Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/TfZANi4YRT9z2LAxMSUQFJbIGoI.cer
File:                     TfZANi4YRT9z2LAxMSUQFJbIGoI.cer (raw, json)
Hash identifier:          l791Np2lth4DivqEAjhmUsstXoJWEsKgzfVnV9I088A=
Subject key identifier:   4D:F6:40:36:2E:18:45:3F:73:D8:B0:31:31:25:10:14:96:C8:1A:82
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       AFA9F0B597
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/27/6717cd-1d45-43b2-8461-e666921b37f4/1/TfZANi4YRT9z2LAxMSUQFJbIGoI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/27/6717cd-1d45-43b2-8461-e666921b37f4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 06 Apr 2022 08:53:49 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    IP: 2.56.200.0/22
                          IP: 91.196.216.0/22
                          IP: 185.36.76.0/22
                          IP: 185.253.28.0/22
                          IP: 202.162.48.0/20
                          IP: 2a09:c9c0::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 754470401431 (0xafa9f0b597)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr  6 08:53:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4df640362e18453f73d8b0313125101496c81a82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3b:2e:51:7c:c8:1b:6e:9c:18:fc:3d:54:cf:
                    25:c7:73:53:8c:d8:98:60:4a:af:a0:63:a4:8b:b4:
                    e0:b2:cf:a3:be:61:3c:72:6b:a9:6b:b7:33:78:90:
                    f9:5a:08:cb:17:f0:18:92:09:db:8d:e1:86:e3:04:
                    5b:b3:ae:c8:30:06:ad:db:aa:47:e1:9e:d0:ce:19:
                    81:91:7b:74:e1:1a:3f:9e:e3:62:7b:78:ed:4a:09:
                    4c:b6:9b:59:0f:d1:04:29:be:80:b0:89:f2:37:fc:
                    13:6c:bc:68:2f:23:dd:16:17:b3:db:08:51:dd:95:
                    f9:10:ca:57:37:56:4a:97:b7:28:05:a7:af:c1:1a:
                    07:e1:eb:ec:61:54:57:61:4d:de:40:b7:48:7f:05:
                    8d:8a:1a:84:3e:7e:f6:38:ef:07:9f:fd:ea:51:35:
                    91:a3:75:f3:f2:bd:3b:05:41:fa:ac:2a:99:a9:ba:
                    2b:65:ee:43:c9:71:19:f8:5e:c2:b2:c0:9f:7c:4b:
                    d0:91:a9:d9:53:d4:41:fe:b6:43:f2:29:07:ca:06:
                    de:13:7d:ad:de:65:5a:6a:5e:ef:e1:52:ae:d9:64:
                    b7:2f:16:05:67:40:0c:39:b3:35:eb:66:cb:ee:47:
                    75:45:b0:e7:d5:c2:24:e0:cd:b7:a9:7d:43:c8:fe:
                    5c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F6:40:36:2E:18:45:3F:73:D8:B0:31:31:25:10:14:96:C8:1A:82
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/6717cd-1d45-43b2-8461-e666921b37f4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/6717cd-1d45-43b2-8461-e666921b37f4/1/TfZANi4YRT9z2LAxMSUQFJbIGoI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.200.0/22
