Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CkVdKYOdNPKm-g-BjMc_ww4kUiI.cer
File:                     CkVdKYOdNPKm-g-BjMc_ww4kUiI.cer (raw, json)
Hash identifier:          4bFnUpA5MLRxWReBeLhZSCMo1MMicQNrR0yS7C16uY0=
Subject key identifier:   0A:45:5D:29:83:9D:34:F2:A6:FA:0F:81:8C:C7:3F:C3:0E:24:52:22
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856D895C32EC6833762FC335C1F0E582E7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/08/6d04c4-5a5f-4d9b-84d2-679aff7acb2c/1/CkVdKYOdNPKm-g-BjMc_ww4kUiI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/08/6d04c4-5a5f-4d9b-84d2-679aff7acb2c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 13:33:16 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 24851
                          IP: 81.27.96.0/20
                          IP: 146.247.48.0/20
                          IP: 2a02:2bb8::/32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:89:5c:32:ec:68:33:76:2f:c3:35:c1:f0:e5:82:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:33:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a455d29839d34f2a6fa0f818cc73fc30e245222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4a:91:83:83:e1:50:a4:80:16:14:76:b6:b1:
                    fe:d3:b9:d8:7a:f3:58:a6:ee:5e:95:81:7c:10:d6:
                    b9:38:04:7f:de:ce:c6:34:00:03:1d:27:23:94:99:
                    e6:b9:f3:8f:f2:a2:21:4f:f6:82:9e:06:f5:5d:03:
                    91:2a:3a:ed:42:cb:2a:06:e2:bf:cb:4d:b7:03:b1:
                    2f:0d:98:cd:7d:d1:d1:24:68:29:6f:62:d3:e5:47:
                    8c:b5:7b:78:46:30:c0:6b:03:a7:37:17:41:e1:93:
                    5a:89:62:2c:e0:11:e2:74:6c:9a:4d:e8:70:4c:8b:
                    0b:0c:d5:52:c5:2b:39:95:bc:78:9b:e1:b6:34:16:
                    08:2e:f3:fd:0a:e6:d0:20:97:b4:e6:ab:6d:9d:a0:
                    b7:07:48:e7:86:80:09:2c:82:79:19:09:e8:cf:15:
                    32:30:7b:12:5e:65:72:9f:15:31:68:df:0f:e4:f0:
                    ac:ac:c6:3d:cb:d6:ed:9a:92:63:92:5a:61:a3:d4:
                    be:c8:40:17:b2:10:d4:24:cd:39:95:28:2c:20:e2:
                    1a:de:2b:b3:08:b8:27:4d:3d:d6:a5:e7:28:66:28:
                    9b:6f:1e:c6:33:0e:cc:b9:9f:aa:b7:da:ae:fd:48:
                    cb:78:a6:35:f7:9a:b7:ed:53:5f:b6:d6:9c:1a:76:
                    da:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:45:5D:29:83:9D:34:F2:A6:FA:0F:81:8C:C7:3F:C3:0E:24:52:22
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6d04c4-5a5f-4d9b-84d2-679aff7acb2c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6d04c4-5a5f-4d9b-84d2-679aff7acb2c/1/CkVdKYOdNPKm-g-BjMc_ww4kUiI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.27.96.0/20
                  146.247.48.0/20
                IPv6:
                  2a02:2bb8::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  24851

    Signature Algorithm: sha256WithRSAEncryption
         29:8c:28:ce:14:01:f6:15:f7:d3:54:df:e6:6f:65:97:e4:ce:
         8b:7d:e8:5e:e3:08:49:c8:9d:85:d7:50:f1:18:ae:ff:e8:dc:
         9f:18:47:bc:a7:bd:4c:22:64:7c:24:76:b8:3d:f3:90:9c:f4:
         38:f4:bb:e8:f7:26:48:e3:c0:90:a6:4e:89:99:c1:73:60:d8:
         ea:4e:54:7b:1b:d1:74:e2:fd:21:6f:fd:d8:f6:b5:ca:40:c5:
         1a:75:27:8e:7d:48:e1:a6:32:02:45:f2:ef:01:a3:b0:0b:dc:
         f3:52:5c:f7:6f:96:d0:52:f9:d7:86:64:fc:eb:b5:4c:93:ff:
         7e:0e:a2:74:88:b5:67:39:31:62:36:14:ee:43:a7:dc:a1:25:
         e3:69:5e:0c:19:08:13:db:22:f0:b9:93:e1:ab:ea:98:76:60:
         cf:4b:18:12:6b:0f:2c:e0:e3:39:0f:9e:aa:e8:84:4f:86:54:
         6a:9b:c7:07:75:1e:76:b7:f7:e9:0a:31:f0:71:24:e3:b9:61:
         da:a2:31:32:65:1d:9c:05:e9:b3:41:f9:35:fd:4b:d8:56:d7:
         77:d0:b6:f8:61:31:b1:88:8c:93:7e:a5:d2:e7:ab:f9:67:0c:
         2c:48:9e:16:33:b4:c3:94:63:cc:be:0f:84:8c:a9:b4:c3:e5:
         66:4e:37:f5
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAYVtiVwy7Ggzdi/DNcHw5YLnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMTMzMzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQ1NWQyOTgzOWQzNGYyYTZmYTBmODE4Y2M3M2ZjMzBlMjQ1MjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUqRg4PhUKSAFhR2trH+07nYevNY
pu5elYF8ENa5OAR/3s7GNAADHScjlJnmufOP8qIhT/aCngb1XQORKjrtQssqBuK/
y023A7EvDZjNfdHRJGgpb2LT5UeMtXt4RjDAawOnNxdB4ZNaiWIs4BHidGyaTehw
TIsLDNVSxSs5lbx4m+G2NBYILvP9CubQIJe05qttnaC3B0jnhoAJLIJ5GQnozxUy
MHsSXmVynxUxaN8P5PCsrMY9y9btmpJjklpho9S+yEAXshDUJM05lSgsIOIa3iuz
CLgnTT3WpecoZiibbx7GMw7MuZ+qt9qu/UjLeKY195q37VNfttacGnbafwIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFApFXSmDnTTypvoPgYzHP8MOJFIiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA4LzZkMDRj
NC01YTVmLTRkOWItODRkMi02NzlhZmY3YWNiMmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDgvNmQwNGM0
LTVhNWYtNGQ5Yi04NGQyLTY3OWFmZjdhY2IyYy8xL0NrVmRLWU9kTlBLbS1nLUJq
TWNfd3c0a1VpSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQEURtgAwQEkvcwMA0EAgACMAcDBQAqAiu4MBkG
CCsGAQUFBwEIAQH/BAowCKAGMAQCAmETMA0GCSqGSIb3DQEBCwUAA4IBAQApjCjO
FAH2FffTVN/mb2WX5M6Lfehe4whJyJ2F11DxGK7/6NyfGEe8p71MImR8JHa4PfOQ
nPQ49Lvo9yZI48CQpk6JmcFzYNjqTlR7G9F04v0hb/3Y9rXKQMUadSeOfUjhpjIC
RfLvAaOwC9zzUlz3b5bQUvnXhmT867VMk/9+DqJ0iLVnOTFiNhTuQ6fcoSXjaV4M
GQgT2yLwuZPhq+qYdmDPSxgSaw8s4OM5D56q6IRPhlRqm8cHdR52t/fpCjHwcSTj
uWHaojEyZR2cBemzQfk1/UvYVtd30Lb4YTGxiIyTfqXS56v5ZwwsSJ4WM7TDlGPM
vg+EjKm0w+VmTjf1
-----END CERTIFICATE-----