Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc9iGhJ92gjYmhJCZ0k0qe0jwe4.cer
File:                     bc9iGhJ92gjYmhJCZ0k0qe0jwe4.cer (raw, json)
Hash identifier:          fyEGv0LL4RMNnAFuOUKYKqWX6wDrC4OSkbVBlX+CGlM=
Subject key identifier:   6D:CF:62:1A:12:7D:DA:08:D8:9A:12:42:67:49:34:A9:ED:23:C1:EE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018316E0DE179703FA9BE51D8B248FD3BE4D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/30/9b58d4-38ec-4d59-9e21-a9164322c91c/1/bc9iGhJ92gjYmhJCZ0k0qe0jwe4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/30/9b58d4-38ec-4d59-9e21-a9164322c91c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 07 Sep 2022 07:36:19 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    IP: 37.131.128.0/19
                          IP: 62.61.32.0/19
                          IP: 94.78.128.0/18
                          IP: 94.251.128.0/17
                          IP: 193.43.240.0/22
                          IP: 193.200.118.0/23
                          IP: 194.116.132.0/23
                          IP: 194.149.240.0/24
                          IP: 195.93.134.0/23
                          IP: 2a02:2a40::/32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:16:e0:de:17:97:03:fa:9b:e5:1d:8b:24:8f:d3:be:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep  7 07:36:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6dcf621a127dda08d89a1242674934a9ed23c1ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:b2:a7:03:7b:b5:1b:ca:cd:ba:80:da:53:f6:
                    b8:5f:69:5c:f4:62:49:a0:5e:a2:6d:e5:4a:a8:61:
                    b3:50:63:72:1d:25:99:45:f1:a7:5f:cb:fc:42:41:
                    c8:b5:ab:66:ce:ea:ba:e9:a2:2c:8e:06:e6:8c:96:
                    8a:ed:f0:c8:48:0a:cf:65:12:d3:f7:c2:2f:e8:4c:
                    c7:5d:8f:33:3d:3c:58:0f:53:73:0a:dd:3a:61:61:
                    57:8b:b1:8b:4c:ab:c0:55:a3:86:18:52:39:6e:82:
                    ef:fd:4c:12:f8:86:d7:25:8b:6e:a6:c2:60:82:08:
                    d6:86:f3:bc:90:f8:e6:27:e0:fa:17:c6:d8:4c:72:
                    0a:3a:4c:57:d1:8f:bb:a1:d1:c6:9b:15:ae:71:94:
                    00:61:42:05:ad:97:9b:43:4e:38:a0:8f:e8:8e:a4:
                    7a:5f:5b:53:d3:b2:3a:0c:8d:a5:c0:4a:5d:b3:c2:
                    4d:4a:cb:45:8b:16:ab:c8:82:9f:f0:5f:10:10:58:
                    51:be:39:72:7f:22:e8:29:6c:c8:17:df:05:c2:86:
                    a9:d6:25:e4:b6:e8:72:0c:52:5f:b7:a0:14:82:55:
                    fb:00:43:98:d2:e5:6b:45:a3:b0:97:c3:37:55:16:
                    53:89:a9:0f:5b:dc:a1:a1:e4:72:90:f5:6a:2b:85:
                    1f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:CF:62:1A:12:7D:DA:08:D8:9A:12:42:67:49:34:A9:ED:23:C1:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9b58d4-38ec-4d59-9e21-a9164322c91c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9b58d4-38ec-4d59-9e21-a9164322c91c/1/bc9iGhJ92gjYmhJCZ0k0qe0jwe4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.131.128.0/19