                  91.196.216.0/22
                  185.36.76.0/22
                  185.253.28.0/22
                  202.162.48.0/20
                IPv6:
                  2a09:c9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:9a:58:1b:ed:2c:cc:de:a9:52:cc:b0:25:d0:88:8b:ff:42:
         23:84:fa:b1:28:d4:e9:c8:18:e0:80:6b:ee:6e:40:d9:01:be:
         f9:1e:a7:25:4b:fb:6e:f1:af:6b:aa:c0:e2:8e:e6:e3:9c:c2:
         f2:bd:cb:20:f0:3e:d0:02:8d:c9:88:08:15:06:40:6b:a5:bb:
         9e:c0:2b:f9:56:0e:fb:f9:e7:7a:2a:34:8f:77:c7:f5:f1:ab:
         eb:16:11:73:82:fe:8d:32:77:96:d0:92:64:56:48:7b:34:af:
         98:20:6f:5a:b6:24:ea:cf:a3:b2:20:8e:61:eb:b0:36:f6:00:
         01:6e:71:d4:df:28:7b:55:c2:0f:d7:22:2c:df:83:96:97:56:
         7c:3d:81:63:b0:69:02:0a:cc:a8:a1:c6:1e:cf:18:cb:7d:ae:
         70:ea:49:00:1e:96:19:38:5b:99:ce:39:81:1f:a9:8b:3a:f5:
         8f:d3:38:7c:67:ef:1d:bb:96:a8:8e:54:bd:1a:7d:71:98:cd:
         e0:6e:b6:56:01:22:ef:cb:ca:08:6b:64:56:61:41:12:b3:aa:
         0a:af:65:c9:b0:48:75:5e:66:e4:68:69:3e:c2:94:89:49:27:
         d1:b4:ea:09:e5:d1:2a:31:c6:7c:d9:ae:2b:8a:fd:8b:fd:0a:
         84:fd:72:1f
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgIGAK+p8LWXMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
NDA2MDg1MzQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg0ZGY2NDAzNjJl
MTg0NTNmNzNkOGIwMzEzMTI1MTAxNDk2YzgxYTgyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAxDsuUXzIG26cGPw9VM8lx3NTjNiYYEqvoGOki7Tgss+j
vmE8cmupa7czeJD5WgjLF/AYkgnbjeGG4wRbs67IMAat26pH4Z7QzhmBkXt04Ro/
nuNie3jtSglMtptZD9EEKb6AsInyN/wTbLxoLyPdFhez2whR3ZX5EMpXN1ZKl7co
BaevwRoH4evsYVRXYU3eQLdIfwWNihqEPn72OO8Hn/3qUTWRo3Xz8r07BUH6rCqZ
qborZe5DyXEZ+F7CssCffEvQkanZU9RB/rZD8ikHygbeE32t3mVaal7v4VKu2WS3
LxYFZ0AMObM162bL7kd1RbDn1cIk4M23qX1DyP5cewIDAQABo4ICqzCCAqcwHQYD
VR0OBBYEFE32QDYuGEU/c9iwMTElEBSWyBqCMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI3LzY3MTdjZC0xZDQ1LTQzYjIt
ODQ2MS1lNjY2OTIxYjM3ZjQvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcvNjcxN2NkLTFkNDUtNDNiMi04
NDYxLWU2NjY5MjFiMzdmNC8xL1RmWkFOaTRZUlQ5ejJMQXhNU1VRRkpiSUdvSS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAk
BAIAATAeAwQCAjjIAwQCW8TYAwQCuSRMAwQCuf0cAwQEyqIwMA0EAgACMAcDBQMq
CcnAMA0GCSqGSIb3DQEBCwUAA4IBAQAbmlgb7SzM3qlSzLAl0IiL/0IjhPqxKNTp
yBjggGvubkDZAb75HqclS/tu8a9rqsDijubjnMLyvcsg8D7QAo3JiAgVBkBrpbue
wCv5Vg77+ed6KjSPd8f18avrFhFzgv6NMneW0JJkVkh7NK+YIG9atiTqz6OyII5h
67A29gABbnHU3yh7VcIP1yIs34OWl1Z8PYFjsGkCCsyoocYezxjLfa5w6kkAHpYZ
OFuZzjmBH6mLOvWP0zh8Z+8du5aojlS9Gn1xmM3gbrZWASLvy8oIa2RWYUESs6oK
r2XJsEh1XmbkaGk+wpSJSSfRtOoJ5dEqMcZ82a4riv2L/QqE/XIf
-----END CERTIFICATE-----