Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bYlXJtYO_8CjAEZVquZ86U9PL4E.cer
File:                     bYlXJtYO_8CjAEZVquZ86U9PL4E.cer (raw, json)
Hash identifier:          o8lZIqDz/bXPfA7lhY46LwRA044tnYIWED9X+Z/qJXI=
Subject key identifier:   6D:89:57:26:D6:0E:FF:C0:A3:00:46:55:AA:E6:7C:E9:4F:4F:2F:81
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018571D6756D2CFA1C49C563D80F7D591D86
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b3/b371a9-84f4-4fd9-94a6-6d2428b699f7/1/bYlXJtYO_8CjAEZVquZ86U9PL4E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b3/b371a9-84f4-4fd9-94a6-6d2428b699f7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 02 Jan 2023 09:35:58 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 47997
                          IP: 91.230.48.0/24
                          IP: 93.175.32.0/19
                          IP: 2a07:5680::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d6:75:6d:2c:fa:1c:49:c5:63:d8:0f:7d:59:1d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:35:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6d895726d60effc0a3004655aae67ce94f4f2f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:32:41:83:f0:9d:4d:ac:c5:1c:3a:6f:90:fc:
                    6b:55:04:2b:33:23:aa:95:97:65:9b:91:9a:39:8a:
                    e0:e9:86:83:3d:b8:72:d1:1e:a1:cc:2a:7b:81:3e:
                    c7:0e:76:1e:02:20:5b:49:91:74:45:e8:c8:a5:6b:
                    70:b6:88:f4:a1:1e:cc:e0:29:5c:63:aa:86:f5:0d:
                    b4:c8:21:8b:86:e1:1e:d9:ba:f1:9e:f9:e9:e8:0c:
                    e6:fd:56:42:64:05:e2:aa:a3:84:3b:ee:45:62:31:
                    bb:3d:ea:d1:c4:e9:17:0d:4e:ff:57:9a:81:bc:ea:
                    6a:f4:f6:b1:a8:ba:c8:d2:54:8d:1a:e4:6d:26:a4:
                    1d:c3:3f:4d:5b:46:51:d2:47:ab:1e:7a:5f:ac:26:
                    bc:e0:99:3e:7b:80:d5:b2:ef:40:5e:f7:dd:ce:04:
                    39:58:49:29:36:13:ff:3f:a6:95:45:eb:2d:6d:a0:
                    ad:ed:46:85:f6:ac:9c:bc:2e:2a:71:a0:5d:81:aa:
                    9c:55:8c:13:df:ff:6b:eb:48:81:99:bd:48:5b:4b:
                    8c:8b:d4:27:9a:44:47:77:69:d4:b6:5d:de:1a:4f:
                    c6:31:e4:6d:5f:cf:06:94:c8:ca:bd:92:8f:b3:f3:
                    5b:1f:65:a9:a0:fa:d6:09:dc:ee:30:98:1b:b0:02:
                    96:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:89:57:26:D6:0E:FF:C0:A3:00:46:55:AA:E6:7C:E9:4F:4F:2F:81
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b371a9-84f4-4fd9-94a6-6d2428b699f7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b371a9-84f4-4fd9-94a6-6d2428b699f7/1/bYlXJtYO_8CjAEZVquZ86U9PL4E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.48.0/24
                  93.175.32.0/19
                IPv6:
                  2a07:5680::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47997

    Signature Algorithm: sha256WithRSAEncryption
         1f:95:94:79:8e:5d:5a:ef:33:10:21:1c:bf:46:7a:03:06:f1:
         86:ab:31:be:56:8b:f6:42:c0:58:7a:31:ff:ae:6a:25:09:58:
         92:b0:68:c4:66:ea:4d:1b:98:fa:fc:04:15:73:f9:44:62:1c:
         f7:e4:9a:ac:94:e5:20:7c:47:06:fc:51:c0:1b:b7:bb:16:55:
         8e:69:ee:98:00:95:36:a5:66:92:71:78:fb:21:5c:a5:a5:1d:
         ba:a0:5a:19:be:38:bc:ff:47:16:98:4a:0a:30:d3:2d:c2:82:
         70:75:b2:fe:01:66:78:94:16:aa:c3:93:34:33:a8:5e:61:77:
         f9:e2:1c:7c:04:dc:05:a4:89:6f:31:ac:a7:07:d3:f7:06:7f:
         01:f8:9a:fe:1b:b4:05:b7:c5:e3:e2:5c:2d:33:f1:5d:cb:04:
         56:37:a7:b7:42:4b:9d:fd:4d:e3:bd:85:28:d5:39:55:bc:4d:
         b0:41:ac:73:d3:a8:6c:ec:cb:1f:fa:33:dd:28:2d:ba:5f:29:
         29:05:0f:55:73:2e:e5:da:d5:dc:29:c7:37:a3:c5:1c:a5:63:
         c6:40:4d:e7:6f:4d:af:24:6d:f7:58:99:f9:df:86:20:82:f5:
         af:d4:1d:b6:2a:08:bf:b8:65:c1:60:81:4c:92:e8:21:c8:23:
         a2:e4:ff:91
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYVx1nVtLPocScVj2A99WR2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAyMDkzNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDg5NTcyNmQ2MGVmZmMwYTMwMDQ2NTVhYWU2N2NlOTRmNGYyZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDJBg/CdTazFHDpvkPxrVQQrMyOq
lZdlm5GaOYrg6YaDPbhy0R6hzCp7gT7HDnYeAiBbSZF0RejIpWtwtoj0oR7M4Clc
Y6qG9Q20yCGLhuEe2brxnvnp6Azm/VZCZAXiqqOEO+5FYjG7PerRxOkXDU7/V5qB
vOpq9PaxqLrI0lSNGuRtJqQdwz9NW0ZR0kerHnpfrCa84Jk+e4DVsu9AXvfdzgQ5
WEkpNhP/P6aVRestbaCt7UaF9qycvC4qcaBdgaqcVYwT3/9r60iBmb1IW0uMi9Qn
mkRHd2nUtl3eGk/GMeRtX88GlMjKvZKPs/NbH2WpoPrWCdzuMJgbsAKWCQIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFG2JVybWDv/AowBGVarmfOlPTy+BMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IzL2IzNzFh
OS04NGY0LTRmZDktOTRhNi02ZDI0MjhiNjk5ZjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMvYjM3MWE5
LTg0ZjQtNGZkOS05NGE2LTZkMjQyOGI2OTlmNy8xL2JZbFhKdFlPXzhDakFFWlZx
dVo4NlU5UEw0RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQAW+YwAwQFXa8gMA0EAgACMAcDBQMqB1aAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwC7fTANBgkqhkiG9w0BAQsFAAOCAQEAH5WU
eY5dWu8zECEcv0Z6AwbxhqsxvlaL9kLAWHox/65qJQlYkrBoxGbqTRuY+vwEFXP5
RGIc9+SarJTlIHxHBvxRwBu3uxZVjmnumACVNqVmknF4+yFcpaUduqBaGb44vP9H
FphKCjDTLcKCcHWy/gFmeJQWqsOTNDOoXmF3+eIcfATcBaSJbzGspwfT9wZ/Afia
/hu0BbfF4+JcLTPxXcsEVjent0JLnf1N472FKNU5VbxNsEGsc9OobOzLH/oz3Sgt
ul8pKQUPVXMu5drV3CnHN6PFHKVjxkBN529NryRt91iZ+d+GIIL1r9QdtioIv7hl
wWCBTJLoIcgjouT/kQ==
-----END CERTIFICATE-----