Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CnoSd-8dVkFUmMcSqUP1MAa2zRc.cer
File:                     CnoSd-8dVkFUmMcSqUP1MAa2zRc.cer (raw, json)
Hash identifier:          szRxrncFjfev9HdaUQD2OadCB0M6T+mpjiLxx77bwuI=
Subject key identifier:   0A:7A:12:77:EF:1D:56:41:54:98:C7:12:A9:43:F5:30:06:B6:CD:17
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0186356F1CF8A7D4710594DAE80B9C4F4BBD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6f/658206-b52b-45f0-ba5d-53e5a99b6708/1/CnoSd-8dVkFUmMcSqUP1MAa2zRc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6f/658206-b52b-45f0-ba5d-53e5a99b6708/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 09 Feb 2023 09:08:39 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 43267
                          IP: 82.112.184.0/21
                          IP: 91.196.72.0/22
                          IP: 2a06:aa80:: -- 2a06:aa86:ffff:ffff:ffff:ffff:ffff:ffff
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:35:6f:1c:f8:a7:d4:71:05:94:da:e8:0b:9c:4f:4b:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb  9 09:08:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a7a1277ef1d56415498c712a943f53006b6cd17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e7:03:8c:a2:ab:9e:84:d5:b9:1f:fb:d5:ff:
                    2e:64:e4:ec:84:c9:cd:f9:30:67:f0:64:11:df:e0:
                    9d:b9:f3:85:8b:f6:0d:3a:c4:47:78:98:b1:88:bc:
                    7d:8e:7d:2f:b2:7d:99:48:ad:f5:d0:8d:e8:26:d7:
                    be:59:79:cd:14:63:cc:04:3c:e2:62:1f:7f:80:63:
                    47:a5:6e:ea:15:9d:be:7a:1f:15:14:8e:62:bd:99:
                    ff:de:bb:99:5d:ba:a7:94:23:d1:ef:61:db:ef:cb:
                    62:e1:88:c3:13:9c:63:2b:d5:30:f4:1a:52:b9:24:
                    a6:09:9d:68:51:3c:04:29:da:cf:5a:06:e1:a3:72:
                    bf:b4:d9:a4:a8:ef:ca:a2:fe:fe:04:3a:99:a6:ff:
                    64:51:81:c9:4b:f5:57:ea:bd:41:bb:03:16:4d:73:
                    24:fe:4f:30:1d:7e:98:4a:3c:40:80:bb:97:3d:1e:
                    74:57:7a:9c:52:7c:09:37:23:dc:cc:ab:0f:4a:a5:
                    1c:31:34:04:f4:07:f2:13:9b:cb:8d:58:df:07:88:
                    02:48:d0:d5:10:16:35:16:5d:1d:d1:c8:2c:70:8c:
                    6a:95:70:36:a1:ea:82:56:9e:9f:23:8f:a0:f3:eb:
                    94:3c:01:dd:c7:f4:26:1f:33:ce:43:0a:13:2a:69:
                    9a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:7A:12:77:EF:1D:56:41:54:98:C7:12:A9:43:F5:30:06:B6:CD:17
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/658206-b52b-45f0-ba5d-53e5a99b6708/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/658206-b52b-45f0-ba5d-53e5a99b6708/1/CnoSd-8dVkFUmMcSqUP1MAa2zRc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.112.184.0/21
