Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NaXtNraVI9DspNTF21Jkqs5iKYQ.cer
File:                     NaXtNraVI9DspNTF21Jkqs5iKYQ.cer (raw, json)
Hash identifier:          XbJcyrFzmbrd+kT50R89gW+8RLGZrUOn/Z2pe6QBrHI=
Subject key identifier:   35:A5:ED:36:B6:95:23:D0:EC:A4:D4:C5:DB:52:64:AA:CE:62:29:84
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0182F5F48A1C9D0C2858C79B325FE936DCD8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3d/802dbe-850f-4cdf-a216-9d87dbfb84fd/1/NaXtNraVI9DspNTF21Jkqs5iKYQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3d/802dbe-850f-4cdf-a216-9d87dbfb84fd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 31 Aug 2022 22:10:20 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 8838
                          IP: 194.50.108.0/24
                          IP: 212.42.0.0/19
                          IP: 2a03:8840::/32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f5:f4:8a:1c:9d:0c:28:58:c7:9b:32:5f:e9:36:dc:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 31 22:10:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=35a5ed36b69523d0eca4d4c5db5264aace622984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:83:89:19:6b:cc:82:e3:e6:39:6f:ad:0f:5e:
                    b0:f1:66:5f:28:03:cf:41:43:f3:48:b0:10:d7:19:
                    7a:8c:10:83:c0:ce:fc:c9:50:35:a1:49:1a:03:c3:
                    73:c7:7f:61:83:25:eb:a4:b5:11:39:96:db:eb:4b:
                    e0:29:98:65:98:5f:d1:b0:db:86:a1:67:b0:e9:d7:
                    c6:28:ba:51:de:04:83:de:65:3a:be:06:c7:41:e2:
                    fa:ea:ae:94:f1:ab:ff:8c:a3:0a:7c:a9:bb:4d:e3:
                    9c:83:30:7e:b1:d0:02:9d:82:4d:0b:12:6c:2b:fe:
                    43:42:29:f3:ce:89:75:45:c2:35:75:a5:17:3e:ce:
                    3a:cf:fc:fa:68:c9:90:6b:cd:b6:6d:00:08:42:20:
                    e3:7e:8e:e5:ec:13:9e:b4:b5:ee:52:8e:d3:72:73:
                    58:ab:cf:d1:e7:66:ba:3b:3e:10:f8:a8:87:75:38:
                    11:a7:4b:a9:9f:1b:5e:c6:0d:37:3c:b6:50:b6:9f:
                    49:6e:ea:7b:ee:ff:c2:6c:47:3d:6f:1a:17:ce:f5:
                    75:42:b6:79:c7:be:2a:97:5a:24:0f:02:a4:59:ee:
                    cd:ae:b2:53:69:d6:8a:aa:2e:29:2e:fc:a1:da:50:
                    23:19:7b:b1:a5:9d:a7:f5:23:b3:01:6b:da:8b:bf:
                    d9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A5:ED:36:B6:95:23:D0:EC:A4:D4:C5:DB:52:64:AA:CE:62:29:84
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/802dbe-850f-4cdf-a216-9d87dbfb84fd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/802dbe-850f-4cdf-a216-9d87dbfb84fd/1/NaXtNraVI9DspNTF21Jkqs5iKYQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.108.0/24
