Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OXl_7O0raH75RrV1Od0P5U09G6I.cer
File:                     OXl_7O0raH75RrV1Od0P5U09G6I.cer (raw, json)
Hash identifier:          mtyRyS9+33b753KP+2wHnasLC3lyeBqxGG6+GeeI2hU=
Subject key identifier:   39:79:7F:EC:ED:2B:68:7E:F9:46:B5:75:39:DD:0F:E5:4D:3D:1B:A2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A972FA1545
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d1/5527da-18d9-47d0-9e14-ffb4b3b76b0e/1/OXl_7O0raH75RrV1Od0P5U09G6I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d1/5527da-18d9-47d0-9e14-ffb4b3b76b0e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 14:57:29 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 41959
                          IP: 91.206.96.0/23
                          IP: 193.242.146.0/23
                          IP: 194.126.229.0/24
                          IP: 194.140.250.0/24
                          IP: 195.80.229.0/24
                          IP: 195.93.142.0/23
                          IP: 195.226.207.0/24
                          IP: 195.245.204.0/24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 727778465093 (0xa972fa1545)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:57:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=39797feced2b687ef946b57539dd0fe54d3d1ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:cf:1c:31:67:7b:60:13:9e:a1:5c:44:74:f5:
                    2e:32:31:ff:a2:51:5c:73:9d:c7:be:c0:2a:d1:fa:
                    14:6a:3d:2e:8a:e2:ff:62:3f:02:5e:62:ab:5e:9a:
                    9e:18:72:a6:ca:27:1d:3c:d4:80:45:24:21:d5:35:
                    74:95:11:bc:bd:d0:24:d2:61:b0:0b:25:da:fe:c2:
                    21:0c:0b:45:ad:d0:0b:25:45:86:9d:fd:be:9c:d4:
                    e0:0f:97:1d:77:f9:71:f1:77:67:7a:33:cf:3d:73:
                    07:bc:86:8c:a2:7c:a7:c9:46:9c:2e:fb:74:23:74:
                    41:3a:c6:9c:15:b1:6d:fb:38:2d:9b:92:41:43:4c:
                    18:b6:0a:8f:27:48:6d:e2:0a:2b:a8:c1:30:c0:b3:
                    42:4b:c4:ee:a9:80:14:b0:b5:50:0d:dc:55:eb:c8:
                    79:61:83:eb:8a:f4:8e:aa:fc:c7:59:a0:1e:f9:0f:
                    41:32:ef:92:6d:44:cc:35:f9:d7:87:8a:cd:b0:3c:
                    4d:cb:68:74:eb:e7:b9:8a:38:f8:92:f5:df:39:74:
                    c6:d8:a7:cb:38:f5:13:5c:02:be:f8:a6:f2:74:5d:
                    30:b5:ab:ba:22:b3:cc:73:e3:47:dd:d3:36:43:fd:
                    df:fb:64:7b:d9:b0:3e:ac:d8:3d:8a:53:45:ce:7b:
                    26:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:79:7F:EC:ED:2B:68:7E:F9:46:B5:75:39:DD:0F:E5:4D:3D:1B:A2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5527da-18d9-47d0-9e14-ffb4b3b76b0e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5527da-18d9-47d0-9e14-ffb4b3b76b0e/1/OXl_7O0raH75RrV1Od0P5U09G6I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.96.0/23
