Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61MaMcwPs81qKpBeaRjpEUQINgk.cer
File:                     61MaMcwPs81qKpBeaRjpEUQINgk.cer (raw, json)
Hash identifier:          wctGZnAHlWBUt4irpRnAA+kMa5EteB4gQzooc2WqHFY=
Subject key identifier:   EB:53:1A:31:CC:0F:B3:CD:6A:2A:90:5E:69:18:E9:11:44:08:36:09
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       60EFEAE190
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d5/5d7469-2e7b-49b5-9d7c-130df8a81e30/1/61MaMcwPs81qKpBeaRjpEUQINgk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d5/5d7469-2e7b-49b5-9d7c-130df8a81e30/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 24 Feb 2020 15:21:47 +0000
Certificate not after:    Thu 01 Jul 2021 00:00:00 +0000
Subordinate resources:    AS: 35550
                          AS: 39102
                          AS: 44720
                          IP: 46.19.184.0/21
                          IP: 77.239.224.0/19
                          IP: 92.62.48.0/20
                          IP: 94.229.96.0/20
                          IP: 188.65.64.0/21
                          IP: 212.232.64.0/20
                          IP: 213.21.0.0/19
                          IP: 213.21.48.0/20
                          IP: 2a02:1e0::/29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 416342008208 (0x60efeae190)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 24 15:21:47 2020 GMT
            Not After : Jul  1 00:00:00 2021 GMT
        Subject: CN=eb531a31cc0fb3cd6a2a905e6918e91144083609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e2:16:7a:c7:0e:fd:bc:fe:20:ea:3a:22:dc:
                    87:e6:a1:8e:1d:0d:a5:c6:bd:10:15:9f:37:21:aa:
                    2b:a4:ff:3a:70:d3:71:56:89:84:67:13:0c:ea:34:
                    49:68:90:74:df:8b:29:fa:be:9e:b5:fa:60:bc:2e:
                    29:c4:ba:84:0c:0f:ea:92:38:83:18:e6:0a:2a:12:
                    ea:9e:bc:e2:73:6e:34:ca:4b:0d:5f:15:09:fc:b3:
                    37:7f:ed:4d:1e:b0:62:5f:cc:e2:ec:49:88:23:70:
                    62:d5:0a:d9:d2:e3:ca:1e:a3:0e:a2:bd:20:06:81:
                    99:f7:41:c3:96:3e:28:4b:c8:cc:b0:0d:aa:35:9a:
                    1d:14:c2:d4:17:70:84:3b:a2:4f:5e:d1:43:10:f3:
                    88:74:91:4c:d5:2f:cc:25:88:10:9f:36:3a:9b:b1:
                    c7:7d:07:7b:ad:ef:6c:5f:dd:be:aa:8e:ce:d0:4f:
                    9b:65:e9:06:d9:17:ee:7f:79:71:3b:62:c1:d6:da:
                    32:ab:d4:fb:8e:da:05:db:5a:1b:65:bf:c0:d5:05:
                    b1:22:93:2b:d1:4f:42:f2:18:3e:d1:be:33:39:8b:
                    3f:cf:98:f3:07:22:aa:51:78:f9:59:01:9a:0a:e2:
                    e5:03:74:2f:9a:cf:b3:a5:84:dc:ef:f3:93:b2:7e:
                    b0:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:53:1A:31:CC:0F:B3:CD:6A:2A:90:5E:69:18:E9:11:44:08:36:09
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5d7469-2e7b-49b5-9d7c-130df8a81e30/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5d7469-2e7b-49b5-9d7c-130df8a81e30/1/61MaMcwPs81qKpBeaRjpEUQINgk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.184.0/21
                  77.239.224.0/19
                  92.62.48.0/20
                  94.229.96.0/20
                  188.65.64.0/21
                  212.232.64.0/20
                  213.21.0.0/19
