Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/U_6QEbmBI-4X0rQvUPqE-hwDSpY.cer
File:                     U_6QEbmBI-4X0rQvUPqE-hwDSpY.cer (raw, json)
Hash identifier:          aGW/jMDF2jVIwqt86ljNCWPEdoY1zgnBnNnx+X/yeu8=
Subject key identifier:   53:FE:90:11:B9:81:23:EE:17:D2:B4:2F:50:FA:84:FA:1C:03:4A:96
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01875FC167634C3FB9EC32B591787DB37D2B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.co/repo/HYSP/6/53FE9011B98123EE17D2B42F50FA84FA1C034A96.mft
caRepository:             rsync://rpki.co/repo/HYSP/6/
Notify URL:               https://rpki.co/rrdp/notification.xml
Certificate not before:   Sat 08 Apr 2023 07:25:23 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 47449
                          AS: 50058
                          AS: 202736
                          IP: 2001:67c:a80::/48
                          IP: 2001:67c:a84::/48
                          IP: 2001:67c:a88::/48
                          IP: 2001:67c:a8c::/48
                          IP: 2001:67c:a90::/48
                          IP: 2001:67c:a94::/48
                          IP: 2001:67c:a98::/48
                          IP: 2001:67c:a9c::/48
                          IP: 2001:67c:aa0::/48
                          IP: 2a12:dd40::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5f:c1:67:63:4c:3f:b9:ec:32:b5:91:78:7d:b3:7d:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr  8 07:25:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=53fe9011b98123ee17d2b42f50fa84fa1c034a96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:90:59:37:88:dd:41:fd:23:42:bf:02:6c:4e:
                    25:ed:fa:9d:8d:16:a6:a7:ac:56:74:ad:c0:71:e2:
                    c6:ac:e4:6d:d3:e3:c8:3d:2b:1c:64:18:ae:22:04:
                    c1:7f:4e:c4:7b:54:48:a0:d1:63:9e:04:ec:9d:99:
                    16:01:b0:02:eb:35:84:82:2f:f2:ba:06:5e:f3:c2:
                    b4:77:e8:52:e7:7e:bb:0b:94:d2:57:8c:fb:e6:29:
                    76:0a:3a:c6:fc:0d:1b:33:dc:dd:ef:6f:60:9a:26:
                    8a:31:2a:6a:b4:27:87:a4:94:02:37:51:a2:c1:f0:
                    d7:5f:eb:16:c0:79:3c:ea:32:17:6d:5b:41:6b:e5:
                    60:d1:2b:b9:27:84:0a:5f:82:28:a7:fe:d0:cb:00:
                    da:46:99:80:47:cc:2e:3a:06:5d:8a:83:f8:bc:74:
                    0f:85:b7:79:e8:01:99:ce:56:c8:13:9c:6a:52:18:
                    41:81:f5:96:19:75:7d:9e:9c:f5:42:8d:e0:e6:dc:
                    0d:59:f5:be:f6:75:cd:2a:81:79:5d:aa:42:85:df:
                    60:db:10:9d:37:56:c5:6b:44:bd:b1:c6:5e:8f:ab:
                    4b:28:c7:3b:76:92:f3:42:5d:e2:e7:fd:2c:80:84:
                    a6:4d:28:6f:f4:a1:68:20:c3:93:40:95:ed:00:ef:
                    ba:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FE:90:11:B9:81:23:EE:17:D2:B4:2F:50:FA:84:FA:1C:03:4A:96
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.co/repo/HYSP/6
                RPKI Manifest - URI:rsync://rpki.co/repo/HYSP/6/53FE9011B98123EE17D2B42F50FA84FA1C034A96.mft
                RPKI Notify - URI:https://rpki.co/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a80::/48
