Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Dbz_q_X6vIvLBEV8HqbMZl9idA8.cer
File:                     Dbz_q_X6vIvLBEV8HqbMZl9idA8.cer (raw, json)
Hash identifier:          e2ZRrriXHUMzNdrVaxMNkZ113AR2IUlhW0e+xbZZ0Eo=
Subject key identifier:   0D:BC:FF:AB:F5:FA:BC:8B:CB:04:45:7C:1E:A6:CC:66:5F:62:74:0F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       AAA0A66FDE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e4/1e6561-395b-4bde-bcd1-c02d585cffca/1/Dbz_q_X6vIvLBEV8HqbMZl9idA8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e4/1e6561-395b-4bde-bcd1-c02d585cffca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 15:57:56 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 8987
                          AS: 9059
                          AS: 39111
                          IP: 46.51.128.0/17
                          IP: 46.137.0.0/16
                          IP: 79.125.0.0/17
                          IP: 87.238.80.0/21
                          IP: 176.32.64.0/18
                          IP: 176.34.0.0/16
                          IP: 178.236.0.0/20
                          IP: 185.48.120.0/22
                          IP: 2a05:d000::/25

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 732839702494 (0xaaa0a66fde)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:57:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0dbcffabf5fabc8bcb04457c1ea6cc665f62740f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:4f:2b:f1:f1:d2:0a:05:5c:0a:52:59:fd:90:
                    a0:76:e8:27:fc:36:5e:ab:81:2d:52:40:11:d1:8e:
                    27:ab:dd:25:17:58:75:89:7f:11:88:d8:56:25:e7:
                    d0:b3:73:a0:7c:52:0b:f4:cc:76:61:8e:58:ad:99:
                    10:7a:85:5a:83:cf:06:94:4f:1b:92:b8:76:db:70:
                    29:38:e3:2e:cc:70:28:49:5c:65:5e:5e:b8:ea:0b:
                    ad:f6:65:63:ec:a6:c9:e5:6d:1c:43:4a:35:33:02:
                    0f:79:38:a3:7a:bc:9e:81:93:96:5e:ca:39:9b:74:
                    4f:ec:50:f6:dd:4b:bd:f2:47:72:a0:22:87:07:1e:
                    b6:5b:6f:59:76:89:d3:ed:ab:5f:6b:c3:b4:80:c4:
                    91:81:5e:db:2d:fa:4c:be:f5:0a:02:9b:e6:de:f7:
                    98:ea:a9:6e:32:66:ef:3a:c1:a5:13:0d:ba:6c:4c:
                    69:90:7d:a2:56:92:f0:d5:c4:12:dd:1d:ff:1f:17:
                    f6:1c:38:78:3c:bc:04:4b:4d:68:3d:75:79:2f:23:
                    db:8d:17:8a:07:d7:59:9c:05:1b:30:9d:e4:7e:35:
                    08:9d:3b:67:8f:9e:2d:f2:89:e3:b6:63:51:d6:91:
                    c6:4d:3d:1e:c9:5d:9a:aa:79:85:5f:15:0e:a9:80:
                    bb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:BC:FF:AB:F5:FA:BC:8B:CB:04:45:7C:1E:A6:CC:66:5F:62:74:0F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1e6561-395b-4bde-bcd1-c02d585cffca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1e6561-395b-4bde-bcd1-c02d585cffca/1/Dbz_q_X6vIvLBEV8HqbMZl9idA8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.128.0/17
                  46.137.0.0/16
                  79.125.0.0/17
                  87.238.80.0/21
                  176.32.64.0/18
                  176.34.0.0/16
                  178.236.0.0/20
                  185.48.120.0/22
                IPv6:
                  2a05:d000::/25

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8987
                  9059
                  39111

