Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Sdmf3bW9iikjyFJ59u4knHFniWA.cer
File:                     Sdmf3bW9iikjyFJ59u4knHFniWA.cer (raw, json)
Hash identifier:          JD+7yBRFj/6i6Rabap4H0UjT0VbaqH6eXKbjDIKj5Ig=
Subject key identifier:   49:D9:9F:DD:B5:BD:8A:29:23:C8:52:79:F6:EE:24:9C:71:67:89:60
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9AAD4BC4BC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/82/975188-f017-49e3-b7b6-e92bf90ac5a3/1/Sdmf3bW9iikjyFJ59u4knHFniWA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/82/975188-f017-49e3-b7b6-e92bf90ac5a3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 01:57:24 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 13097
                          IP: 46.229.80.0/20
                          IP: 80.70.116.0/22
                          IP: 82.163.32.0/22
                          IP: 84.234.100.0/22
                          IP: 89.189.32.0/20
                          IP: 89.189.56.0/21
                          IP: 185.138.36.0/22
                          IP: 185.178.12.0/22
                          IP: 213.178.192.0/20
                          IP: 2a01:7540::/32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 664332387516 (0x9aad4bc4bc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:57:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=49d99fddb5bd8a2923c85279f6ee249c71678960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:68:04:e4:e2:a8:55:0d:a5:3d:a0:d7:a5:1d:
                    c2:39:cb:a5:cc:0d:d4:23:9d:c3:a0:13:8d:b4:21:
                    13:b9:52:10:e3:f0:38:84:27:1f:ac:c2:6c:93:be:
                    d9:64:b6:90:a0:2c:b9:b4:3e:a7:4c:a3:70:9b:30:
                    40:a8:cd:bf:4c:80:59:d5:c0:29:6b:17:29:2f:8c:
                    74:11:81:e8:37:e8:54:6e:8d:dc:5c:0b:e0:49:84:
                    87:5f:c7:34:b9:a7:04:37:91:a1:c5:8e:f0:b3:08:
                    28:84:73:e4:8d:e1:2e:42:35:88:45:60:d0:a7:7a:
                    48:7f:26:ee:ec:3b:c1:2a:18:7e:d7:77:2e:f5:e8:
                    c4:c5:8d:32:32:39:42:25:5d:e7:5f:0b:bb:dc:57:
                    d3:1b:aa:1a:95:9b:91:ca:4b:6d:58:f3:5f:bf:28:
                    44:29:ed:be:b5:ad:1a:b5:ef:dc:c3:e0:84:d6:70:
                    5b:e4:9a:63:45:7b:05:90:c8:3d:f8:9b:5b:17:59:
                    fe:55:99:89:01:43:ed:ed:78:7b:76:e3:f6:a1:44:
                    bc:29:bb:a3:66:4a:02:2c:b9:12:f8:ea:7f:47:c0:
                    12:f6:d9:d0:91:39:01:b9:1d:9d:3a:c0:bf:44:75:
                    04:47:7d:47:58:68:f9:ca:bc:8b:b7:a1:bc:cb:31:
                    6d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:D9:9F:DD:B5:BD:8A:29:23:C8:52:79:F6:EE:24:9C:71:67:89:60
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/975188-f017-49e3-b7b6-e92bf90ac5a3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/975188-f017-49e3-b7b6-e92bf90ac5a3/1/Sdmf3bW9iikjyFJ59u4knHFniWA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.80.0/20