                  193.242.146.0/23
                  194.126.229.0/24
                  194.140.250.0/24
                  195.80.229.0/24
                  195.93.142.0/23
                  195.226.207.0/24
                  195.245.204.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41959

    Signature Algorithm: sha256WithRSAEncryption
         54:ad:88:ff:d7:cc:95:99:e0:34:a5:1a:ab:be:f4:cc:30:f5:
         6b:b9:0f:b3:c3:72:ff:ac:ef:98:87:44:50:71:5a:00:59:0c:
         03:3d:9b:4e:8f:b5:17:80:3c:06:f6:3e:aa:2d:c4:77:31:d5:
         76:bd:aa:94:a4:91:e9:ab:4c:25:a8:bf:b5:d0:c4:d9:f4:75:
         05:9c:57:7b:e2:09:e2:e4:ce:57:1b:49:48:63:85:a1:37:ae:
         73:b6:0b:46:6d:f6:17:48:2a:04:42:56:bc:7d:cf:f8:f5:1e:
         1e:b5:6e:3f:01:b5:88:c0:53:21:a7:cb:16:bf:b3:10:45:df:
         1d:ab:12:df:e3:f1:22:64:91:c8:6c:a3:da:fc:9f:29:0a:36:
         1f:1f:1c:2d:9a:51:6a:46:59:36:94:f4:3a:fc:3d:3a:fe:42:
         ed:a9:a6:23:be:c9:3c:ef:87:17:39:7d:2c:dd:bf:69:19:06:
         26:db:72:03:47:f1:f0:8d:3e:fc:ac:dc:d7:3d:25:92:53:eb:
         9e:b4:48:62:b3:b4:da:d7:c8:ad:7e:90:b7:4a:49:52:4e:c5:
         18:6b:33:f2:a5:e9:ac:cb:12:67:3a:ad:da:84:1b:4a:38:cb:
         45:f8:6b:4d:63:5c:eb:ef:8f:ca:ec:a9:a5:ba:ba:6d:ce:89:
         10:a3:20:f2
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgIGAKly+hVFMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTQ1NzI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygzOTc5N2ZlY2Vk
MmI2ODdlZjk0NmI1NzUzOWRkMGZlNTRkM2QxYmEyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAqs8cMWd7YBOeoVxEdPUuMjH/olFcc53HvsAq0foUaj0u
iuL/Yj8CXmKrXpqeGHKmyicdPNSARSQh1TV0lRG8vdAk0mGwCyXa/sIhDAtFrdAL
JUWGnf2+nNTgD5cdd/lx8XdnejPPPXMHvIaMonynyUacLvt0I3RBOsacFbFt+zgt
m5JBQ0wYtgqPJ0ht4gorqMEwwLNCS8TuqYAUsLVQDdxV68h5YYPrivSOqvzHWaAe
+Q9BMu+SbUTMNfnXh4rNsDxNy2h06+e5ijj4kvXfOXTG2KfLOPUTXAK++KbydF0w
tau6IrPMc+NH3dM2Q/3f+2R72bA+rNg9ilNFznsmJQIDAQABo4ICyjCCAsYwHQYD
VR0OBBYEFDl5f+ztK2h++Ua1dTndD+VNPRuiMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QxLzU1MjdkYS0xOGQ5LTQ3ZDAt
OWUxNC1mZmI0YjNiNzZiMGUvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEvNTUyN2RhLTE4ZDktNDdkMC05
ZTE0LWZmYjRiM2I3NmIwZS8xL09YbF83TzByYUg3NVJyVjFPZDBQNVUwOUc2SS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2
BAIAATAwAwQBW85gAwQBwfKSAwQAwn7lAwQAwoz6AwQAw1DlAwQBw12OAwQAw+LP
AwQAw/XMMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCj5zANBgkqhkiG9w0BAQsF
AAOCAQEAVK2I/9fMlZngNKUaq770zDD1a7kPs8Ny/6zvmIdEUHFaAFkMAz2bTo+1
F4A8BvY+qi3EdzHVdr2qlKSR6atMJai/tdDE2fR1BZxXe+IJ4uTOVxtJSGOFoTeu
c7YLRm32F0gqBEJWvH3P+PUeHrVuPwG1iMBTIafLFr+zEEXfHasS3+PxImSRyGyj
2vyfKQo2Hx8cLZpRakZZNpT0Ovw9Ov5C7ammI77JPO+HFzl9LN2/aRkGJttyA0fx
8I0+/Kzc1z0lklPrnrRIYrO02tfIrX6Qt0pJUk7FGGsz8qXprMsSZzqt2oQbSjjL
RfhrTWNc6++Pyuyppbq6bc6JEKMg8g==
-----END CERTIFICATE-----