                  212.42.0.0/19
                IPv6:
                  2a03:8840::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8838

    Signature Algorithm: sha256WithRSAEncryption
         51:53:d5:9e:a1:3d:a7:88:af:33:ba:92:87:96:d7:11:ff:7e:
         07:d5:6b:4e:63:19:a5:1f:91:7c:60:65:aa:74:08:ba:f5:d1:
         e2:e4:5f:02:64:21:4f:78:b8:a1:5f:6b:75:aa:5e:4c:35:69:
         92:27:26:a8:5b:a8:8e:88:92:6d:b0:cd:ef:3f:e1:d2:3a:9d:
         02:67:1a:d0:76:4b:86:43:db:0a:32:a7:7d:f8:71:36:31:a3:
         91:7b:97:a5:71:a0:50:67:f1:1b:41:eb:da:5d:61:0d:cc:0d:
         eb:8d:d4:95:fc:02:d3:2e:a6:ab:0d:5b:c2:af:db:51:65:ec:
         96:37:20:c3:c8:65:57:a1:65:e4:23:8d:49:b5:0f:7f:d0:b0:
         2d:7b:cf:8f:ea:1e:bb:e7:82:e2:f5:27:6c:56:42:8d:d7:57:
         6f:01:dd:1d:17:b4:07:81:cc:a5:8c:2e:85:88:58:08:8e:c4:
         6d:ff:7a:72:e5:7a:ea:de:64:ae:8a:a4:aa:4e:3d:e1:f8:55:
         e6:76:ce:78:63:0d:90:3e:b5:15:db:ed:6a:8e:16:03:f3:dd:
         5d:fa:d0:c5:65:88:d1:50:8d:5c:bc:85:0e:4f:d2:ef:7c:75:
         5f:d1:0c:b8:20:1e:6b:e7:db:84:09:ca:9a:ab:25:a2:75:b2:
         b7:b4:0f:eb
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAYL19IocnQwoWMebMl/pNtzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjIwODMxMjIxMDIwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWE1ZWQzNmI2OTUyM2QwZWNhNGQ0YzVkYjUyNjRhYWNlNjIyOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4OJGWvMguPmOW+tD16w8WZfKAPP
QUPzSLAQ1xl6jBCDwM78yVA1oUkaA8Nzx39hgyXrpLUROZbb60vgKZhlmF/RsNuG
oWew6dfGKLpR3gSD3mU6vgbHQeL66q6U8av/jKMKfKm7TeOcgzB+sdACnYJNCxJs
K/5DQinzzol1RcI1daUXPs46z/z6aMmQa822bQAIQiDjfo7l7BOetLXuUo7TcnNY
q8/R52a6Oz4Q+KiHdTgRp0upnxtexg03PLZQtp9Jbup77v/CbEc9bxoXzvV1QrZ5
x74ql1okDwKkWe7NrrJTadaKqi4pLvyh2lAjGXuxpZ2n9SOzAWvai7/ZpwIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFDWl7Ta2lSPQ7KTUxdtSZKrOYimEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNkLzgwMmRi
ZS04NTBmLTRjZGYtYTIxNi05ZDg3ZGJmYjg0ZmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2QvODAyZGJl
LTg1MGYtNGNkZi1hMjE2LTlkODdkYmZiODRmZC8xL05hWHROcmFWSTlEc3BOVEYy
MUprcXM1aUtZUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQAwjJsAwQF1CoAMA0EAgACMAcDBQAqA4hAMBkG
CCsGAQUFBwEIAQH/BAowCKAGMAQCAiKGMA0GCSqGSIb3DQEBCwUAA4IBAQBRU9We
oT2niK8zupKHltcR/34H1WtOYxmlH5F8YGWqdAi69dHi5F8CZCFPeLihX2t1ql5M
NWmSJyaoW6iOiJJtsM3vP+HSOp0CZxrQdkuGQ9sKMqd9+HE2MaORe5elcaBQZ/Eb
QevaXWENzA3rjdSV/ALTLqarDVvCr9tRZeyWNyDDyGVXoWXkI41JtQ9/0LAte8+P
6h6754Li9SdsVkKN11dvAd0dF7QHgcyljC6FiFgIjsRt/3py5Xrq3mSuiqSqTj3h
+FXmds54Yw2QPrUV2+1qjhYD891d+tDFZYjRUI1cvIUOT9LvfHVf0Qy4IB5r59uE
CcqaqyWidbK3tA/r
-----END CERTIFICATE-----