Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NtMz8-kpQUbC4qH3Rv4BFvaF-Mo.cer
File:                     NtMz8-kpQUbC4qH3Rv4BFvaF-Mo.cer (raw, json)
Hash identifier:          FVhd/9ndtdACOY7/UpkVz3GzQ2eEpsgmQeRoVPPvn3o=
Subject key identifier:   36:D3:33:F3:E9:29:41:46:C2:E2:A1:F7:46:FE:01:16:F6:85:F8:CA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0185708AFA59C798E695158CECC5CEB892B7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3f/15c410-b2e8-4b9b-9f70-01e275e94e44/1/NtMz8-kpQUbC4qH3Rv4BFvaF-Mo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3f/15c410-b2e8-4b9b-9f70-01e275e94e44/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 02 Jan 2023 03:33:54 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 8565
                          IP: 2001:4000::/32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:8a:fa:59:c7:98:e6:95:15:8c:ec:c5:ce:b8:92:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:33:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=36d333f3e9294146c2e2a1f746fe0116f685f8ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8c:19:e4:6d:f7:71:5e:64:0b:5e:47:2b:d1:
                    d8:a9:17:15:d1:a5:57:03:f3:21:d2:8b:47:c9:21:
                    f2:80:43:d3:d6:1f:8d:60:91:0c:36:07:d4:77:2c:
                    3c:fa:78:04:0c:ce:4a:e5:85:55:8d:ee:85:2d:e7:
                    a7:3b:b9:d7:98:72:a0:be:f3:0d:3f:f3:94:8d:20:
                    ad:5c:47:f3:59:66:b3:31:a6:70:4f:79:04:99:0a:
                    9c:0e:79:fe:16:50:31:51:e8:d4:7d:72:6c:6b:ca:
                    59:c8:c2:36:a8:5f:34:21:fc:75:05:ab:83:34:ee:
                    02:62:e0:ab:81:f9:b7:ca:c0:59:3c:7f:7f:6d:be:
                    be:ac:56:7c:92:e9:22:24:f1:36:6c:5a:6d:63:e0:
                    0a:74:d0:6f:bc:24:53:99:e1:5a:f7:bb:53:a5:11:
                    56:f2:b2:6d:09:e2:48:b0:1c:4d:95:f9:7e:f8:bb:
                    66:c9:94:a1:68:67:fd:6b:c1:c0:24:25:d0:3a:df:
                    a6:2e:12:a3:a0:ac:e3:e1:03:e5:5f:76:01:12:1b:
                    8f:9a:3d:16:47:a9:f2:78:59:67:89:f9:33:ec:8a:
                    4a:e4:c7:59:7e:09:18:5d:f6:db:8f:e1:72:ea:aa:
                    fc:62:6d:0c:7a:4b:7d:26:ba:8b:a7:8e:02:aa:ca:
                    c3:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:D3:33:F3:E9:29:41:46:C2:E2:A1:F7:46:FE:01:16:F6:85:F8:CA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/15c410-b2e8-4b9b-9f70-01e275e94e44/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/15c410-b2e8-4b9b-9f70-01e275e94e44/1/NtMz8-kpQUbC4qH3Rv4BFvaF-Mo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4000::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8565

    Signature Algorithm: sha256WithRSAEncryption
         62:2c:19:a7:17:89:d1:23:56:93:c8:8c:ac:53:6f:98:e5:f3:
         3c:c7:9d:0d:00:cd:3d:32:e7:95:89:65:51:5a:f7:4d:74:c6:
         9a:39:35:b6:55:04:4e:fc:c5:64:26:e4:3a:1b:00:26:da:f8:
         cc:7d:10:9f:f1:2b:1c:db:b4:b8:d3:d2:bd:b8:88:0a:44:bc:
         a9:22:c2:3a:88:c9:68:c4:d4:37:df:56:11:b0:2e:62:5b:f6:
         9e:b9:d7:68:90:ab:f0:20:22:0b:f1:ab:f6:2d:fc:e0:bb:f5:
         f3:8d:93:3f:ef:05:5c:0a:15:ec:bc:8a:40:85:d1:fc:f8:82:
         a6:db:34:80:7f:47:56:bc:bf:49:22:65:62:67:cb:75:ae:09:
         85:04:ce:11:3c:09:07:b5:b8:ee:f2:d1:ee:aa:b0:80:72:cb:
         bf:9b:73:74:c4:c4:1c:cc:d1:34:18:a9:26:8b:ac:70:f7:97:
         74:5c:e5:9c:53:82:8b:6d:13:f6:70:6d:24:fc:45:0a:43:82:
         c0:1c:fa:b4:74:65:cb:6c:ee:df:7d:30:d3:22:ec:95:3d:3e:
         92:35:01:00:93:27:17:8a:67:f3:a8:0b:0e:9f:14:b3:18:a8:
         09:1a:80:dc:44:68:4a:96:35:24:07:4b:4c:35:bb:34:16:a3:
         7f:da:a4:34
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYVwivpZx5jmlRWM7MXOuJK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAyMDMzMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmQzMzNmM2U5Mjk0MTQ2YzJlMmExZjc0NmZlMDExNmY2ODVmOGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmowZ5G33cV5kC15HK9HYqRcV0aVX
A/Mh0otHySHygEPT1h+NYJEMNgfUdyw8+ngEDM5K5YVVje6FLeenO7nXmHKgvvMN
P/OUjSCtXEfzWWazMaZwT3kEmQqcDnn+FlAxUejUfXJsa8pZyMI2qF80Ifx1BauD
NO4CYuCrgfm3ysBZPH9/bb6+rFZ8kukiJPE2bFptY+AKdNBvvCRTmeFa97tTpRFW
8rJtCeJIsBxNlfl++LtmyZShaGf9a8HAJCXQOt+mLhKjoKzj4QPlX3YBEhuPmj0W
R6nyeFlnifkz7IpK5MdZfgkYXfbbj+Fy6qr8Ym0Mekt9JrqLp44CqsrD1wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFDbTM/PpKUFGwuKh90b+ARb2hfjKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNmLzE1YzQx
MC1iMmU4LTRiOWItOWY3MC0wMWUyNzVlOTRlNDQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2YvMTVjNDEw
LWIyZTgtNGI5Yi05ZjcwLTAxZTI3NWU5NGU0NC8xL050TXo4LWtwUVViQzRxSDNS
djRCRnZhRi1Nby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUAIAFAADAZBggrBgEFBQcBCAEB/wQKMAigBjAE
AgIhdTANBgkqhkiG9w0BAQsFAAOCAQEAYiwZpxeJ0SNWk8iMrFNvmOXzPMedDQDN
PTLnlYllUVr3TXTGmjk1tlUETvzFZCbkOhsAJtr4zH0Qn/ErHNu0uNPSvbiICkS8
qSLCOojJaMTUN99WEbAuYlv2nrnXaJCr8CAiC/Gr9i384Lv1842TP+8FXAoV7LyK
QIXR/PiCpts0gH9HVry/SSJlYmfLda4JhQTOETwJB7W47vLR7qqwgHLLv5tzdMTE
HMzRNBipJouscPeXdFzlnFOCi20T9nBtJPxFCkOCwBz6tHRly2zu330w0yLslT0+
kjUBAJMnF4pn86gLDp8UsxioCRqA3ERoSpY1JAdLTDW7NBajf9qkNA==
-----END CERTIFICATE-----