Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XdEYk_87nyzi0eWzOR-YMMVagTs.cer
File:                     XdEYk_87nyzi0eWzOR-YMMVagTs.cer (raw, json)
Hash identifier:          ZDgQrK0KNNXQOblODbGiwTOMmdTJPE23d+KeIKvK+VQ=
Subject key identifier:   5D:D1:18:93:FF:3B:9F:2C:E2:D1:E5:B3:39:1F:98:30:C5:5A:81:3B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9CACEC84DC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b8/900e80-05a4-4a80-8a22-80f3f4411f18/1/XdEYk_87nyzi0eWzOR-YMMVagTs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b8/900e80-05a4-4a80-8a22-80f3f4411f18/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 03:54:02 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 57395
                          IP: 176.98.160.0/21
                          IP: 185.181.168.0/22
                          IP: 193.150.64.0/24
                          IP: 2001:67c:2520::/48
                          IP: 2a0b:33c0::/29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 672916079836 (0x9cacec84dc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:54:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5dd11893ff3b9f2ce2d1e5b3391f9830c55a813b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:37:0c:be:a2:1e:d7:94:5a:3b:7d:a3:1c:5d:
                    af:34:d7:f8:2d:48:07:f7:a2:cb:7a:a6:f9:6d:65:
                    29:ab:eb:64:0c:87:ba:1f:5a:d0:1d:53:48:76:f3:
                    54:4b:89:28:0d:d4:39:e7:d8:f2:d0:7e:01:9b:be:
                    67:6e:55:ab:92:e4:21:07:7b:9d:3e:93:4b:4f:95:
                    75:a7:a9:ff:80:27:e8:84:b2:80:97:6b:0b:b4:1e:
                    e3:e5:b2:dd:42:37:59:80:ea:e4:6b:b9:7c:9a:ed:
                    f9:68:1e:8f:94:f1:11:03:f7:b9:23:df:83:1e:74:
                    e8:26:fe:d0:0f:f5:fb:4e:45:9f:d5:be:a3:82:91:
                    5f:d3:fe:52:41:ac:86:3d:d3:91:dd:29:77:59:c8:
                    bf:0f:4e:67:f3:2a:77:50:d2:84:83:d0:01:8f:fc:
                    f9:ce:38:fb:e2:d8:58:cb:1b:f3:21:a4:55:41:25:
                    d6:17:d6:cd:1b:06:c7:04:91:6b:48:dd:17:94:5b:
                    dc:64:f3:c2:93:40:18:62:e0:34:d8:a3:a3:be:bf:
                    5e:99:eb:2f:c6:e8:82:3d:00:41:87:93:ec:57:f7:
                    f1:a0:90:a6:37:54:3b:11:f6:0d:1e:75:b6:f4:03:
                    83:f7:70:c6:ea:25:cb:7c:cc:13:86:75:ff:24:53:
                    d8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D1:18:93:FF:3B:9F:2C:E2:D1:E5:B3:39:1F:98:30:C5:5A:81:3B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/900e80-05a4-4a80-8a22-80f3f4411f18/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/900e80-05a4-4a80-8a22-80f3f4411f18/1/XdEYk_87nyzi0eWzOR-YMMVagTs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.98.160.0/21