                  213.21.48.0/20
                IPv6:
                  2a02:1e0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  35550
                  39102
                  44720

    Signature Algorithm: sha256WithRSAEncryption
         14:4b:47:ba:a6:f2:b9:0a:0c:19:2d:17:a8:f1:44:d4:8b:a3:
         ee:10:11:a2:65:67:bd:81:90:c2:f0:f9:ce:8e:e4:23:f2:c1:
         92:98:e1:15:17:20:80:7f:d8:77:a6:4a:2e:f4:b4:6a:14:75:
         ea:c4:4b:d5:82:50:63:17:4b:a2:6a:91:b1:25:17:21:e5:79:
         27:42:d2:41:27:35:91:0c:95:b0:ae:a7:81:fe:ee:a0:29:eb:
         92:54:39:08:a8:ab:47:ea:6d:47:f1:55:21:34:ef:8d:79:78:
         a3:54:3e:59:34:d3:cc:14:8e:64:27:55:f9:a7:cc:03:dc:39:
         2f:aa:91:3e:f6:0a:21:33:cb:ab:7d:70:87:a3:cc:c2:42:3b:
         3a:e9:4b:8b:b7:af:75:97:3a:65:b5:27:72:25:ed:7d:3f:c7:
         ce:9d:0b:79:05:40:d4:36:b6:a6:27:7d:95:ab:63:64:9e:64:
         db:60:d3:f8:9b:ff:06:55:d2:13:06:d8:0a:8c:82:e7:49:d2:
         e9:ef:d2:a4:14:da:07:42:65:14:c5:9a:18:fb:2b:7b:b6:4d:
         d1:67:27:6d:e7:63:94:d8:de:cb:1b:68:b7:72:8c:53:c9:01:
         44:fc:90:fe:6f:1c:38:b8:fb:f1:12:5d:4e:74:d8:ca:fd:5e:
         48:8b:77:fa
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIFYO/q4ZAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMo
MmE5NGE4ZGQ1NTRhZTcwMTA3MjA5OWM3MGI2NDA3NTU1ZGRkZTY2OTAeFw0yMDAy
MjQxNTIxNDdaFw0yMTA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKGViNTMxYTMxY2Mw
ZmIzY2Q2YTJhOTA1ZTY5MThlOTExNDQwODM2MDkwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCm4hZ6xw79vP4g6joi3IfmoY4dDaXGvRAVnzchqiuk/zpw
03FWiYRnEwzqNElokHTfiyn6vp61+mC8LinEuoQMD+qSOIMY5goqEuqevOJzbjTK
Sw1fFQn8szd/7U0esGJfzOLsSYgjcGLVCtnS48oeow6ivSAGgZn3QcOWPihLyMyw
Dao1mh0UwtQXcIQ7ok9e0UMQ84h0kUzVL8wliBCfNjqbscd9B3ut72xf3b6qjs7Q
T5tl6QbZF+5/eXE7YsHW2jKr1PuO2gXbWhtlv8DVBbEikyvRT0LyGD7RvjM5iz/P
mPMHIqpRePlZAZoK4uUDdC+az7OlhNzv85OyfrAnAgMBAAGjggLjMIIC3zAdBgNV
HQ4EFgQU61MaMcwPs81qKpBeaRjpEUQINgkwHwYDVR0jBBgwFoAUKpSo3VVK5wEH
IJnHC2QHVV3d5mkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwYAYI
KwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9hY2EvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNlcjCC
ASMGCCsGAQUFBwELBIIBFTCCAREwXQYIKwYBBQUHMAWGUXJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDUvNWQ3NDY5LTJlN2ItNDliNS05
ZDdjLTEzMGRmOGE4MWUzMC8xLzB8BggrBgEFBQcwCoZwcnN5bmM6Ly9ycGtpLnJp
cGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS81ZDc0NjktMmU3Yi00OWI1LTlk
N2MtMTMwZGY4YTgxZTMwLzEvNjFNYU1jd1BzODFxS3BCZWFSanBFVVFJTmdrLm1m
dDAyBggrBgEFBQcwDYYmaHR0cHM6Ly9ycmRwLnJpcGUubmV0L25vdGlmaWNhdGlv
bi54bWwwWQYDVR0fBFIwUDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3Js
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwWAYIKwYBBQUHAQcBAf8ESTBHMDYE
AgABMDADBAMuE7gDBAVN7+ADBARcPjADBARe5WADBAO8QUADBATU6EADBAXVFQAD
BATVFTAwDQQCAAIwBwMFAyoCAeAwJAYIKwYBBQUHAQgBAf8EFTAToBEwDwIDAIre
AgMAmL4CAwCusDANBgkqhkiG9w0BAQsFAAOCAQEAFEtHuqbyuQoMGS0XqPFE1Iuj
7hARomVnvYGQwvD5zo7kI/LBkpjhFRcggH/Yd6ZKLvS0ahR16sRL1YJQYxdLomqR
sSUXIeV5J0LSQSc1kQyVsK6ngf7uoCnrklQ5CKirR+ptR/FVITTvjXl4o1Q+WTTT
zBSOZCdV+afMA9w5L6qRPvYKITPLq31wh6PMwkI7OulLi7evdZc6ZbUnciXtfT/H
zp0LeQVA1Da2pid9latjZJ5k22DT+Jv/BlXSEwbYCoyC50nS6e/SpBTaB0JlFMWa
GPsre7ZN0WcnbedjlNjeyxtot3KMU8kBRPyQ/m8cOLj78RJdTnTYyv1eSIt3+g==
-----END CERTIFICATE-----