                  2001:67c:a84::/48
                  2001:67c:a88::/48
                  2001:67c:a8c::/48
                  2001:67c:a90::/48
                  2001:67c:a94::/48
                  2001:67c:a98::/48
                  2001:67c:a9c::/48
                  2001:67c:aa0::/48
                  2a12:dd40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47449
                  50058
                  202736

    Signature Algorithm: sha256WithRSAEncryption
         94:30:91:34:df:75:07:76:b9:bf:2b:2d:e4:37:d2:06:ff:7a:
         ad:b5:95:2b:9b:e2:16:d9:5f:2f:9f:e4:4f:d9:ad:b4:d9:89:
         67:b6:ff:74:1c:46:24:a6:73:af:e9:f7:1e:0b:f0:4f:39:f3:
         8e:80:d1:b5:fe:a7:31:4d:c0:a5:4e:42:76:66:86:b2:2a:b3:
         2e:35:e1:22:6a:aa:8a:5d:66:7f:9c:61:a7:95:d3:eb:ab:6f:
         a6:ab:1e:8e:74:c0:66:07:5d:bb:58:ca:33:3d:31:f5:ce:06:
         90:bb:7c:7d:03:c0:a9:7a:60:d9:dd:dd:39:0b:ec:43:74:57:
         87:cd:1a:d3:23:a7:35:d3:1d:56:da:38:57:eb:19:01:f6:3e:
         57:e0:c4:8f:f0:a5:5e:87:9d:7d:06:92:29:5a:12:9b:21:d7:
         d6:0b:76:69:92:2d:b2:3f:a6:b6:da:23:53:f0:55:99:1f:1e:
         b9:01:af:42:3e:9d:e3:82:77:7d:ad:1e:f6:a7:67:ee:f6:7d:
         ee:96:df:e9:3c:8e:ee:02:92:df:a9:fc:76:06:98:3f:53:6e:
         8d:57:37:94:4e:e8:2e:87:55:00:89:d0:9c:a0:96:27:6d:51:
         32:08:e6:cd:74:d5:4d:41:94:06:ae:29:33:a6:56:14:32:c5:
         3c:3e:e0:b1
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYdfwWdjTD+57DK1kXh9s30rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwNDA4MDcyNTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ZlOTAxMWI5ODEyM2VlMTdkMmI0MmY1MGZhODRmYTFjMDM0YTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZBZN4jdQf0jQr8CbE4l7fqdjRam
p6xWdK3AceLGrORt0+PIPSscZBiuIgTBf07Ee1RIoNFjngTsnZkWAbAC6zWEgi/y
ugZe88K0d+hS5367C5TSV4z75il2CjrG/A0bM9zd729gmiaKMSpqtCeHpJQCN1Gi
wfDXX+sWwHk86jIXbVtBa+Vg0Su5J4QKX4Iop/7QywDaRpmAR8wuOgZdioP4vHQP
hbd56AGZzlbIE5xqUhhBgfWWGXV9npz1Qo3g5twNWfW+9nXNKoF5XapChd9g2xCd
N1bFa0S9scZej6tLKMc7dpLzQl3i5/0sgISmTShv9KFoIMOTQJXtAO+6BQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFFP+kBG5gSPuF9K0L1D6hPocA0qWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgcIGCCsGAQUFBwELBIG1MIGyMCcGCCsGAQUFBzAFhhtyc3lu
YzovL3Jwa2kuY28vcmVwby9IWVNQLzYwVAYIKwYBBQUHMAqGSHJzeW5jOi8vcnBr
aS5jby9yZXBvL0hZU1AvNi81M0ZFOTAxMUI5ODEyM0VFMTdEMkI0MkY1MEZBODRG
QTFDMDM0QTk2Lm1mdDAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNvL3JyZHAv
bm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBxBggrBgEFBQcB
BwEB/wRiMGAwXgQCAAIwWAMHACABBnwKgAMHACABBnwKhAMHACABBnwKiAMHACAB
BnwKjAMHACABBnwKkAMHACABBnwKlAMHACABBnwKmAMHACABBnwKnAMHACABBnwK
oAMFAyoS3UAwJAYIKwYBBQUHAQgBAf8EFTAToBEwDwIDALlZAgMAw4oCAwMX8DAN
BgkqhkiG9w0BAQsFAAOCAQEAlDCRNN91B3a5vyst5DfSBv96rbWVK5viFtlfL5/k
T9mttNmJZ7b/dBxGJKZzr+n3HgvwTznzjoDRtf6nMU3ApU5CdmaGsiqzLjXhImqq
il1mf5xhp5XT66tvpqsejnTAZgddu1jKMz0x9c4GkLt8fQPAqXpg2d3dOQvsQ3RX
h80a0yOnNdMdVto4V+sZAfY+V+DEj/ClXoedfQaSKVoSmyHX1gt2aZItsj+mttoj
U/BVmR8euQGvQj6d44J3fa0e9qdn7vZ97pbf6TyO7gKS36n8dgaYP1NujVc3lE7o
LodVAInQnKCWJ21RMgjmzXTVTUGUBq4pM6ZWFDLFPD7gsQ==
-----END CERTIFICATE-----