                  91.196.72.0/22
                IPv6:
                  2a06:aa80::-2a06:aa86:ffff:ffff:ffff:ffff:ffff:ffff

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43267

    Signature Algorithm: sha256WithRSAEncryption
         a8:5d:19:ea:31:9e:0a:0b:17:18:ed:3e:06:92:47:a7:33:32:
         b3:0e:4c:84:7e:9c:9c:d3:62:92:b8:cf:04:9e:b3:95:f0:3c:
         31:d2:a9:2b:6b:30:59:c3:b2:00:b6:8e:1a:81:cd:14:af:37:
         86:8d:26:f6:44:f7:c1:a3:8c:c2:99:8e:66:9f:c6:43:de:1c:
         a1:d6:ae:50:fe:87:9d:bb:ea:3d:14:84:ae:b8:93:11:ba:e3:
         e3:08:de:73:35:05:73:86:fc:51:bd:b9:77:c8:ee:dc:9d:d1:
         d6:bc:49:19:2f:6c:8f:22:3e:33:a1:9f:01:e6:bd:01:9d:17:
         75:70:14:7c:c6:44:b5:3b:f9:7f:29:3e:83:c3:1f:6d:1c:2a:
         80:71:d1:7e:f6:80:ea:7f:4d:10:da:70:0f:7b:38:bf:4f:02:
         25:26:7f:c8:b1:a7:97:44:3c:b0:2c:72:61:80:ce:c2:4d:99:
         a1:66:d1:7d:7d:c4:85:bf:8a:ec:70:b5:11:e4:22:0d:fa:c7:
         ed:db:39:b5:7f:a5:db:3e:95:3e:6f:3c:1d:54:31:ba:59:7c:
         0a:03:b6:82:65:1e:18:f5:30:1c:4a:9d:09:38:28:f9:38:4b:
         4c:cd:35:6c:fa:25:dc:9b:e8:22:d0:e4:b4:d2:93:db:e6:a3:
         b7:e9:b2:37
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAYY1bxz4p9RxBZTa6AucT0u9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMjA5MDkwODM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTdhMTI3N2VmMWQ1NjQxNTQ5OGM3MTJhOTQzZjUzMDA2YjZjZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ucDjKKrnoTVuR/71f8uZOTshMnN
+TBn8GQR3+CdufOFi/YNOsRHeJixiLx9jn0vsn2ZSK310I3oJte+WXnNFGPMBDzi
Yh9/gGNHpW7qFZ2+eh8VFI5ivZn/3ruZXbqnlCPR72Hb78ti4YjDE5xjK9Uw9BpS
uSSmCZ1oUTwEKdrPWgbho3K/tNmkqO/Kov7+BDqZpv9kUYHJS/VX6r1BuwMWTXMk
/k8wHX6YSjxAgLuXPR50V3qcUnwJNyPczKsPSqUcMTQE9AfyE5vLjVjfB4gCSNDV
EBY1Fl0d0cgscIxqlXA2oeqCVp6fI4+g8+uUPAHdx/QmHzPOQwoTKmmaowIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFAp6EnfvHVZBVJjHEqlD9TAGts0XMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZmLzY1ODIw
Ni1iNTJiLTQ1ZjAtYmE1ZC01M2U1YTk5YjY3MDgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmYvNjU4MjA2
LWI1MmItNDVmMC1iYTVkLTUzZTVhOTliNjcwOC8xL0Nub1NkLThkVmtGVW1NY1Nx
VVAxTUFhMnpSYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMD0GCCsGAQUF
BwEHAQH/BC4wLDASBAIAATAMAwQDUnC4AwQCW8RIMBYEAgACMBAwDgMFByoGqoAD
BQAqBqqGMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCpAzANBgkqhkiG9w0BAQsF
AAOCAQEAqF0Z6jGeCgsXGO0+BpJHpzMysw5MhH6cnNNikrjPBJ6zlfA8MdKpK2sw
WcOyALaOGoHNFK83ho0m9kT3waOMwpmOZp/GQ94codauUP6HnbvqPRSErriTEbrj
4wjeczUFc4b8Ub25d8ju3J3R1rxJGS9sjyI+M6GfAea9AZ0XdXAUfMZEtTv5fyk+
g8MfbRwqgHHRfvaA6n9NENpwD3s4v08CJSZ/yLGnl0Q8sCxyYYDOwk2ZoWbRfX3E
hb+K7HC1EeQiDfrH7ds5tX+l2z6VPm88HVQxull8CgO2gmUeGPUwHEqdCTgo+ThL
TM01bPol3JvoItDktNKT2+ajt+myNw==
-----END CERTIFICATE-----