                  80.70.116.0/22
                  82.163.32.0/22
                  84.234.100.0/22
                  89.189.32.0/20
                  89.189.56.0/21
                  185.138.36.0/22
                  185.178.12.0/22
                  213.178.192.0/20
                IPv6:
                  2a01:7540::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  13097

    Signature Algorithm: sha256WithRSAEncryption
         31:fb:57:a8:73:bf:ab:a1:d9:9c:b3:78:ef:89:73:8a:82:ff:
         06:10:52:3b:e1:83:cc:9f:45:35:e3:df:88:79:3f:0a:5a:6b:
         78:cb:70:d5:53:bc:0e:46:5c:6c:4c:f1:16:00:64:c7:00:25:
         94:9b:f0:0e:5b:ce:53:3d:54:e9:17:23:96:e9:ad:c9:81:73:
         04:d4:5f:1c:9c:68:c2:f3:03:f7:54:1b:34:95:c6:d8:41:66:
         a6:a3:64:ad:2c:7d:d4:11:d9:35:b0:eb:69:62:50:37:26:46:
         1b:ca:42:2b:e2:de:d5:03:e0:23:91:3d:eb:a9:1d:91:a8:ba:
         6a:cf:d2:70:d3:63:aa:f1:72:c6:27:dc:12:41:14:6f:db:06:
         e9:1d:1e:94:ae:77:02:ae:72:2e:f9:ea:f3:f2:13:88:f3:e5:
         83:c8:b4:66:f1:7e:4b:39:ee:e0:22:03:05:f2:d8:ec:a8:fb:
         b4:00:3d:b3:15:07:f8:43:b5:af:6a:83:f0:ca:d0:be:0f:37:
         00:d8:11:e5:5d:81:eb:67:72:a7:bd:8c:04:a8:01:19:c4:d7:
         ab:8c:ea:c6:32:85:07:88:37:ae:82:0e:d5:09:fe:43:c7:75:
         17:1e:3d:7c:40:e0:46:c7:86:a9:c7:ce:2d:fc:fa:11:8b:94:
         33:95:97:77
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgIGAJqtS8S8MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDE1NzI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg0OWQ5OWZkZGI1
YmQ4YTI5MjNjODUyNzlmNmVlMjQ5YzcxNjc4OTYwMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsGgE5OKoVQ2lPaDXpR3COculzA3UI53DoBONtCETuVIQ
4/A4hCcfrMJsk77ZZLaQoCy5tD6nTKNwmzBAqM2/TIBZ1cApaxcpL4x0EYHoN+hU
bo3cXAvgSYSHX8c0uacEN5GhxY7wswgohHPkjeEuQjWIRWDQp3pIfybu7DvBKhh+
13cu9ejExY0yMjlCJV3nXwu73FfTG6oalZuRykttWPNfvyhEKe2+ta0ate/cw+CE
1nBb5JpjRXsFkMg9+JtbF1n+VZmJAUPt7Xh7duP2oUS8KbujZkoCLLkS+Op/R8AS
9tnQkTkBuR2dOsC/RHUER31HWGj5yryLt6G8yzFt6QIDAQABo4IC3jCCAtowHQYD
VR0OBBYEFEnZn921vYopI8hSefbuJJxxZ4lgMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgyLzk3NTE4OC1mMDE3LTQ5ZTMt
YjdiNi1lOTJiZjkwYWM1YTMvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIvOTc1MTg4LWYwMTctNDllMy1i
N2I2LWU5MmJmOTBhYzVhMy8xL1NkbWYzYlc5aWlranlGSjU5dTRrbkhGbmlXQS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8
BAIAATA2AwQELuVQAwQCUEZ0AwQCUqMgAwQCVOpkAwQEWb0gAwQDWb04AwQCuYok
AwQCubIMAwQE1bLAMA0EAgACMAcDBQAqAXVAMBkGCCsGAQUFBwEIAQH/BAowCKAG
MAQCAjMpMA0GCSqGSIb3DQEBCwUAA4IBAQAx+1eoc7+rodmcs3jviXOKgv8GEFI7
4YPMn0U149+IeT8KWmt4y3DVU7wORlxsTPEWAGTHACWUm/AOW85TPVTpFyOW6a3J
gXME1F8cnGjC8wP3VBs0lcbYQWamo2StLH3UEdk1sOtpYlA3JkYbykIr4t7VA+Aj
kT3rqR2RqLpqz9Jw02Oq8XLGJ9wSQRRv2wbpHR6UrncCrnIu+erz8hOI8+WDyLRm
8X5LOe7gIgMF8tjsqPu0AD2zFQf4Q7WvaoPwytC+DzcA2BHlXYHrZ3KnvYwEqAEZ
xNerjOrGMoUHiDeugg7VCf5Dx3UXHj18QOBGx4apx84t/PoRi5QzlZd3
-----END CERTIFICATE-----