Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/R_hDzOCcKV0thtk1QRabwaD1ork.cer
File:                     R_hDzOCcKV0thtk1QRabwaD1ork.cer (raw, json)
Hash identifier:          ZS/C49vBFF+iIHsNZ7BPeYFhFkTlGPub8rn3UNo7Wac=
Subject key identifier:   47:F8:43:CC:E0:9C:29:5D:2D:86:D9:35:41:16:9B:C1:A0:F5:A2:B9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856D89A131972AA2C81E9A13EE3E5E7EBF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0d/36f7ab-566b-49a5-a137-8f153d37a9a3/1/R_hDzOCcKV0thtk1QRabwaD1ork.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0d/36f7ab-566b-49a5-a137-8f153d37a9a3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 13:33:34 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 207641
                          IP: 2a0f:ff40::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:89:a1:31:97:2a:a2:c8:1e:9a:13:ee:3e:5e:7e:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:33:34 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=47f843cce09c295d2d86d93541169bc1a0f5a2b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ae:be:9a:c6:83:1a:af:0d:61:56:f4:50:0e:
                    e9:3b:f2:7e:39:87:17:60:6e:7a:8c:00:30:14:8c:
                    1e:bb:42:cf:1e:86:6d:a6:4d:3c:dd:aa:87:70:59:
                    47:bf:6e:e3:c5:53:0c:0f:73:ac:77:9d:59:d6:4a:
                    68:22:c4:f6:a9:4f:b9:c4:1b:98:7d:b2:57:8b:33:
                    b1:c7:a8:5c:bb:81:c6:dc:1d:35:7e:f3:11:04:51:
                    9a:61:af:80:8c:17:f1:59:02:fb:45:f5:85:83:d4:
                    a9:54:6f:c3:ef:a6:91:a6:59:09:e5:75:fd:d1:9a:
                    16:c8:56:68:38:75:64:55:3c:0b:bd:58:ee:60:12:
                    34:5f:a4:22:34:07:d2:b2:60:be:f0:89:dc:0d:e7:
                    9c:43:f5:22:3f:b3:f3:e1:15:61:5b:f7:90:5e:79:
                    f6:83:c6:3f:7c:97:04:4a:f3:a7:60:3e:37:85:42:
                    60:c2:57:8e:ba:b4:88:0f:8d:66:c2:c6:14:94:62:
                    b4:00:6a:71:79:97:87:44:27:f8:95:f9:0f:b4:b6:
                    fe:3a:d1:f7:56:55:1d:5c:23:6e:01:ed:03:03:77:
                    d1:0e:24:53:69:ef:b2:b4:17:64:c7:32:d7:b4:96:
                    36:6c:ac:66:4c:9a:a7:d3:aa:71:5c:d8:12:6c:fe:
                    af:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:F8:43:CC:E0:9C:29:5D:2D:86:D9:35:41:16:9B:C1:A0:F5:A2:B9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/36f7ab-566b-49a5-a137-8f153d37a9a3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/36f7ab-566b-49a5-a137-8f153d37a9a3/1/R_hDzOCcKV0thtk1QRabwaD1ork.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ff40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207641

    Signature Algorithm: sha256WithRSAEncryption
         79:b2:09:4c:83:60:3c:dd:e2:a9:14:0c:97:62:b6:19:9a:0b:
         0a:70:20:8d:02:9d:4d:9d:ea:b3:1c:ff:68:64:1d:9c:7c:01:
         58:33:e1:29:2f:55:52:5c:86:ce:37:7f:4f:fc:f8:7f:03:7d:
         87:b6:76:bf:a6:5a:f4:d2:6a:84:75:c5:45:dd:9e:5e:26:e2:
         c0:5b:e8:51:a4:99:31:4c:d0:67:19:f8:4f:28:42:59:ad:7f:
         fd:6b:78:5a:0d:3e:59:02:17:13:2d:1b:a5:3e:23:4c:bc:2b:
         25:f1:64:91:95:d2:cd:26:0c:5f:93:42:c6:79:cf:23:8e:8e:
         ea:1f:96:d8:23:0f:2b:87:f9:72:e4:1c:f9:0d:7e:ed:02:6a:
         17:83:f0:08:f0:16:f3:d2:b5:f8:a5:d9:b0:c6:90:d2:0b:fe:
         3e:96:a3:cd:1c:13:70:81:34:ee:e3:42:cb:76:5b:25:4b:a2:
         54:19:5c:1e:e6:06:d0:cb:85:e6:a3:91:ab:8a:32:82:94:7b:
         cd:e8:ee:27:b1:2e:14:70:66:8e:cd:ed:1b:40:59:3d:95:7d:
         1f:6e:17:0f:65:7f:0a:39:72:d9:9b:66:a4:82:26:79:7b:3d:
         2c:4d:17:5c:18:2e:24:1a:bf:8f:e5:43:8c:ed:87:11:fc:76:
         d6:b0:bc:0d
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYVtiaExlyqiyB6aE+4+Xn6/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMTMzMzM0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2Y4NDNjY2UwOWMyOTVkMmQ4NmQ5MzU0MTE2OWJjMWEwZjVhMmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyK6+msaDGq8NYVb0UA7pO/J+OYcX
YG56jAAwFIweu0LPHoZtpk083aqHcFlHv27jxVMMD3Osd51Z1kpoIsT2qU+5xBuY
fbJXizOxx6hcu4HG3B01fvMRBFGaYa+AjBfxWQL7RfWFg9SpVG/D76aRplkJ5XX9
0ZoWyFZoOHVkVTwLvVjuYBI0X6QiNAfSsmC+8IncDeecQ/UiP7Pz4RVhW/eQXnn2
g8Y/fJcESvOnYD43hUJgwleOurSID41mwsYUlGK0AGpxeZeHRCf4lfkPtLb+OtH3
VlUdXCNuAe0DA3fRDiRTae+ytBdkxzLXtJY2bKxmTJqn06pxXNgSbP6v1wIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFEf4Q8zgnCldLYbZNUEWm8Gg9aK5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBkLzM2Zjdh
Yi01NjZiLTQ5YTUtYTEzNy04ZjE1M2QzN2E5YTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGQvMzZmN2Fi
LTU2NmItNDlhNS1hMTM3LThmMTUzZDM3YTlhMy8xL1JfaER6T0NjS1YwdGh0azFR
UmFid2FEMW9yay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKg//QDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDKxkwDQYJKoZIhvcNAQELBQADggEBAHmyCUyDYDzd4qkUDJdithmaCwpwII0C
nU2d6rMc/2hkHZx8AVgz4SkvVVJchs43f0/8+H8DfYe2dr+mWvTSaoR1xUXdnl4m
4sBb6FGkmTFM0GcZ+E8oQlmtf/1reFoNPlkCFxMtG6U+I0y8KyXxZJGV0s0mDF+T
QsZ5zyOOjuofltgjDyuH+XLkHPkNfu0CaheD8AjwFvPStfil2bDGkNIL/j6Wo80c
E3CBNO7jQst2WyVLolQZXB7mBtDLheajkauKMoKUe83o7iexLhRwZo7N7RtAWT2V
fR9uFw9lfwo5ctmbZqSCJnl7PSxNF1wYLiQav4/lQ4zthxH8dtawvA0=
-----END CERTIFICATE-----