                  62.61.32.0/19
                  94.78.128.0/18
                  94.251.128.0/17
                  193.43.240.0/22
                  193.200.118.0/23
                  194.116.132.0/23
                  194.149.240.0/24
                  195.93.134.0/23
                IPv6:
                  2a02:2a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:97:9c:12:36:d0:6c:a4:d7:24:7f:c5:ee:98:d1:74:30:d0:
         28:3a:9e:65:d9:32:48:5a:d3:d6:d6:83:71:c4:bd:02:54:ec:
         4a:d9:33:50:50:4f:6e:36:7e:e7:86:56:55:2b:70:28:14:72:
         73:ed:67:f8:32:f9:0f:1c:b7:5f:d9:11:9f:ad:85:f1:eb:fc:
         ce:51:67:2c:86:1a:55:83:cc:3f:5e:64:03:2d:e7:67:47:73:
         bc:11:20:3d:90:90:a5:05:46:f3:54:e4:c4:7b:69:d1:5e:b7:
         eb:f6:7b:49:90:a3:ca:f4:cb:c8:23:93:bd:96:b0:60:18:3d:
         7e:44:00:c4:16:a9:5e:3f:01:7b:e5:c8:ed:17:fc:b5:f0:89:
         38:21:e0:3b:45:20:0e:fc:a5:eb:8f:ef:cf:b9:68:29:6f:9f:
         d9:69:c0:51:05:00:7d:ad:9c:48:dd:23:f5:66:8d:2b:6c:86:
         cf:0d:c3:98:1d:17:3f:d9:96:8a:67:21:91:9a:94:36:6d:38:
         b4:ef:fa:d8:d5:b5:fc:e3:9a:fc:79:c4:38:6c:30:d4:92:4f:
         9c:75:ae:8d:14:32:ad:35:60:36:95:ab:36:c8:b9:c0:54:9b:
         e6:d0:1c:1e:da:30:31:ca:59:ee:95:d7:08:d5:cc:f1:24:a7:
         df:6a:33:0b
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgISAYMW4N4XlwP6m+UdiySP075NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjIwOTA3MDczNjE5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGNmNjIxYTEyN2RkYTA4ZDg5YTEyNDI2NzQ5MzRhOWVkMjNjMWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6bKnA3u1G8rNuoDaU/a4X2lc9GJJ
oF6ibeVKqGGzUGNyHSWZRfGnX8v8QkHItatmzuq66aIsjgbmjJaK7fDISArPZRLT
98Iv6EzHXY8zPTxYD1NzCt06YWFXi7GLTKvAVaOGGFI5boLv/UwS+IbXJYtupsJg
ggjWhvO8kPjmJ+D6F8bYTHIKOkxX0Y+7odHGmxWucZQAYUIFrZebQ044oI/ojqR6
X1tT07I6DI2lwEpds8JNSstFixaryIKf8F8QEFhRvjlyfyLoKWzIF98Fwoap1iXk
tuhyDFJft6AUglX7AEOY0uVrRaOwl8M3VRZTiakPW9yhoeRykPVqK4UfMwIDAQAB
o4ICwzCCAr8wHQYDVR0OBBYEFG3PYhoSfdoI2JoSQmdJNKntI8HuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMwLzliNThk
NC0zOGVjLTRkNTktOWUyMS1hOTE2NDMyMmM5MWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzAvOWI1OGQ0
LTM4ZWMtNGQ1OS05ZTIxLWE5MTY0MzIyYzkxYy8xL2JjOWlHaEo5MmdqWW1oSkNa
MGswcWUwandlNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF4GCCsGAQUF
BwEHAQH/BE8wTTA8BAIAATA2AwQFJYOAAwQFPj0gAwQGXk6AAwQHXvuAAwQCwSvw
AwQBwch2AwQBwnSEAwQAwpXwAwQBw12GMA0EAgACMAcDBQAqAipAMA0GCSqGSIb3
DQEBCwUAA4IBAQBtl5wSNtBspNckf8XumNF0MNAoOp5l2TJIWtPW1oNxxL0CVOxK
2TNQUE9uNn7nhlZVK3AoFHJz7Wf4MvkPHLdf2RGfrYXx6/zOUWcshhpVg8w/XmQD
LednR3O8ESA9kJClBUbzVOTEe2nRXrfr9ntJkKPK9MvII5O9lrBgGD1+RADEFqle
PwF75cjtF/y18Ik4IeA7RSAO/KXrj+/PuWgpb5/ZacBRBQB9rZxI3SP1Zo0rbIbP
DcOYHRc/2ZaKZyGRmpQ2bTi07/rY1bX845r8ecQ4bDDUkk+cda6NFDKtNWA2las2
yLnAVJvm0Bwe2jAxylnuldcI1czxJKffajML
-----END CERTIFICATE-----