Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MCX--cpkBFgtGnTaf4u-krACgqo.cer
File:                     MCX--cpkBFgtGnTaf4u-krACgqo.cer (raw, json)
Hash identifier:          viUFj5+0mEvX0kkHi91zsgQBiG+NDbPwmLRoAywVoaQ=
Subject key identifier:   30:25:FE:F9:CA:64:04:58:2D:1A:74:DA:7F:8B:BE:92:B0:02:82:AA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856B6353655F60133C8CD4C055469A7FD8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b4/fbad19-c87c-4f30-b0b6-e57163d41359/1/MCX--cpkBFgtGnTaf4u-krACgqo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b4/fbad19-c87c-4f30-b0b6-e57163d41359/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 03:32:29 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 209202
                          IP: 2.57.128.0/22
                          IP: 2a09:d940::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:63:53:65:5f:60:13:3c:8c:d4:c0:55:46:9a:7f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:32:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3025fef9ca6404582d1a74da7f8bbe92b00282aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:12:f4:d0:6e:d0:c7:8b:a8:1f:5e:ec:75:d7:
                    e4:7d:d1:3a:38:28:93:bb:33:ea:9e:6d:1d:88:8c:
                    f7:86:32:ac:2f:08:ba:3e:6c:a7:75:d2:41:2b:17:
                    d1:06:ad:89:ae:21:84:8f:4a:30:df:53:12:58:40:
                    65:05:52:08:8b:ed:aa:7a:08:d7:39:a3:42:7a:0b:
                    6e:83:15:69:b3:9e:50:f2:96:83:65:d9:79:57:40:
                    5a:7b:9e:ea:cc:e6:de:cc:47:8d:8a:ec:2e:87:c1:
                    12:9d:4e:8e:a3:8b:81:a2:59:17:cf:03:52:1f:50:
                    03:2e:55:11:5e:34:2f:04:35:87:37:56:c2:da:6e:
                    6d:ed:8e:cb:c6:9c:0b:80:5c:6f:3b:ec:6a:d8:f8:
                    bb:c5:74:5a:14:52:64:55:00:04:5b:62:37:7b:5e:
                    61:78:c4:9e:bb:56:53:62:d0:d3:58:ec:04:ff:24:
                    ef:b5:ea:bb:0d:a3:ab:cd:36:67:27:9a:a0:ab:4a:
                    87:b7:9e:c1:26:96:e3:f6:54:8d:8a:d1:04:4c:2e:
                    3a:e1:13:8a:2a:33:8e:8f:65:53:32:e0:ec:37:99:
                    a1:7f:30:1b:07:0f:fd:67:d0:ff:ce:67:96:19:39:
                    af:b7:d2:2b:8c:4d:01:08:05:2b:2f:54:4b:22:e0:
                    45:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:25:FE:F9:CA:64:04:58:2D:1A:74:DA:7F:8B:BE:92:B0:02:82:AA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/fbad19-c87c-4f30-b0b6-e57163d41359/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/fbad19-c87c-4f30-b0b6-e57163d41359/1/MCX--cpkBFgtGnTaf4u-krACgqo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.128.0/22
                IPv6:
                  2a09:d940::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209202

    Signature Algorithm: sha256WithRSAEncryption
         34:3c:28:cc:d9:ce:71:ee:1f:6e:25:31:70:96:e2:e3:d1:f9:
         3a:1b:d1:db:30:30:eb:bb:ee:58:4c:9b:79:a9:5a:fa:2b:e0:
         42:f3:73:1d:bb:71:a0:af:40:a5:f2:7d:53:28:de:45:c2:e5:
         39:06:65:7e:d0:75:33:23:03:9c:a5:59:c2:a7:0d:40:09:b3:
         94:da:0b:b2:06:42:f9:c0:b9:93:b4:b2:e5:dd:85:4c:1b:96:
         cb:53:21:45:9f:2c:6f:d5:b4:f8:1e:39:34:cf:45:b3:fa:da:
         4c:f2:ef:95:da:34:db:4b:71:ac:2f:f2:8a:cd:5b:88:f7:97:
         f8:e4:3e:94:e1:5b:2e:da:d0:49:58:70:61:6a:a0:eb:6a:c4:
         cb:41:de:64:27:fe:c9:35:b9:d3:68:24:1d:55:15:c8:28:bb:
         bc:9a:5a:cf:fa:1f:75:0d:3c:72:a3:67:22:dd:37:f0:c4:6d:
         91:2c:75:a1:3b:72:94:18:25:5e:3a:ff:16:00:78:aa:55:df:
         d1:f0:a9:bd:69:68:54:f5:67:ea:ef:77:88:c7:0c:aa:97:0e:
         d4:1c:4f:04:ba:91:46:af:32:88:e2:24:84:65:b6:46:d4:71:
         15:75:52:c6:26:77:10:a1:e2:6c:8b:28:eb:26:f1:7a:44:45:
         71:4e:65:f3
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAYVrY1NlX2ATPIzUwFVGmn/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDMzMjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDI1ZmVmOWNhNjQwNDU4MmQxYTc0ZGE3ZjhiYmU5MmIwMDI4MmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhL00G7Qx4uoH17sddfkfdE6OCiT
uzPqnm0diIz3hjKsLwi6PmynddJBKxfRBq2JriGEj0ow31MSWEBlBVIIi+2qegjX
OaNCegtugxVps55Q8paDZdl5V0Bae57qzObezEeNiuwuh8ESnU6Oo4uBolkXzwNS
H1ADLlURXjQvBDWHN1bC2m5t7Y7LxpwLgFxvO+xq2Pi7xXRaFFJkVQAEW2I3e15h
eMSeu1ZTYtDTWOwE/yTvteq7DaOrzTZnJ5qgq0qHt57BJpbj9lSNitEETC464ROK
KjOOj2VTMuDsN5mhfzAbBw/9Z9D/zmeWGTmvt9IrjE0BCAUrL1RLIuBF8wIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFDAl/vnKZARYLRp02n+LvpKwAoKqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I0L2ZiYWQx
OS1jODdjLTRmMzAtYjBiNi1lNTcxNjNkNDEzNTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjQvZmJhZDE5
LWM4N2MtNGYzMC1iMGI2LWU1NzE2M2Q0MTM1OS8xL01DWC0tY3BrQkZndEduVGFm
NHUta3JBQ2dxby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCAjmAMA0EAgACMAcDBQMqCdlAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMxMjANBgkqhkiG9w0BAQsFAAOCAQEANDwozNnOce4f
biUxcJbi49H5OhvR2zAw67vuWEybeala+ivgQvNzHbtxoK9ApfJ9UyjeRcLlOQZl
ftB1MyMDnKVZwqcNQAmzlNoLsgZC+cC5k7Sy5d2FTBuWy1MhRZ8sb9W0+B45NM9F
s/raTPLvldo020txrC/yis1biPeX+OQ+lOFbLtrQSVhwYWqg62rEy0HeZCf+yTW5
02gkHVUVyCi7vJpaz/ofdQ08cqNnIt038MRtkSx1oTtylBglXjr/FgB4qlXf0fCp
vWloVPVn6u93iMcMqpcO1BxPBLqRRq8yiOIkhGW2RtRxFXVSxiZ3EKHibIso6ybx
ekRFcU5l8w==
-----END CERTIFICATE-----