Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6mbhlKlb6TmfahVgzVxgC9xQ5ck.cer
File:                     6mbhlKlb6TmfahVgzVxgC9xQ5ck.cer (raw, json)
Hash identifier:          166HYe4TzyvUXLrBNHx0zDp7WXsAivWXov9zfjQlu2A=
Subject key identifier:   EA:66:E1:94:A9:5B:E9:39:9F:6A:15:60:CD:5C:60:0B:DC:50:E5:C9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       AC3F449D32
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7d/a72549-df5b-4659-adb1-a3e98f7c7802/1/6mbhlKlb6TmfahVgzVxgC9xQ5ck.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7d/a72549-df5b-4659-adb1-a3e98f7c7802/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 24 Jan 2022 15:48:47 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 61357
                          AS: 204789
                          IP: 2a07:7ac0::/29
                          IP: 2a0c:6d80::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 739795836210 (0xac3f449d32)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 24 15:48:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ea66e194a95be9399f6a1560cd5c600bdc50e5c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3f:57:eb:59:16:3c:81:d8:80:47:a7:b0:11:
                    1e:0a:14:a0:2d:0b:07:aa:38:3d:54:ce:37:dc:2b:
                    0c:61:7d:87:f2:f1:75:a6:66:84:ff:7a:33:d9:d0:
                    a3:e6:b9:13:ce:37:3f:59:1b:c5:62:a0:b0:88:11:
                    d1:48:30:59:5f:ae:db:4f:01:fc:da:16:40:71:97:
                    50:e1:12:a6:83:54:01:37:eb:3d:ab:3b:b7:ea:c8:
                    59:00:b8:40:1f:de:c5:58:df:ea:75:13:d7:0a:2a:
                    ef:b2:be:9b:92:6b:88:23:5e:55:fa:99:b5:31:e2:
                    f9:41:3c:0c:7e:aa:9d:4c:8c:97:11:75:13:26:b7:
                    37:a9:d9:ab:2c:a4:51:94:db:15:9d:70:8d:64:d3:
                    7a:89:c6:36:a7:2e:7a:f4:82:8f:48:d9:e5:37:29:
                    e8:c2:0c:11:79:99:aa:6c:50:14:95:d2:f0:52:7b:
                    4e:1a:9d:64:f5:b5:57:1d:fc:4e:94:f2:96:58:45:
                    89:35:04:50:80:11:89:d0:2b:9c:d1:ff:e5:af:75:
                    7d:36:92:11:4a:17:e4:07:ee:97:51:82:1d:21:47:
                    9d:15:c9:37:f5:b7:70:4a:59:2e:da:12:e0:7c:49:
                    fe:ed:8c:de:d7:8b:55:fa:f3:7b:ac:8d:e4:1b:fe:
                    bc:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:66:E1:94:A9:5B:E9:39:9F:6A:15:60:CD:5C:60:0B:DC:50:E5:C9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a72549-df5b-4659-adb1-a3e98f7c7802/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a72549-df5b-4659-adb1-a3e98f7c7802/1/6mbhlKlb6TmfahVgzVxgC9xQ5ck.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:7ac0::/29
                  2a0c:6d80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  61357
                  204789

    Signature Algorithm: sha256WithRSAEncryption
         25:df:12:21:3d:37:be:05:82:42:a2:34:d1:d7:bc:cc:f0:9b:
         5d:61:54:b5:66:d9:91:9a:28:c6:3d:85:4b:39:f3:a6:f1:95:
         4a:d9:6e:92:6c:0e:16:9a:90:58:ef:5d:79:33:ab:59:8f:bf:
         d1:3e:91:80:18:fb:c4:39:a0:a4:96:53:d0:8a:85:04:3e:39:
         93:d8:e8:fc:37:55:0d:56:79:72:c4:84:bf:40:1e:24:6a:a7:
         0c:14:92:09:fb:55:1a:e3:2b:b5:64:6d:b7:ed:12:03:b3:31:
         92:f7:c9:17:2f:79:10:b0:08:ac:0b:09:93:88:86:54:e8:59:
         2a:74:57:1e:f1:bc:a2:ef:1c:7d:5a:89:95:22:c4:5d:68:66:
         33:b9:e2:b5:44:56:b9:45:a3:55:65:29:bf:97:7b:94:1c:e2:
         0e:5e:68:bc:df:b1:1f:53:62:56:19:03:ca:48:2c:e2:62:a9:
         e2:58:6e:d1:cf:da:4b:5a:c6:d8:5c:1b:d1:7a:f1:5a:37:c7:
         a7:58:fc:c9:00:f7:4b:81:fe:ea:a2:fb:a3:97:21:fc:6e:2f:
         9a:ff:ff:79:a8:25:d4:ef:e9:df:ad:39:3f:2e:2b:be:c3:de:
         f6:33:58:6b:20:11:53:e6:fa:72:a9:4e:92:3c:22:f3:6a:f9:
         ac:18:ac:af
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgIGAKw/RJ0yMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTI0MTU0ODQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhlYTY2ZTE5NGE5
NWJlOTM5OWY2YTE1NjBjZDVjNjAwYmRjNTBlNWM5MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAvD9X61kWPIHYgEensBEeChSgLQsHqjg9VM433CsMYX2H
8vF1pmaE/3oz2dCj5rkTzjc/WRvFYqCwiBHRSDBZX67bTwH82hZAcZdQ4RKmg1QB
N+s9qzu36shZALhAH97FWN/qdRPXCirvsr6bkmuII15V+pm1MeL5QTwMfqqdTIyX
EXUTJrc3qdmrLKRRlNsVnXCNZNN6icY2py569IKPSNnlNynowgwReZmqbFAUldLw
UntOGp1k9bVXHfxOlPKWWEWJNQRQgBGJ0Cuc0f/lr3V9NpIRShfkB+6XUYIdIUed
Fck39bdwSlku2hLgfEn+7Yze14tV+vN7rI3kG/68DQIDAQABo4ICrTCCAqkwHQYD
VR0OBBYEFOpm4ZSpW+k5n2oVYM1cYAvcUOXJMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdkL2E3MjU0OS1kZjViLTQ2NTkt
YWRiMS1hM2U5OGY3Yzc4MDIvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2QvYTcyNTQ5LWRmNWItNDY1OS1h
ZGIxLWEzZTk4ZjdjNzgwMi8xLzZtYmhsS2xiNlRtZmFoVmd6VnhnQzl4UTVjay5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAU
BAIAAjAOAwUDKgd6wAMFAyoMbYAwHwYIKwYBBQUHAQgBAf8EEDAOoAwwCgIDAO+t
AgMDH/UwDQYJKoZIhvcNAQELBQADggEBACXfEiE9N74FgkKiNNHXvMzwm11hVLVm
2ZGaKMY9hUs586bxlUrZbpJsDhaakFjvXXkzq1mPv9E+kYAY+8Q5oKSWU9CKhQQ+
OZPY6Pw3VQ1WeXLEhL9AHiRqpwwUkgn7VRrjK7VkbbftEgOzMZL3yRcveRCwCKwL
CZOIhlToWSp0Vx7xvKLvHH1aiZUixF1oZjO54rVEVrlFo1VlKb+Xe5Qc4g5eaLzf
sR9TYlYZA8pILOJiqeJYbtHP2ktaxthcG9F68Vo3x6dY/MkA90uB/uqi+6OXIfxu
L5r//3moJdTv6d+tOT8uK77D3vYzWGsgEVPm+nKpTpI8IvNq+awYrK8=
-----END CERTIFICATE-----