Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/IY7fZEhJI4T_yNujzmd9d6toMGw.cer
File:                     IY7fZEhJI4T_yNujzmd9d6toMGw.cer (raw, json)
Hash identifier:          TKIac/kXyDPnh0XaZ2m50uDWsUMWvWnkuGmmA6GDF/4=
Subject key identifier:   21:8E:DF:64:48:49:23:84:FF:C8:DB:A3:CE:67:7D:77:AB:68:30:6C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9945656BE4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/39/91fcd0-08fe-4ac2-a0bb-ddbbabd35746/1/IY7fZEhJI4T_yNujzmd9d6toMGw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/39/91fcd0-08fe-4ac2-a0bb-ddbbabd35746/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 00:55:17 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    IP: 193.109.120.0/24
                          IP: 193.109.213.0/24
                          IP: 193.109.217.0/24
                          IP: 193.109.221.0/24
                          IP: 2a0f:8c40::/29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 658294270948 (0x9945656be4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:55:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=218edf6448492384ffc8dba3ce677d77ab68306c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:24:43:16:50:95:34:6f:01:a3:33:0f:b2:8d:
                    c6:5a:0e:d5:8a:c5:70:3b:19:67:58:89:0a:b1:e1:
                    ef:e4:53:75:71:07:e3:cb:f5:a7:ed:a1:32:79:5d:
                    e9:4a:a8:7d:5b:af:7a:a0:3d:18:2a:f9:98:4c:73:
                    54:f8:bf:60:39:88:34:15:75:a4:41:d9:6e:99:a8:
                    e4:51:34:34:1e:07:e2:67:84:da:ec:9c:55:71:dd:
                    04:6a:ed:7d:23:a6:fa:fd:8c:75:ae:09:62:0b:fe:
                    41:2d:97:0c:8b:05:07:cd:b3:b0:ed:1d:1a:5a:a7:
                    28:2f:af:94:74:c9:5a:4f:02:41:4b:ad:26:d9:98:
                    e3:91:79:ab:9b:78:d5:ca:da:56:33:79:6b:53:5c:
                    97:d0:e8:f0:d6:40:43:6b:8f:37:16:5d:61:cd:ea:
                    b8:f1:b5:72:d9:40:e5:47:cb:43:ef:d5:09:b1:99:
                    65:16:ae:ae:37:42:ac:18:8c:95:4d:bf:a7:9e:9d:
                    e0:e5:0c:65:26:d8:f1:6f:5c:5a:8f:53:a0:8f:cb:
                    9f:1f:59:75:bb:c2:bf:47:f2:71:22:b6:8b:ef:80:
                    13:b4:c8:e0:bf:44:d8:fd:38:1d:c6:e1:d0:5a:d8:
                    84:ab:e2:4d:a7:47:b0:64:1d:ca:74:4e:54:d8:10:
                    a2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:8E:DF:64:48:49:23:84:FF:C8:DB:A3:CE:67:7D:77:AB:68:30:6C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/91fcd0-08fe-4ac2-a0bb-ddbbabd35746/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/91fcd0-08fe-4ac2-a0bb-ddbbabd35746/1/IY7fZEhJI4T_yNujzmd9d6toMGw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.120.0/24
                  193.109.213.0/24
                  193.109.217.0/24
                  193.109.221.0/24
                IPv6:
                  2a0f:8c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:f1:21:87:f4:38:8a:10:a4:c2:6a:75:45:f8:46:dd:9a:fb:
         a0:ba:08:fe:5d:9d:31:80:df:10:58:e6:8b:af:19:15:f9:ef:
         7a:f7:7d:93:3b:98:ed:01:a2:95:57:ed:72:6b:16:25:0b:eb:
         e5:53:79:b9:cc:b9:8f:b8:4d:8f:bf:ec:a2:45:c6:57:f9:43:
         f7:64:4c:d0:99:80:6d:90:bc:3d:61:3d:26:5d:af:51:7c:77:
         b3:0c:47:4f:4b:a0:8e:42:ca:33:42:25:72:16:89:49:f5:28:
         11:96:69:af:0e:19:75:ba:57:cc:66:99:86:e3:80:9c:e9:18:
         c2:91:f0:81:6b:75:80:41:63:20:7c:98:55:35:d2:55:01:73:
         0a:0b:1c:19:05:7a:39:f4:06:13:66:d0:87:e2:a5:71:ef:37:
         3e:a3:a5:58:ad:5e:4f:38:44:8b:66:09:82:15:5c:33:fe:79:
         e4:5f:d7:0d:ac:83:fa:49:8d:d6:b9:f0:ef:a2:73:fe:48:5f:
         ed:a9:fd:1d:f9:a8:09:cb:b0:36:dc:ee:62:f6:8d:fc:2d:92:
         13:85:ad:7d:21:84:43:4b:df:53:1f:30:98:e1:fb:45:b1:5b:
         bd:da:2a:49:dc:52:4f:77:04:4d:2a:4c:f7:17:7b:c8:48:8c:
         22:55:b9:c3
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIGAJlFZWvkMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDA1NTE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyMThlZGY2NDQ4
NDkyMzg0ZmZjOGRiYTNjZTY3N2Q3N2FiNjgzMDZjMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAryRDFlCVNG8BozMPso3GWg7VisVwOxlnWIkKseHv5FN1
cQfjy/Wn7aEyeV3pSqh9W696oD0YKvmYTHNU+L9gOYg0FXWkQdlumajkUTQ0Hgfi
Z4Ta7JxVcd0Eau19I6b6/Yx1rgliC/5BLZcMiwUHzbOw7R0aWqcoL6+UdMlaTwJB
S60m2ZjjkXmrm3jVytpWM3lrU1yX0Ojw1kBDa483Fl1hzeq48bVy2UDlR8tD79UJ
sZllFq6uN0KsGIyVTb+nnp3g5QxlJtjxb1xaj1Ogj8ufH1l1u8K/R/JxIraL74AT
tMjgv0TY/TgdxuHQWtiEq+JNp0ewZB3KdE5U2BCiawIDAQABo4ICpTCCAqEwHQYD
VR0OBBYEFCGO32RISSOE/8jbo85nfXeraDBsMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM5LzkxZmNkMC0wOGZlLTRhYzIt
YTBiYi1kZGJiYWJkMzU3NDYvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkvOTFmY2QwLTA4ZmUtNGFjMi1h
MGJiLWRkYmJhYmQzNTc0Ni8xL0lZN2ZaRWhKSTRUX3lOdWp6bWQ5ZDZ0b01Hdy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAe
BAIAATAYAwQAwW14AwQAwW3VAwQAwW3ZAwQAwW3dMA0EAgACMAcDBQMqD4xAMA0G
CSqGSIb3DQEBCwUAA4IBAQB88SGH9DiKEKTCanVF+Ebdmvugugj+XZ0xgN8QWOaL
rxkV+e96932TO5jtAaKVV+1yaxYlC+vlU3m5zLmPuE2Pv+yiRcZX+UP3ZEzQmYBt
kLw9YT0mXa9RfHezDEdPS6COQsozQiVyFolJ9SgRlmmvDhl1ulfMZpmG44Cc6RjC
kfCBa3WAQWMgfJhVNdJVAXMKCxwZBXo59AYTZtCH4qVx7zc+o6VYrV5POESLZgmC
FVwz/nnkX9cNrIP6SY3WufDvonP+SF/tqf0d+agJy7A23O5i9o38LZITha19IYRD
S99THzCY4ftFsVu92ipJ3FJPdwRNKkz3F3vISIwiVbnD
-----END CERTIFICATE-----