Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Xq321v9xx-OOodKRIFrL74w9kHY.cer
File:                     Xq321v9xx-OOodKRIFrL74w9kHY.cer (raw, json)
Hash identifier:          WdRExN9S1wSx4T7NiXpkqSkSNlBhrZSpnoDlYMQKcek=
Subject key identifier:   5E:AD:F6:D6:FF:71:C7:E3:8E:A1:D2:91:20:5A:CB:EF:8C:3D:90:76
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856BD11ABAADF00D9E7ACBA33BDDFE9FDC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/81/6458b8-d818-4cd6-ae62-bb67d99ddc52/1/Xq321v9xx-OOodKRIFrL74w9kHY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/81/6458b8-d818-4cd6-ae62-bb67d99ddc52/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 05:32:24 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 51521
                          IP: 91.217.96.0/23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:d1:1a:ba:ad:f0:0d:9e:7a:cb:a3:3b:dd:fe:9f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:32:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5eadf6d6ff71c7e38ea1d291205acbef8c3d9076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c0:de:47:cb:e4:c2:48:03:64:23:c0:f9:75:
                    30:ce:9b:bf:a4:8b:a2:12:6a:c6:94:5a:bd:0b:75:
                    68:f2:5b:e7:02:e1:2e:0e:4a:33:27:43:99:0f:5f:
                    04:57:a9:e1:ac:74:e9:59:d7:9b:d6:78:99:b1:5a:
                    ec:14:5a:84:ae:68:71:f6:f7:c8:fc:c0:8a:86:fb:
                    cf:7e:73:1b:ff:53:b0:8b:8f:81:86:d6:0a:f7:38:
                    79:c3:ff:85:4c:65:3e:5c:f5:48:08:b9:84:2f:37:
                    ea:09:c9:45:c1:d4:6d:ed:b1:4f:6e:02:23:57:47:
                    9b:57:ff:72:2f:ee:ad:e4:ff:55:ef:f2:df:7f:02:
                    94:99:82:28:53:6c:4e:49:e0:ca:fc:d9:16:63:1e:
                    0d:1f:25:29:e7:a2:f8:e5:49:8c:a1:d9:40:12:28:
                    e6:b5:99:7e:ed:d6:fd:aa:f2:21:fa:17:0e:3a:8f:
                    c4:41:a8:ee:20:55:14:ae:9c:ee:6e:e2:3b:55:cf:
                    5a:87:64:1d:88:60:77:be:f5:3a:1e:95:82:f9:80:
                    68:76:59:74:e2:25:20:bb:89:72:23:a9:a1:99:de:
                    d4:46:17:ee:3e:a9:6c:ed:fc:c5:21:35:ab:51:a9:
                    b0:03:d1:19:15:b3:0e:f4:3c:dd:07:74:dd:d1:5d:
                    20:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:AD:F6:D6:FF:71:C7:E3:8E:A1:D2:91:20:5A:CB:EF:8C:3D:90:76
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/6458b8-d818-4cd6-ae62-bb67d99ddc52/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/6458b8-d818-4cd6-ae62-bb67d99ddc52/1/Xq321v9xx-OOodKRIFrL74w9kHY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.96.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51521

    Signature Algorithm: sha256WithRSAEncryption
         57:ad:57:48:18:5b:b5:90:10:51:60:e5:cb:03:23:6a:ab:9a:
         7e:42:a8:56:b6:3a:61:ed:3b:2e:4e:2d:85:f3:20:b1:1a:bb:
         ea:ba:aa:b9:8a:1d:51:66:65:80:d3:6a:cf:5e:bf:77:d2:ad:
         7e:43:58:df:77:d3:59:cf:7d:1b:59:d8:1b:55:7d:4f:ff:12:
         f7:d7:80:db:f6:bb:4d:97:e4:66:c7:44:8b:c1:98:e3:71:d6:
         e5:31:b8:9e:de:0f:02:d9:ab:d0:20:de:08:99:14:2f:5b:fc:
         f2:bc:5e:3b:b9:f0:ed:b2:d2:a5:e9:aa:49:b8:47:79:12:05:
         e7:7d:9b:f4:b8:71:73:1c:7d:72:66:a3:f6:da:74:64:4f:a4:
         fe:18:c0:54:a9:24:34:17:09:d1:09:f8:22:fc:31:1d:47:65:
         14:0b:82:1a:30:ed:f4:70:7c:4c:cf:4e:92:a3:77:ac:42:ca:
         74:e5:35:4c:1d:46:67:69:75:cd:5b:08:b3:f7:57:88:f1:52:
         29:0a:00:ab:90:32:11:8e:21:d0:32:20:53:45:93:78:d6:3d:
         62:0d:a3:87:05:e7:68:2f:bf:08:d0:7b:c3:a0:08:ce:ba:dd:
         d2:b4:68:28:7a:63:70:34:1a:98:d3:74:63:96:6a:5a:63:de:
         44:79:12:2f
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYVr0Rq6rfANnnrLozvd/p/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDUzMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWFkZjZkNmZmNzFjN2UzOGVhMWQyOTEyMDVhY2JlZjhjM2Q5MDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcDeR8vkwkgDZCPA+XUwzpu/pIui
EmrGlFq9C3Vo8lvnAuEuDkozJ0OZD18EV6nhrHTpWdeb1niZsVrsFFqErmhx9vfI
/MCKhvvPfnMb/1Owi4+BhtYK9zh5w/+FTGU+XPVICLmELzfqCclFwdRt7bFPbgIj
V0ebV/9yL+6t5P9V7/LffwKUmYIoU2xOSeDK/NkWYx4NHyUp56L45UmModlAEijm
tZl+7db9qvIh+hcOOo/EQajuIFUUrpzubuI7Vc9ah2QdiGB3vvU6HpWC+YBodll0
4iUgu4lyI6mhmd7URhfuPqls7fzFITWrUamwA9EZFbMO9DzdB3Td0V0gPwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFF6t9tb/ccfjjqHSkSBay++MPZB2MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgxLzY0NThi
OC1kODE4LTRjZDYtYWU2Mi1iYjY3ZDk5ZGRjNTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODEvNjQ1OGI4
LWQ4MTgtNGNkNi1hZTYyLWJiNjdkOTlkZGM1Mi8xL1hxMzIxdjl4eC1PT29kS1JJ
RnJMNzR3OWtIWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBW9lgMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDJQTANBgkqhkiG9w0BAQsFAAOCAQEAV61XSBhbtZAQUWDlywMjaquafkKoVrY6
Ye07Lk4thfMgsRq76rqquYodUWZlgNNqz16/d9KtfkNY33fTWc99G1nYG1V9T/8S
99eA2/a7TZfkZsdEi8GY43HW5TG4nt4PAtmr0CDeCJkUL1v88rxeO7nw7bLSpemq
SbhHeRIF532b9Lhxcxx9cmaj9tp0ZE+k/hjAVKkkNBcJ0Qn4IvwxHUdlFAuCGjDt
9HB8TM9OkqN3rELKdOU1TB1GZ2l1zVsIs/dXiPFSKQoAq5AyEY4h0DIgU0WTeNY9
Yg2jhwXnaC+/CNB7w6AIzrrd0rRoKHpjcDQamNN0Y5ZqWmPeRHkSLw==
-----END CERTIFICATE-----