Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/I0CjSCaNtQNK_-cgdntnAfNG6_4.cer
File:                     I0CjSCaNtQNK_-cgdntnAfNG6_4.cer (raw, json)
Hash identifier:          arvp8f0hauYNLCzhof04kb6bYN8xZ5mYalEB9CAD7xI=
Subject key identifier:   23:40:A3:48:26:8D:B5:03:4A:FF:E7:20:76:7B:67:01:F3:46:EB:FE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A9DD8D1532
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d0/3fa6c6-49a5-4932-a4aa-8a4f1767f29d/1/I0CjSCaNtQNK_-cgdntnAfNG6_4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d0/3fa6c6-49a5-4932-a4aa-8a4f1767f29d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 15:02:08 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 41456
                          IP: 89.31.40.0/21
                          IP: 185.173.248.0/22
                          IP: 2a0b:7f00::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 729566483762 (0xa9dd8d1532)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:02:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2340a348268db5034affe720767b6701f346ebfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:5f:c3:ff:f6:b9:a5:69:1f:2d:47:dc:a5:be:
                    ee:f3:8d:37:a7:26:bc:b2:73:5d:29:76:b5:f1:2d:
                    2d:09:34:8d:9a:fe:09:03:74:1a:35:9f:6f:4c:76:
                    df:3a:ce:e0:ce:39:70:d2:ca:b2:ef:07:14:23:e0:
                    5d:3f:e8:f4:40:d7:5a:09:2d:7f:fd:81:32:78:e8:
                    f7:60:d5:49:2c:dd:2c:c1:82:91:b0:ee:cd:39:d9:
                    54:0d:34:79:67:39:a7:62:65:8a:e7:0b:3d:ae:a0:
                    cf:ca:72:dc:d3:77:07:05:86:68:97:04:8a:f3:e9:
                    31:ca:ca:7e:5a:a3:51:c2:91:aa:81:08:07:6d:f0:
                    83:88:8a:b3:30:87:ef:04:cf:34:60:2c:bc:4b:66:
                    8d:64:48:02:54:bc:f0:05:eb:1f:0a:60:45:74:06:
                    8b:c8:a8:11:09:45:2b:f6:4c:53:ad:27:ec:d9:c2:
                    7c:3c:11:d1:49:54:dc:7f:3d:a1:fc:66:d5:95:65:
                    73:22:2e:be:e2:66:3b:33:d6:5c:64:d2:b7:a0:08:
                    80:45:87:0e:44:e7:5a:1a:eb:32:11:68:60:b2:71:
                    6f:e7:95:05:db:88:50:74:78:cc:8d:b6:f2:31:79:
                    78:3a:f4:fa:dc:37:65:f9:d0:ce:1a:44:05:9c:ac:
                    b6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:40:A3:48:26:8D:B5:03:4A:FF:E7:20:76:7B:67:01:F3:46:EB:FE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3fa6c6-49a5-4932-a4aa-8a4f1767f29d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3fa6c6-49a5-4932-a4aa-8a4f1767f29d/1/I0CjSCaNtQNK_-cgdntnAfNG6_4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.40.0/21
                  185.173.248.0/22
                IPv6:
                  2a0b:7f00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41456

    Signature Algorithm: sha256WithRSAEncryption
         1f:52:15:9d:ec:cd:be:9b:3e:a2:10:b1:fe:e1:5e:7c:84:54:
         af:46:04:96:ba:c8:74:a6:ae:5b:ac:8b:40:3f:ca:94:16:28:
         f5:bf:20:99:44:9a:80:0c:c2:39:08:07:53:0f:64:c8:71:93:
         87:a7:e4:83:09:d7:bf:6a:cb:06:a4:fd:25:3e:69:a4:3b:d6:
         62:1c:b6:60:08:0b:6b:22:68:d1:63:63:b5:ec:b0:19:4d:80:
         ba:cf:4d:3d:fc:10:13:8e:0c:d5:a9:c6:62:f1:00:90:39:da:
         14:15:ec:76:b4:10:66:14:ce:a0:d9:d2:74:7e:cd:0a:28:58:
         bb:90:ac:d0:63:f4:8e:83:e0:84:81:e5:47:a7:ee:f2:0b:84:
         88:80:66:37:68:2d:fd:f9:99:f5:8c:12:58:2a:c0:2a:13:7e:
         f6:ad:91:60:88:b4:82:4f:8a:a9:5a:db:67:47:6b:cc:06:15:
         d1:1d:6e:21:2d:54:0b:9a:60:f4:c7:4b:d9:c9:50:a6:99:92:
         47:3b:9a:36:54:dd:02:eb:3e:72:6a:ea:dc:fd:36:b9:df:89:
         1f:9d:19:64:db:73:21:7c:4c:52:43:d3:ed:38:4f:53:48:5f:
         57:4f:39:49:70:1f:ae:01:dc:c3:fb:18:5c:05:48:33:9e:f2:
         7f:b8:d4:ae
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIGAKndjRUyMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTUwMjA4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyMzQwYTM0ODI2
OGRiNTAzNGFmZmU3MjA3NjdiNjcwMWYzNDZlYmZlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA1V/D//a5pWkfLUfcpb7u8403pya8snNdKXa18S0tCTSN
mv4JA3QaNZ9vTHbfOs7gzjlw0sqy7wcUI+BdP+j0QNdaCS1//YEyeOj3YNVJLN0s
wYKRsO7NOdlUDTR5ZzmnYmWK5ws9rqDPynLc03cHBYZolwSK8+kxysp+WqNRwpGq
gQgHbfCDiIqzMIfvBM80YCy8S2aNZEgCVLzwBesfCmBFdAaLyKgRCUUr9kxTrSfs
2cJ8PBHRSVTcfz2h/GbVlWVzIi6+4mY7M9ZcZNK3oAiARYcOROdaGusyEWhgsnFv
55UF24hQdHjMjbbyMXl4OvT63Ddl+dDOGkQFnKy22QIDAQABo4ICtTCCArEwHQYD
VR0OBBYEFCNAo0gmjbUDSv/nIHZ7ZwHzRuv+MB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QwLzNmYTZjNi00OWE1LTQ5MzIt
YTRhYS04YTRmMTc2N2YyOWQvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAvM2ZhNmM2LTQ5YTUtNDkzMi1h
NGFhLThhNGYxNzY3ZjI5ZC8xL0kwQ2pTQ2FOdFFOS18tY2dkbnRuQWZORzZfNC5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAS
BAIAATAMAwQDWR8oAwQCua34MA0EAgACMAcDBQMqC38AMBoGCCsGAQUFBwEIAQH/
BAswCaAHMAUCAwCh8DANBgkqhkiG9w0BAQsFAAOCAQEAH1IVnezNvps+ohCx/uFe
fIRUr0YElrrIdKauW6yLQD/KlBYo9b8gmUSagAzCOQgHUw9kyHGTh6fkgwnXv2rL
BqT9JT5ppDvWYhy2YAgLayJo0WNjteywGU2Aus9NPfwQE44M1anGYvEAkDnaFBXs
drQQZhTOoNnSdH7NCihYu5Cs0GP0joPghIHlR6fu8guEiIBmN2gt/fmZ9YwSWCrA
KhN+9q2RYIi0gk+KqVrbZ0drzAYV0R1uIS1UC5pg9MdL2clQppmSRzuaNlTdAus+
cmrq3P02ud+JH50ZZNtzIXxMUkPT7ThPU0hfV085SXAfrgHcw/sYXAVIM57yf7jU
rg==
-----END CERTIFICATE-----