                  185.181.168.0/22
                  193.150.64.0/24
                IPv6:
                  2001:67c:2520::/48
                  2a0b:33c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57395

    Signature Algorithm: sha256WithRSAEncryption
         2a:28:70:72:ce:d7:49:10:5d:62:2d:3f:37:57:db:03:a4:b5:
         38:e1:f3:34:a9:2d:f8:bc:d3:8e:05:06:9d:32:30:dc:8c:9d:
         66:f1:0a:82:8d:95:67:87:7b:ff:32:a4:80:1b:e4:47:51:d9:
         5d:da:a5:cd:67:d3:a7:8d:64:2d:d9:0e:cc:5f:3e:e2:ef:b2:
         bc:79:1c:d9:2b:0f:47:94:b1:e7:95:67:81:9e:a5:e9:43:7d:
         d2:e8:db:3d:06:67:2e:80:f1:d6:98:e0:be:83:51:5e:fb:5c:
         d5:ee:ae:7c:c6:db:14:58:74:40:b5:66:01:fa:1c:fd:af:14:
         c4:99:e8:1d:92:2f:ce:71:c0:69:49:9a:ff:8a:50:71:4c:17:
         73:47:14:ff:82:20:7e:b1:ce:ea:b4:dd:4c:c6:e3:c5:87:77:
         c0:2a:67:98:1c:04:e5:7a:3d:08:98:58:72:b8:c2:18:01:1a:
         ea:5c:ed:47:71:36:0e:26:3f:6e:b2:c3:71:e4:a1:b4:cd:9c:
         f7:1c:72:00:a9:2a:ca:a8:a4:ab:1c:0d:d3:49:63:00:cb:be:
         fd:b4:d3:84:4b:a5:d1:68:67:db:2d:6a:81:cf:96:39:4b:9a:
         78:f4:d7:c5:1f:a0:3a:7c:db:56:09:2d:82:d6:85:a0:6c:75:
         70:60:0d:31
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgIGAJys7ITcMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDM1NDAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1ZGQxMTg5M2Zm
M2I5ZjJjZTJkMWU1YjMzOTFmOTgzMGM1NWE4MTNiMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAuTcMvqIe15RaO32jHF2vNNf4LUgH96LLeqb5bWUpq+tk
DIe6H1rQHVNIdvNUS4koDdQ559jy0H4Bm75nblWrkuQhB3udPpNLT5V1p6n/gCfo
hLKAl2sLtB7j5bLdQjdZgOrka7l8mu35aB6PlPERA/e5I9+DHnToJv7QD/X7TkWf
1b6jgpFf0/5SQayGPdOR3Sl3Wci/D05n8yp3UNKEg9ABj/z5zjj74thYyxvzIaRV
QSXWF9bNGwbHBJFrSN0XlFvcZPPCk0AYYuA02KOjvr9emesvxuiCPQBBh5PsV/fx
oJCmN1Q7EfYNHnW29AOD93DG6iXLfMwThnX/JFPYfwIDAQABo4ICxDCCAsAwHQYD
VR0OBBYEFF3RGJP/O58s4tHlszkfmDDFWoE7MB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I4LzkwMGU4MC0wNWE0LTRhODAt
OGEyMi04MGYzZjQ0MTFmMTgvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgvOTAwZTgwLTA1YTQtNGE4MC04
YTIyLTgwZjNmNDQxMWYxOC8xL1hkRVlrXzg3bnl6aTBlV3pPUi1ZTU1WYWdUcy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAY
BAIAATASAwQDsGKgAwQCubWoAwQAwZZAMBYEAgACMBADBwAgAQZ8JSADBQMqCzPA
MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwDgMzANBgkqhkiG9w0BAQsFAAOCAQEA
Kihwcs7XSRBdYi0/N1fbA6S1OOHzNKkt+LzTjgUGnTIw3IydZvEKgo2VZ4d7/zKk
gBvkR1HZXdqlzWfTp41kLdkOzF8+4u+yvHkc2SsPR5Sx55VngZ6l6UN90ujbPQZn
LoDx1pjgvoNRXvtc1e6ufMbbFFh0QLVmAfoc/a8UxJnoHZIvznHAaUma/4pQcUwX
c0cU/4IgfrHO6rTdTMbjxYd3wCpnmBwE5Xo9CJhYcrjCGAEa6lztR3E2DiY/brLD
ceShtM2c9xxyAKkqyqikqxwN00ljAMu+/bTThEul0Whn2y1qgc+WOUuaePTXxR+g
OnzbVgktgtaFoGx1cGANMQ==
-----END CERTIFICATE-----