Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CQ6AcZO_TAzsz0iMo3yVF1L-p-k.cer
File:                     CQ6AcZO_TAzsz0iMo3yVF1L-p-k.cer (raw, json)
Hash identifier:          jKCNxNsdoaOpv/WzykXxOhsO8FiJXL5WyXjt7++1SKA=
Subject key identifier:   09:0E:80:71:93:BF:4C:0C:EC:CF:48:8C:A3:7C:95:17:52:FE:A7:E9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856BD103FCD88E0785B78ECE83161F2840
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4d/c6f8cb-5327-4535-a437-b5dd81e808d6/1/CQ6AcZO_TAzsz0iMo3yVF1L-p-k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4d/c6f8cb-5327-4535-a437-b5dd81e808d6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 05:32:18 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 2.58.216.0/22
                          IP: 5.252.212.0/22
                          IP: 185.230.106.0/24
                          IP: 194.42.118.0/23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:d1:03:fc:d8:8e:07:85:b7:8e:ce:83:16:1f:28:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:32:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=090e807193bf4c0ceccf488ca37c951752fea7e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:48:13:ad:56:50:05:da:e8:33:31:a4:56:4f:
                    16:a2:0b:58:61:cb:f0:e9:a3:f4:32:af:7b:92:ca:
                    b7:4d:55:36:c4:f6:68:da:2c:0b:f5:46:80:c1:f3:
                    05:c5:48:05:f6:fe:19:a7:37:60:d1:3b:d0:3d:ea:
                    b7:b4:f6:a1:ac:3b:99:bf:27:44:d4:15:7e:84:d2:
                    e4:40:55:25:77:28:79:26:29:e8:55:40:b9:b9:59:
                    0e:87:2d:47:d3:14:42:c0:5b:c2:18:fa:5d:f5:66:
                    4e:f3:57:1f:af:ff:ed:cf:38:4f:c1:73:e0:ea:21:
                    cc:8c:99:1b:3c:d4:ce:bd:b8:a4:86:ef:fa:32:af:
                    49:7d:64:4d:96:e6:1d:a4:4b:54:43:ce:2b:4d:57:
                    4d:34:e0:78:ca:4b:58:8f:37:8c:fe:85:31:76:1d:
                    8e:cd:48:43:15:8c:01:51:4f:cb:fb:39:01:32:0f:
                    b3:8e:6f:15:20:62:42:35:81:a9:ef:37:08:da:11:
                    85:1e:89:e6:35:72:48:f5:08:75:99:f1:92:ec:62:
                    55:1b:4f:f3:38:db:94:72:4e:18:69:3b:81:cc:cd:
                    74:cb:5a:12:b0:3e:6a:c5:73:81:81:1a:03:b3:ae:
                    96:43:69:c4:f9:9b:0d:f2:33:46:f9:22:7a:d7:27:
                    5c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0E:80:71:93:BF:4C:0C:EC:CF:48:8C:A3:7C:95:17:52:FE:A7:E9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c6f8cb-5327-4535-a437-b5dd81e808d6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c6f8cb-5327-4535-a437-b5dd81e808d6/1/CQ6AcZO_TAzsz0iMo3yVF1L-p-k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.216.0/22
                  5.252.212.0/22
                  185.230.106.0/24
                  194.42.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:4c:3a:05:74:3b:12:1a:79:3c:e1:5d:df:9e:5a:13:01:d8:
         4f:e4:3d:f6:b6:b7:24:9b:bb:64:21:6f:82:37:d0:99:1c:53:
         ed:b5:64:a2:e7:f5:14:96:29:e0:b5:a3:54:6e:41:23:5a:7b:
         f1:7c:91:ff:69:50:4b:86:75:d1:4b:60:e7:28:07:b8:8e:89:
         e5:73:94:9d:b5:03:bd:ed:19:e8:2c:6d:3b:08:b5:c3:95:54:
         d8:e7:57:91:04:9e:e8:e9:d1:6f:18:08:8e:09:94:83:b5:7d:
         bf:43:11:6a:d3:6e:10:b8:c3:8d:c6:1c:30:72:80:b7:05:59:
         cb:1d:63:c8:b6:ee:f0:fb:9b:73:19:8f:95:ec:58:93:55:cd:
         aa:4d:dd:4d:de:c2:0b:13:dc:cf:9f:2e:99:8d:2a:9d:54:d2:
         cb:0c:67:c7:18:12:c0:6c:1c:75:4c:92:d1:ce:2d:26:68:6b:
         da:8b:6f:5f:4a:0e:ed:9b:a2:45:b4:50:26:c2:d7:9a:a4:75:
         d7:b9:ee:82:cf:0a:1b:0f:23:8e:4b:02:78:54:e3:1e:28:4c:
         ed:91:75:23:85:45:d9:c3:d2:b0:ec:64:5e:01:c0:f3:26:dd:
         84:76:ef:fa:bd:1f:ff:90:d9:69:11:2f:f9:f4:55:f4:67:e1:
         bc:b5:f8:a5
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYVr0QP82I4HhbeOzoMWHyhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDUzMjE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBlODA3MTkzYmY0YzBjZWNjZjQ4OGNhMzdjOTUxNzUyZmVhN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEgTrVZQBdroMzGkVk8WogtYYcvw
6aP0Mq97ksq3TVU2xPZo2iwL9UaAwfMFxUgF9v4Zpzdg0TvQPeq3tPahrDuZvydE
1BV+hNLkQFUldyh5JinoVUC5uVkOhy1H0xRCwFvCGPpd9WZO81cfr//tzzhPwXPg
6iHMjJkbPNTOvbikhu/6Mq9JfWRNluYdpEtUQ84rTVdNNOB4yktYjzeM/oUxdh2O
zUhDFYwBUU/L+zkBMg+zjm8VIGJCNYGp7zcI2hGFHonmNXJI9Qh1mfGS7GJVG0/z
ONuUck4YaTuBzM10y1oSsD5qxXOBgRoDs66WQ2nE+ZsN8jNG+SJ61ydcEQIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFAkOgHGTv0wM7M9IjKN8lRdS/qfpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRkL2M2Zjhj
Yi01MzI3LTQ1MzUtYTQzNy1iNWRkODFlODA4ZDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQvYzZmOGNi
LTUzMjctNDUzNS1hNDM3LWI1ZGQ4MWU4MDhkNi8xL0NRNkFjWk9fVEF6c3owaU1v
M3lWRjFMLXAtay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEGCCsGAQUF
BwEHAQH/BCIwIDAeBAIAATAYAwQCAjrYAwQCBfzUAwQAueZqAwQBwip2MA0GCSqG
SIb3DQEBCwUAA4IBAQCkTDoFdDsSGnk84V3fnloTAdhP5D32trckm7tkIW+CN9CZ
HFPttWSi5/UUlingtaNUbkEjWnvxfJH/aVBLhnXRS2DnKAe4jonlc5SdtQO97Rno
LG07CLXDlVTY51eRBJ7o6dFvGAiOCZSDtX2/QxFq024QuMONxhwwcoC3BVnLHWPI
tu7w+5tzGY+V7FiTVc2qTd1N3sILE9zPny6ZjSqdVNLLDGfHGBLAbBx1TJLRzi0m
aGvai29fSg7tm6JFtFAmwteapHXXue6CzwobDyOOSwJ4VOMeKEztkXUjhUXZw9Kw
7GReAcDzJt2Edu/6vR//kNlpES/59FX0Z+G8tfil
-----END CERTIFICATE-----