Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q7AQW8y55gkxIHZzVKi4STy-TNY.cer
File:                     Q7AQW8y55gkxIHZzVKi4STy-TNY.cer (raw, json)
Hash identifier:          FmmN4tCvhy1rOFl5MkAsLdkWpxOvZ88vbuED8kuHXK4=
Subject key identifier:   43:B0:10:5B:CC:B9:E6:09:31:20:76:73:54:A8:B8:49:3C:BE:4C:D6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0188908AD5BF0CE2895588E00F55B452966C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4a/f75c65-885e-417d-8076-bf7d8fca46e1/1/Q7AQW8y55gkxIHZzVKi4STy-TNY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4a/f75c65-885e-417d-8076-bf7d8fca46e1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 06 Jun 2023 11:49:57 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 34688
                          IP: 194.116.252.0/23
                          IP: 194.187.72.0/22
                          IP: 2a01:5e00::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:90:8a:d5:bf:0c:e2:89:55:88:e0:0f:55:b4:52:96:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  6 11:49:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=43b0105bccb9e6093120767354a8b8493cbe4cd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:72:bb:10:cb:98:df:f5:8a:0e:eb:38:6d:8a:
                    f1:0b:23:b7:9d:2c:f7:d9:4d:50:c7:7e:a5:18:3d:
                    05:44:be:36:78:f5:75:a4:1a:7a:0c:f8:32:9f:05:
                    c4:c3:09:1d:f9:e0:61:67:1c:60:1e:99:a4:87:f2:
                    0c:bc:c7:71:8d:6e:98:7a:a0:0c:2c:e3:3b:45:a9:
                    5f:51:41:0f:2e:03:b4:e7:8f:c5:48:ea:0d:75:26:
                    15:2f:3b:d9:c2:c4:15:a5:e5:a7:07:89:05:e6:ba:
                    8f:ae:c6:66:1d:4a:1b:7c:9e:4e:f3:fe:64:83:b5:
                    13:0c:1f:2f:58:10:32:eb:13:82:31:a5:ae:d1:01:
                    ad:f3:44:0e:4b:5e:f3:55:09:2f:e9:03:b6:ee:5e:
                    62:40:c1:df:36:06:33:3e:97:d0:f6:1d:0e:b6:97:
                    69:2e:9b:0b:9c:dc:37:3e:1f:c8:c5:27:e2:2c:82:
                    39:e5:81:48:e4:5b:27:32:9b:e9:f8:9e:46:6a:67:
                    f2:a6:a3:8a:68:a2:eb:eb:c9:1f:80:3f:05:80:0e:
                    45:a9:14:12:f2:fc:63:3a:be:7e:fe:4b:fe:ba:fd:
                    e6:66:6f:61:28:e3:00:05:4a:db:8f:7f:04:87:73:
                    53:d7:90:4e:08:6d:04:1f:2c:e0:3c:1d:4d:79:65:
                    56:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B0:10:5B:CC:B9:E6:09:31:20:76:73:54:A8:B8:49:3C:BE:4C:D6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f75c65-885e-417d-8076-bf7d8fca46e1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f75c65-885e-417d-8076-bf7d8fca46e1/1/Q7AQW8y55gkxIHZzVKi4STy-TNY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.252.0/23
                  194.187.72.0/22
                IPv6:
                  2a01:5e00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34688

    Signature Algorithm: sha256WithRSAEncryption
         56:62:38:c5:c8:16:5a:5a:fb:50:c9:b7:53:eb:57:58:10:92:
         11:33:58:8c:08:9a:5a:5e:93:60:a3:55:35:d2:8c:75:32:82:
         06:cd:0f:6e:ee:ed:45:e0:ba:f3:23:d7:a0:04:2f:07:61:d2:
         6d:47:1b:33:d1:4d:d0:84:64:27:36:51:52:da:24:d4:cb:d7:
         ae:4c:39:5a:b7:fa:4c:c0:c1:9c:ba:bc:ba:e7:fd:66:5b:38:
         8c:f4:e2:78:98:9d:b1:4f:f6:19:d6:e2:39:93:a3:32:4e:10:
         f5:cb:a3:98:27:b9:27:46:5f:e4:87:9a:55:a4:55:91:20:d5:
         b2:19:d5:06:fb:b9:64:6f:3f:31:11:76:97:93:4f:3f:f1:a5:
         39:88:eb:01:e6:81:59:a1:51:d2:17:86:5d:43:d2:e3:58:c7:
         1d:1e:c4:0c:a6:28:1c:ae:d8:0b:35:a3:d4:aa:99:db:a2:d4:
         f0:42:59:fb:79:80:93:75:0f:53:63:a9:bb:d1:06:f1:0b:d4:
         c6:b4:0b:eb:58:04:79:7d:72:7a:0e:38:8f:88:f3:39:f0:ab:
         78:5b:61:81:99:2f:0c:67:f7:74:1c:b8:af:b3:7d:62:40:48:
         d2:69:d8:8a:78:0f:ae:a9:69:81:77:27:9a:ce:1f:de:71:42:
         ac:82:0b:31
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYiQitW/DOKJVYjgD1W0UpZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwNjA2MTE0OTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2IwMTA1YmNjYjllNjA5MzEyMDc2NzM1NGE4Yjg0OTNjYmU0Y2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXK7EMuY3/WKDus4bYrxCyO3nSz3
2U1Qx36lGD0FRL42ePV1pBp6DPgynwXEwwkd+eBhZxxgHpmkh/IMvMdxjW6YeqAM
LOM7RalfUUEPLgO054/FSOoNdSYVLzvZwsQVpeWnB4kF5rqPrsZmHUobfJ5O8/5k
g7UTDB8vWBAy6xOCMaWu0QGt80QOS17zVQkv6QO27l5iQMHfNgYzPpfQ9h0Otpdp
LpsLnNw3Ph/IxSfiLII55YFI5FsnMpvp+J5GamfypqOKaKLr68kfgD8FgA5FqRQS
8vxjOr5+/kv+uv3mZm9hKOMABUrbj38Eh3NT15BOCG0EHyzgPB1NeWVW8wIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFEOwEFvMueYJMSB2c1SouEk8vkzWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRhL2Y3NWM2
NS04ODVlLTQxN2QtODA3Ni1iZjdkOGZjYTQ2ZTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEvZjc1YzY1
LTg4NWUtNDE3ZC04MDc2LWJmN2Q4ZmNhNDZlMS8xL1E3QVFXOHk1NWdreElIWnpW
S2k0U1R5LVROWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQBwnT8AwQCwrtIMA0EAgACMAcDBQMqAV4AMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwCHgDANBgkqhkiG9w0BAQsFAAOCAQEAVmI4
xcgWWlr7UMm3U+tXWBCSETNYjAiaWl6TYKNVNdKMdTKCBs0Pbu7tReC68yPXoAQv
B2HSbUcbM9FN0IRkJzZRUtok1MvXrkw5Wrf6TMDBnLq8uuf9Zls4jPTieJidsU/2
GdbiOZOjMk4Q9cujmCe5J0Zf5IeaVaRVkSDVshnVBvu5ZG8/MRF2l5NPP/GlOYjr
AeaBWaFR0heGXUPS41jHHR7EDKYoHK7YCzWj1KqZ26LU8EJZ+3mAk3UPU2Opu9EG
8QvUxrQL61gEeX1yeg44j4jzOfCreFthgZkvDGf3dBy4r7N9YkBI0mnYingPrqlp
gXcnms4f3nFCrIILMQ==
-----END CERTIFICATE-----