Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9khjTIG2opbAWcZHmWAXhn1arMY.cer
File:                     9khjTIG2opbAWcZHmWAXhn1arMY.cer (raw, json)
Hash identifier:          Fcy/+7YXvPMsGfff+P86QpynWiq7Pk45rxiaLbJHF28=
Subject key identifier:   F6:48:63:4C:81:B6:A2:96:C0:59:C6:47:99:60:17:86:7D:5A:AC:C6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       7D897EB77E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f7/a64a6e-7497-4356-bac8-ae600ac962b0/1/9khjTIG2opbAWcZHmWAXhn1arMY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f7/a64a6e-7497-4356-bac8-ae600ac962b0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 01 Jan 2021 03:29:38 +0000
Certificate not after:    Fri 01 Jul 2022 00:00:00 +0000
Subordinate resources:    IP: 152.89.204.0/22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 539177695102 (0x7d897eb77e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:29:38 2021 GMT
            Not After : Jul  1 00:00:00 2022 GMT
        Subject: CN=f648634c81b6a296c059c647996017867d5aacc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:36:77:f8:49:2a:64:03:80:f5:70:7b:57:2c:
                    15:08:e0:cd:25:b1:0c:21:36:17:c3:26:cf:fa:13:
                    06:4f:e9:c6:2b:72:48:fa:ca:85:17:ab:ae:29:61:
                    05:69:20:30:3d:88:2f:28:d1:0c:66:44:36:c1:48:
                    4a:40:b6:31:c0:41:64:85:3b:e2:06:df:82:2b:7c:
                    04:38:be:fa:ec:e2:3b:ba:6e:78:49:dc:76:3f:a9:
                    6f:66:26:b1:d5:9f:75:73:6d:27:3a:cb:c2:61:fd:
                    fd:21:0f:af:b7:3c:d9:91:30:46:24:14:21:ec:71:
                    ae:36:db:0c:c2:04:20:30:46:b6:6b:22:31:79:cd:
                    51:f5:fe:cc:85:58:99:fd:ac:df:8b:0b:76:90:2a:
                    e7:b2:7d:b0:05:82:e7:ed:64:2f:dd:86:7f:65:6a:
                    14:f2:43:75:c4:5e:08:15:1f:bf:9e:b0:4a:4d:4e:
                    c7:38:c2:20:18:f1:e5:df:06:ed:e8:b8:3f:9d:3f:
                    19:d1:d0:58:08:5b:dc:5b:98:42:8f:c5:74:1c:ff:
                    67:75:8d:f2:3e:a3:b4:4b:21:8d:48:e7:ef:61:70:
                    c0:08:a6:f8:4a:d9:6e:22:b7:54:d0:e4:8d:e7:1c:
                    29:28:4d:23:9a:7e:67:0e:54:cc:fe:7b:f5:50:d5:
                    1b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:48:63:4C:81:B6:A2:96:C0:59:C6:47:99:60:17:86:7D:5A:AC:C6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a64a6e-7497-4356-bac8-ae600ac962b0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a64a6e-7497-4356-bac8-ae600ac962b0/1/9khjTIG2opbAWcZHmWAXhn1arMY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:29:63:e3:09:94:60:38:f3:2f:0e:83:43:1b:67:6c:b1:f3:
         ab:b0:e5:fe:9c:7c:f6:63:5b:0d:14:a5:6d:86:ef:18:65:78:
         42:ae:43:fe:f7:34:2b:fa:f3:12:6e:78:ad:b5:b1:51:ce:0e:
         fe:a6:30:7b:64:63:6f:ac:8f:fa:3b:82:f8:77:83:7a:55:2c:
         f3:65:99:f7:34:d5:a3:52:73:6b:b0:b5:77:21:c5:f5:65:8e:
         35:17:4d:87:fd:bd:49:ef:3c:58:4f:86:a3:f6:fe:44:85:a3:
         79:2b:3b:39:f6:2f:49:ad:8d:5d:53:7a:93:7b:41:42:bf:6e:
         6c:65:30:95:80:7e:d7:ff:93:0c:ec:95:cd:bf:e7:bd:39:33:
         2d:5e:7a:58:d4:8c:fa:bc:c2:cf:82:a2:46:40:11:ef:8c:50:
         ad:69:52:ba:47:bf:a3:70:72:78:53:a8:22:ed:2a:af:d8:b7:
         19:2d:d2:d7:e2:3c:66:26:16:79:14:a2:97:b5:cd:16:47:c1:
         14:af:8e:36:9c:fc:1b:3d:96:e4:2e:70:0a:fd:99:68:a7:8a:
         73:a8:d8:d5:1c:07:07:a5:2d:a7:55:6a:0f:5a:45:9e:88:3a:
         a3:4d:f1:3c:b4:3f:c2:4f:45:c6:ed:c2:4b:2d:bc:32:34:93:
         64:46:3c:b4
-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgIFfYl+t34wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMo
MmE5NGE4ZGQ1NTRhZTcwMTA3MjA5OWM3MGI2NDA3NTU1ZGRkZTY2OTAeFw0yMTAx
MDEwMzI5MzhaFw0yMjA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKGY2NDg2MzRjODFi
NmEyOTZjMDU5YzY0Nzk5NjAxNzg2N2Q1YWFjYzYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUNnf4SSpkA4D1cHtXLBUI4M0lsQwhNhfDJs/6EwZP6cYr
ckj6yoUXq64pYQVpIDA9iC8o0QxmRDbBSEpAtjHAQWSFO+IG34IrfAQ4vvrs4ju6
bnhJ3HY/qW9mJrHVn3VzbSc6y8Jh/f0hD6+3PNmRMEYkFCHsca422wzCBCAwRrZr
IjF5zVH1/syFWJn9rN+LC3aQKueyfbAFguftZC/dhn9lahTyQ3XEXggVH7+esEpN
Tsc4wiAY8eXfBu3ouD+dPxnR0FgIW9xbmEKPxXQc/2d1jfI+o7RLIY1I5+9hcMAI
pvhK2W4it1TQ5I3nHCkoTSOafmcOVMz+e/VQ1Rs5AgMBAAGjggKEMIICgDAdBgNV
HQ4EFgQU9khjTIG2opbAWcZHmWAXhn1arMYwHwYDVR0jBBgwFoAUKpSo3VVK5wEH
IJnHC2QHVV3d5mkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwYAYI
KwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9hY2EvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNlcjCC
ASMGCCsGAQUFBwELBIIBFTCCAREwXQYIKwYBBQUHMAWGUXJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjcvYTY0YTZlLTc0OTctNDM1Ni1i
YWM4LWFlNjAwYWM5NjJiMC8xLzB8BggrBgEFBQcwCoZwcnN5bmM6Ly9ycGtpLnJp
cGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9hNjRhNmUtNzQ5Ny00MzU2LWJh
YzgtYWU2MDBhYzk2MmIwLzEvOWtoalRJRzJvcGJBV2NaSG1XQVhobjFhck1ZLm1m
dDAyBggrBgEFBQcwDYYmaHR0cHM6Ly9ycmRwLnJpcGUubmV0L25vdGlmaWNhdGlv
bi54bWwwWQYDVR0fBFIwUDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3Js
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAKYWcwwDQYJKoZIhvcNAQELBQADggEBAFkpY+MJlGA48y8Og0MbZ2yx
86uw5f6cfPZjWw0UpW2G7xhleEKuQ/73NCv68xJueK21sVHODv6mMHtkY2+sj/o7
gvh3g3pVLPNlmfc01aNSc2uwtXchxfVljjUXTYf9vUnvPFhPhqP2/kSFo3krOzn2
L0mtjV1TepN7QUK/bmxlMJWAftf/kwzslc2/5705My1eeljUjPq8ws+CokZAEe+M
UK1pUrpHv6NwcnhTqCLtKq/Ytxkt0tfiPGYmFnkUope1zRZHwRSvjjac/Bs9luQu
cAr9mWininOo2NUcBwelLadVag9aRZ6IOqNN8Ty0P8JPRcbtwkstvDI0k2RGPLQ=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:57 2023 by rpki-client on console-ams.rpki-client.org