    Signature Algorithm: sha256WithRSAEncryption
         ae:f0:7c:16:33:7c:61:da:6f:c7:cd:7e:d4:13:31:5e:86:98:
         c9:d4:41:a7:9f:d7:3c:f3:ae:ad:24:eb:80:fd:57:35:fc:48:
         fa:7d:59:ba:c0:fb:48:30:e5:3d:92:16:f4:fe:3e:a6:74:3e:
         06:89:43:7f:17:39:87:60:a8:28:63:ea:9d:31:1f:fb:2c:52:
         ef:d1:62:20:10:c7:d1:a4:b6:a1:c4:1c:66:a1:b5:d8:01:20:
         12:6c:9b:b9:0c:68:3e:a1:63:89:ed:a9:79:92:85:2f:ec:54:
         cb:92:cc:35:7a:1b:e8:2f:de:69:e5:ec:83:f4:9d:f1:ab:65:
         28:8b:07:bc:47:3e:98:65:c2:08:9d:81:0c:b5:fa:fc:c7:8e:
         f3:35:f4:b4:f7:ea:49:c5:02:06:94:8c:bb:9a:4f:27:ae:06:
         1b:4e:48:2f:d1:20:85:78:88:7f:ba:fc:bd:57:c8:24:43:24:
         b5:43:dc:f3:58:aa:41:f6:b0:86:59:c6:f5:56:79:89:5c:00:
         73:fc:4d:b8:c8:b1:20:04:6b:0b:e7:8b:2f:41:6b:1c:a6:be:
         19:56:a3:63:b5:e6:7f:47:70:f4:a6:52:4f:16:bb:4e:64:14:
         b5:38:16:25:fb:f1:0e:fd:63:da:30:17:d3:df:2b:2e:86:d3:
         dd:82:de:40
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgIGAKqgpm/eMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTU1NzU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygwZGJjZmZhYmY1
ZmFiYzhiY2IwNDQ1N2MxZWE2Y2M2NjVmNjI3NDBmMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA2k8r8fHSCgVcClJZ/ZCgdugn/DZeq4EtUkAR0Y4nq90l
F1h1iX8RiNhWJefQs3OgfFIL9Mx2YY5YrZkQeoVag88GlE8bkrh223ApOOMuzHAo
SVxlXl646gut9mVj7KbJ5W0cQ0o1MwIPeTijeryegZOWXso5m3RP7FD23Uu98kdy
oCKHBx62W29ZdonT7atfa8O0gMSRgV7bLfpMvvUKApvm3veY6qluMmbvOsGlEw26
bExpkH2iVpLw1cQS3R3/Hxf2HDh4PLwES01oPXV5LyPbjReKB9dZnAUbMJ3kfjUI
nTtnj54t8onjtmNR1pHGTT0eyV2aqnmFXxUOqYC7wwIDAQABo4IC3zCCAtswHQYD
VR0OBBYEFA28/6v1+ryLywRFfB6mzGZfYnQPMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U0LzFlNjU2MS0zOTViLTRiZGUt
YmNkMS1jMDJkNTg1Y2ZmY2EvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvMWU2NTYxLTM5NWItNGJkZS1i
Y2QxLWMwMmQ1ODVjZmZjYS8xL0Riel9xX1g2dkl2TEJFVjhIcWJNWmw5aWRBOC5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTA0
BAIAATAuAwQHLjOAAwMALokDBAdPfQADBANX7lADBAawIEADAwCwIgMEBLLsAAME
ArkweDANBAIAAjAHAwUHKgXQADAiBggrBgEFBQcBCAEB/wQTMBGgDzANAgIjGwIC
I2MCAwCYxzANBgkqhkiG9w0BAQsFAAOCAQEArvB8FjN8Ydpvx81+1BMxXoaYydRB
p5/XPPOurSTrgP1XNfxI+n1ZusD7SDDlPZIW9P4+pnQ+BolDfxc5h2CoKGPqnTEf
+yxS79FiIBDH0aS2ocQcZqG12AEgEmybuQxoPqFjie2peZKFL+xUy5LMNXob6C/e
aeXsg/Sd8atlKIsHvEc+mGXCCJ2BDLX6/MeO8zX0tPfqScUCBpSMu5pPJ64GG05I
L9EghXiIf7r8vVfIJEMktUPc81iqQfawhlnG9VZ5iVwAc/xNuMixIARrC+eLL0Fr
HKa+GVajY7Xmf0dw9KZSTxa7TmQUtTgWJfvxDv1j2jAX098rLobT3YLeQA==
-----END CERTIFICATE-----