Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KpItDGyZvj3bTSUA_o-13fFjyaA.cer
File:                     KpItDGyZvj3bTSUA_o-13fFjyaA.cer (raw, json)
Hash identifier:          zHsKYgWvFJleHtQYPQipM2DT/Y76J8N13CIWNcunFa0=
Subject key identifier:   2A:92:2D:0C:6C:99:BE:3D:DB:4D:25:00:FE:8F:B5:DD:F1:63:C9:A0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9D3D33429B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/37/3898a9-5a8f-45d5-a57e-1c8158f94a89/1/KpItDGyZvj3bTSUA_o-13fFjyaA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/37/3898a9-5a8f-45d5-a57e-1c8158f94a89/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 04:01:03 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 42846
                          IP: 45.84.188.0/22
                          IP: 89.252.178.0 -- 89.252.187.255
                          IP: 185.106.208.0/22
                          IP: 2a06:41c0::/29
                          IP: 2a0f:e80::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 675336635035 (0x9d3d33429b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:01:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2a922d0c6c99be3ddb4d2500fe8fb5ddf163c9a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e5:43:3b:19:18:cb:67:88:ce:60:0a:ed:f9:
                    ad:02:2b:30:d9:14:9f:aa:17:2e:cd:69:5e:be:b0:
                    10:0d:5d:f2:26:d7:57:76:b2:24:36:23:67:33:5b:
                    cf:42:fe:05:f4:66:39:a4:a8:fb:52:ef:83:ae:47:
                    8d:e6:44:8e:3f:fe:51:8f:c9:11:9f:cc:46:e0:43:
                    49:c1:ef:1e:2b:73:0b:00:9a:8d:51:ea:6d:17:df:
                    d4:da:47:92:68:ca:03:a3:06:89:d0:52:2b:f2:f8:
                    01:c3:6d:76:0a:48:41:31:8f:8d:f7:5c:b1:af:03:
                    43:d6:88:b2:d3:6e:59:8d:a3:a5:18:2c:04:21:60:
                    00:ff:a8:0c:7d:59:e1:03:17:8f:b2:7d:76:5d:19:
                    29:be:2c:23:29:71:01:fe:13:7f:6a:2f:31:ed:d6:
                    3a:41:91:62:83:c7:ce:14:6d:76:68:e0:86:c0:2d:
                    e2:18:25:8f:f0:06:68:47:c9:bf:5a:c6:e4:38:77:
                    f8:b9:4a:87:09:1d:f1:8d:12:b0:db:11:31:13:88:
                    05:7f:5e:bc:8e:7d:16:bf:29:1f:7a:ac:3e:1b:3c:
                    fb:77:93:20:e0:43:7f:83:25:1e:5e:ed:6b:7d:6b:
                    3f:6b:02:81:8f:c0:81:92:07:0b:ae:d7:5f:89:fc:
                    65:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:92:2D:0C:6C:99:BE:3D:DB:4D:25:00:FE:8F:B5:DD:F1:63:C9:A0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/3898a9-5a8f-45d5-a57e-1c8158f94a89/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/3898a9-5a8f-45d5-a57e-1c8158f94a89/1/KpItDGyZvj3bTSUA_o-13fFjyaA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.188.0/22
