Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PNdIzkO6T6WjA7RMdaeo42KEFYA.cer
File:                     PNdIzkO6T6WjA7RMdaeo42KEFYA.cer (raw, json)
Hash identifier:          mVlGJgoJH82LSbh3SDbd73o2R7whegWEdyh9ul0NkZ8=
Subject key identifier:   3C:D7:48:CE:43:BA:4F:A5:A3:03:B4:4C:75:A7:A8:E3:62:84:15:80
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9EDEADAE45
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e8/a8a734-d52b-4b70-b827-dc4e27d775ac/1/PNdIzkO6T6WjA7RMdaeo42KEFYA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e8/a8a734-d52b-4b70-b827-dc4e27d775ac/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 05:53:15 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 28716
                          IP: 45.89.180.0/22
                          IP: 46.243.32.0/21
                          IP: 77.95.136.0/21
                          IP: 78.159.192.0/21
                          IP: 78.159.216.0/21
                          IP: 80.94.112.0/20
                          IP: 217.19.144.0/20
                          IP: 2001:1bd0::/32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 682340757061 (0x9edeadae45)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:53:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3cd748ce43ba4fa5a303b44c75a7a8e362841580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d5:d4:69:81:0a:79:41:c2:ed:e2:13:c9:33:
                    d6:ee:17:a1:8a:2f:60:98:89:8c:3d:90:2f:8b:4f:
                    2b:5b:45:aa:52:20:cc:5f:fa:41:3a:c2:ad:32:8c:
                    99:50:62:f6:70:c2:13:a3:db:64:36:c6:1f:b4:b9:
                    41:7a:8b:93:e0:05:7d:a3:da:f8:c1:0b:66:d2:79:
                    5c:d8:d1:04:eb:86:5e:13:51:74:4e:53:29:9a:ad:
                    a7:be:80:1a:44:95:91:e4:cf:20:62:ee:36:ec:97:
                    cc:ef:16:4f:b5:06:07:b0:a2:fb:3c:40:bc:ff:a8:
                    42:bd:33:d9:96:09:78:a4:30:3b:07:f4:fd:53:2a:
                    46:68:60:1f:32:a9:1a:d5:a3:ab:55:a9:2e:ed:77:
                    bf:ab:4f:a6:28:25:9e:9d:ed:1c:fc:db:e5:ad:56:
                    2f:52:b1:76:5c:b5:1a:96:e0:34:6c:e6:67:3d:cc:
                    0a:f6:d7:e5:6b:7d:6c:71:b9:7b:ab:57:a1:3a:fe:
                    50:93:40:ea:76:02:06:79:0f:32:2c:2c:b7:fa:af:
                    8e:41:50:ca:ae:85:5c:6b:93:66:1c:28:37:f0:e5:
                    c7:64:f1:e2:16:57:0e:78:e8:de:5c:4d:ea:6e:1e:
                    97:96:52:2e:4c:e0:fc:22:bc:a1:a7:47:4e:1f:3c:
                    56:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:D7:48:CE:43:BA:4F:A5:A3:03:B4:4C:75:A7:A8:E3:62:84:15:80
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/a8a734-d52b-4b70-b827-dc4e27d775ac/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/a8a734-d52b-4b70-b827-dc4e27d775ac/1/PNdIzkO6T6WjA7RMdaeo42KEFYA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.180.0/22
