVZw
NgWIBiG862aSh3amfoE1IDuIPYaXCZaM2NjDF0mYf1drEchWIoBQht9pd5o2yWMc
is3ogUhLlmJKu2PddlzPplxsf1XRakmlK61Qsu2oIMsPVHbAnLryaGmgES0fqNLm
CehldGnPmyM6AFnmza6R7tLKeXhHZ+mFfj4Az4shM1NVRn25J2Yd
-----END CERTIFICATE-----