                  89.252.178.0-89.252.187.255
                  185.106.208.0/22
                IPv6:
                  2a06:41c0::/29
                  2a0f:e80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42846

    Signature Algorithm: sha256WithRSAEncryption
         43:03:f6:ed:1c:4d:bd:f9:38:c2:85:86:21:5d:d7:25:32:13:
         1b:74:70:47:b8:5c:8d:83:7c:af:17:66:34:0b:54:eb:9a:50:
         fe:ac:56:89:79:83:37:c2:28:70:79:c7:d8:de:02:ad:f6:2d:
         cc:16:ef:5b:19:9a:b5:63:11:c3:69:84:68:46:b9:f0:f1:26:
         43:c9:02:39:6f:aa:fd:12:9b:55:b9:9e:06:67:2d:2a:c3:6f:
         31:f6:8e:97:79:ba:f5:df:fb:49:b1:7f:03:21:17:d7:1f:c0:
         c6:f2:2d:ae:0f:c8:68:10:ce:04:8c:eb:54:f2:98:5e:af:15:
         c8:b6:d7:d1:95:f6:29:82:dc:e9:44:1a:5a:74:a5:f1:a3:42:
         21:1d:d2:04:a0:a5:b9:ec:54:12:17:67:44:0b:07:f2:83:c9:
         69:f9:55:ec:a1:4e:a1:37:3e:75:23:f4:91:fd:71:82:d5:c6:
         5d:ec:d2:b2:15:0d:59:6c:d8:88:fc:2f:04:75:d4:a0:2d:a3:
         a2:b7:21:3f:4c:d7:23:a2:8d:72:db:69:8e:30:f2:20:5c:80:
         ea:2e:97:3f:b7:da:db:fe:2d:58:0e:d8:d1:e4:4f:60:0c:09:
         92:24:b2:05:bb:a6:25:27:5a:e0:70:0f:0b:61:31:66:e7:3a:
         27:05:4d:34
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgIGAJ09M0KbMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDQwMTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyYTkyMmQwYzZj
OTliZTNkZGI0ZDI1MDBmZThmYjVkZGYxNjNjOWEwMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAxeVDOxkYy2eIzmAK7fmtAisw2RSfqhcuzWlevrAQDV3y
JtdXdrIkNiNnM1vPQv4F9GY5pKj7Uu+DrkeN5kSOP/5Rj8kRn8xG4ENJwe8eK3ML
AJqNUeptF9/U2keSaMoDowaJ0FIr8vgBw212CkhBMY+N91yxrwND1oiy025ZjaOl
GCwEIWAA/6gMfVnhAxePsn12XRkpviwjKXEB/hN/ai8x7dY6QZFig8fOFG12aOCG
wC3iGCWP8AZoR8m/WsbkOHf4uUqHCR3xjRKw2xExE4gFf168jn0Wvykfeqw+Gzz7
d5Mg4EN/gyUeXu1rfWs/awKBj8CBkgcLrtdfifxl9QIDAQABo4ICyjCCAsYwHQYD
VR0OBBYEFCqSLQxsmb49200lAP6Ptd3xY8mgMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM3LzM4OThhOS01YThmLTQ1ZDUt
YTU3ZS0xYzgxNThmOTRhODkvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvMzg5OGE5LTVhOGYtNDVkNS1h
NTdlLTFjODE1OGY5NGE4OS8xL0twSXRER3ladmozYlRTVUFfby0xM2ZGanlhQS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAg
BAIAATAaAwQCLVS8MAwDBAFZ/LIDBAJZ/LgDBAK5atAwFAQCAAIwDgMFAyoGQcAD
BQMqDw6AMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCnXjANBgkqhkiG9w0BAQsF
AAOCAQEAQwP27RxNvfk4woWGIV3XJTITG3RwR7hcjYN8rxdmNAtU65pQ/qxWiXmD
N8IocHnH2N4CrfYtzBbvWxmatWMRw2mEaEa58PEmQ8kCOW+q/RKbVbmeBmctKsNv
MfaOl3m69d/7SbF/AyEX1x/AxvItrg/IaBDOBIzrVPKYXq8VyLbX0ZX2KYLc6UQa
WnSl8aNCIR3SBKCluexUEhdnRAsH8oPJaflV7KFOoTc+dSP0kf1xgtXGXezSshUN
WWzYiPwvBHXUoC2jorchP0zXI6KNcttpjjDyIFyA6i6XP7fa2/4tWA7Y0eRPYAwJ
kiSyBbumJSda4HAPC2ExZuc6JwVNNA==
-----END CERTIFICATE-----