                  46.243.32.0/21
                  77.95.136.0/21
                  78.159.192.0/21
                  78.159.216.0/21
                  80.94.112.0/20
                  217.19.144.0/20
                IPv6:
                  2001:1bd0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  28716

    Signature Algorithm: sha256WithRSAEncryption
         5f:32:fb:ab:6b:40:0a:2a:1b:9f:90:1a:c1:cf:2d:de:23:54:
         d7:4c:68:b1:d4:ad:e6:11:00:fb:4a:ad:4f:56:92:f3:f3:3a:
         86:47:3e:35:ef:ae:3b:24:5b:8f:c7:2d:05:53:38:47:e8:23:
         88:af:e7:5e:f2:e2:3d:1c:8b:e1:20:54:73:e2:4f:8a:40:dd:
         ce:dc:0f:e6:ed:62:f8:0d:65:5e:bb:6d:b1:a2:86:06:19:2a:
         10:9b:0b:eb:ec:cc:3a:39:dd:19:67:2e:26:a2:df:91:e6:89:
         51:ee:6b:c6:9b:de:94:d9:c3:bf:5c:c3:17:e1:32:6d:7e:cc:
         67:e1:a0:c8:7b:c1:48:05:2a:b7:2e:7e:87:ba:b8:e1:f8:a7:
         54:07:4d:ab:5b:7b:29:72:95:18:68:d4:7a:64:ac:72:c4:29:
         78:9d:e5:83:8a:a1:8d:d7:75:07:ad:5c:26:08:45:d5:14:97:
         e9:90:8f:fa:c2:54:cb:d4:a7:07:ea:eb:2f:df:f3:70:bb:af:
         2a:d0:a5:43:80:ba:92:92:11:02:c9:9d:dc:6a:f1:ba:42:ba:
         43:e0:d3:3a:df:13:1f:5f:32:39:3f:b8:b7:ae:71:f9:7b:39:
         d9:fd:b3:16:16:5f:bf:5c:fa:40:68:88:e1:34:73:eb:4b:1a:
         3e:ba:1a:98
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIGAJ7era5FMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDU1MzE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygzY2Q3NDhjZTQz
YmE0ZmE1YTMwM2I0NGM3NWE3YThlMzYyODQxNTgwMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEArNXUaYEKeUHC7eITyTPW7hehii9gmImMPZAvi08rW0Wq
UiDMX/pBOsKtMoyZUGL2cMITo9tkNsYftLlBeouT4AV9o9r4wQtm0nlc2NEE64Ze
E1F0TlMpmq2nvoAaRJWR5M8gYu427JfM7xZPtQYHsKL7PEC8/6hCvTPZlgl4pDA7
B/T9UypGaGAfMqka1aOrVaku7Xe/q0+mKCWene0c/NvlrVYvUrF2XLUaluA0bOZn
PcwK9tfla31scbl7q1ehOv5Qk0DqdgIGeQ8yLCy3+q+OQVDKroVca5NmHCg38OXH
ZPHiFlcOeOjeXE3qbh6XllIuTOD8Iryhp0dOHzxWtQIDAQABo4IC0jCCAs4wHQYD
VR0OBBYEFDzXSM5Duk+lowO0THWnqONihBWAMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U4L2E4YTczNC1kNTJiLTRiNzAt
YjgyNy1kYzRlMjdkNzc1YWMvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTgvYThhNzM0LWQ1MmItNGI3MC1i
ODI3LWRjNGUyN2Q3NzVhYy8xL1BOZEl6a082VDZXakE3Uk1kYWVvNDJLRUZZQS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAw
BAIAATAqAwQCLVm0AwQDLvMgAwQDTV+IAwQDTp/AAwQDTp/YAwQEUF5wAwQE2ROQ
MA0EAgACMAcDBQAgARvQMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQCAnAsMA0GCSqG
SIb3DQEBCwUAA4IBAQBfMvura0AKKhufkBrBzy3eI1TXTGix1K3mEQD7Sq1PVpLz
8zqGRz417647JFuPxy0FUzhH6COIr+de8uI9HIvhIFRz4k+KQN3O3A/m7WL4DWVe
u22xooYGGSoQmwvr7Mw6Od0ZZy4mot+R5olR7mvGm96U2cO/XMMX4TJtfsxn4aDI
e8FIBSq3Ln6Hurjh+KdUB02rW3spcpUYaNR6ZKxyxCl4neWDiqGN13UHrVwmCEXV
FJfpkI/6wlTL1KcH6usv3/Nwu68q0KVDgLqSkhECyZ3cavG6QrpD4NM63xMfXzI5
P7i3rnH5eznZ/bMWFl+/XPpAaIjhNHPrSxo+uhqY
-----END CERTIFICATE-----