Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dNZqc2Et5GdyDxltwwtDhUEnV0w.cer
File:                     dNZqc2Et5GdyDxltwwtDhUEnV0w.cer (raw, json)
Hash identifier:          gQxqTw2ruHa3kdPbi4eF/wBXFZ6pQ40uDC4cnxEf/SM=
Subject key identifier:   74:D6:6A:73:61:2D:E4:67:72:0F:19:6D:C3:0B:43:85:41:27:57:4C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9CD56335E3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c1/3126b4-6e17-4593-8530-62dd1846de67/1/dNZqc2Et5GdyDxltwwtDhUEnV0w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c1/3126b4-6e17-4593-8530-62dd1846de67/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 03:55:36 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 199770
                          AS: 206032
                          IP: 45.136.32.0/22
                          IP: 185.46.124.0/22
                          IP: 185.198.108.0/22
                          IP: 188.240.236.0/22
                          IP: 2a01:8460::/32
                          IP: 2a0a:87c0::/29
                          IP: 2a0e:8fc0::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 673594947043 (0x9cd56335e3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:55:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=74d66a73612de467720f196dc30b43854127574c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e5:8d:f7:8d:ac:25:00:19:26:f5:71:e9:5b:
                    75:b0:26:e0:3a:bc:d4:b4:f6:8f:7a:16:c1:9d:f4:
                    32:b0:8d:5a:04:59:00:42:e8:13:d2:3f:69:15:e9:
                    d4:43:6c:bf:f3:44:30:35:5e:45:c6:23:15:0b:77:
                    49:48:8d:d9:b4:7a:7b:75:6e:79:f6:fb:d3:1d:de:
                    34:81:da:1a:17:08:0e:c0:f9:12:81:0e:ce:07:49:
                    8d:99:41:86:5e:29:4a:ab:9f:05:25:76:ac:a8:e7:
                    40:b4:7a:49:59:8f:18:43:6f:43:f2:e3:7a:8e:e5:
                    f1:b8:eb:e1:ee:eb:0c:86:ba:0f:bb:2f:4a:02:17:
                    11:b6:a8:98:f7:b2:0e:fe:4c:2a:f6:33:ba:e0:e7:
                    77:b5:d0:2c:9c:71:f7:68:1b:fe:c5:7e:7a:b2:dc:
                    a0:90:ea:88:61:fa:a1:a1:a8:69:04:c0:45:68:d5:
                    e8:e4:dc:66:2d:8f:ed:e6:3e:ee:84:bc:89:e1:02:
                    77:7c:ef:59:23:de:49:eb:4f:09:4e:90:74:99:73:
                    06:0d:4c:1d:22:a8:70:86:e1:89:4a:f9:19:11:6b:
                    39:cf:3f:d1:a0:7f:a4:4a:e9:ee:c7:91:c7:2b:7b:
                    64:84:3a:71:1d:14:c1:eb:3a:10:1f:33:77:9b:fd:
                    2b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D6:6A:73:61:2D:E4:67:72:0F:19:6D:C3:0B:43:85:41:27:57:4C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3126b4-6e17-4593-8530-62dd1846de67/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3126b4-6e17-4593-8530-62dd1846de67/1/dNZqc2Et5GdyDxltwwtDhUEnV0w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.32.0/22
                  185.46.124.0/22
                  185.198.108.0/22
                  188.240.236.0/22
                IPv6:
                  2a01:8460::/32
                  2a0a:87c0::/29
                  2a0e:8fc0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199770
                  206032

    Signature Algorithm: sha256WithRSAEncryption
         5a:a7:a5:e6:7d:5c:2f:91:d1:19:cd:5a:13:36:11:d2:43:2c:
         dd:46:84:06:8b:2f:ba:a3:31:ac:b0:69:9f:d1:58:8a:89:11:
         79:2e:45:0e:8d:e0:72:5f:47:85:66:e0:02:a2:e5:c0:c0:0a:
         3e:1e:93:0e:1e:9b:cc:51:80:35:c0:29:15:80:bb:84:3e:7f:
         8a:66:5d:07:02:e9:ad:9a:f3:e5:34:89:0e:34:bb:32:0c:6b:
         36:1b:14:01:57:31:a4:e4:95:58:53:c5:07:1d:bf:25:ba:83:
         2c:a7:bc:84:5e:88:38:81:57:9c:92:19:d0:46:cd:c7:9e:6b:
         63:0d:43:8f:eb:37:84:7e:d2:ea:d0:5f:91:16:76:b2:bd:aa:
         e2:32:c1:77:40:cb:fe:c5:93:f5:9e:61:18:19:18:f7:d0:b3:
         0b:90:bf:a5:9e:8f:34:24:ae:88:89:83:63:26:47:76:8a:aa:
         ec:7f:d0:83:c2:5e:54:08:75:b2:33:e4:7e:27:0d:ce:63:75:
         2a:dd:82:29:ca:40:a6:36:30:27:21:8b:15:27:6a:69:a5:df:
         28:54:4e:dc:12:5c:7e:ce:32:5a:62:09:59:5b:70:91:18:61:
         26:3a:1a:8c:2e:ce:63:2b:07:77:79:4b:fa:51:d2:2d:89:bc:
         9b:cf:21:09
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIGAJzVYzXjMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDM1NTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3NGQ2NmE3MzYx
MmRlNDY3NzIwZjE5NmRjMzBiNDM4NTQxMjc1NzRjMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA4+WN942sJQAZJvVx6Vt1sCbgOrzUtPaPehbBnfQysI1a
BFkAQugT0j9pFenUQ2y/80QwNV5FxiMVC3dJSI3ZtHp7dW559vvTHd40gdoaFwgO
wPkSgQ7OB0mNmUGGXilKq58FJXasqOdAtHpJWY8YQ29D8uN6juXxuOvh7usMhroP
uy9KAhcRtqiY97IO/kwq9jO64Od3tdAsnHH3aBv+xX56stygkOqIYfqhoahpBMBF
aNXo5NxmLY/t5j7uhLyJ4QJ3fO9ZI95J608JTpB0mXMGDUwdIqhwhuGJSvkZEWs5
zz/RoH+kSunux5HHK3tkhDpxHRTB6zoQHzN3m/0rWwIDAQABo4IC1DCCAtAwHQYD
VR0OBBYEFHTWanNhLeRncg8ZbcMLQ4VBJ1dMMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxLzMxMjZiNC02ZTE3LTQ1OTMt
ODUzMC02MmRkMTg0NmRlNjcvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzEvMzEyNmI0LTZlMTctNDU5My04
NTMwLTYyZGQxODQ2ZGU2Ny8xL2ROWnFjMkV0NUdkeUR4bHR3d3REaFVFblYwdy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAe
BAIAATAYAwQCLYggAwQCuS58AwQCucZsAwQCvPDsMBsEAgACMBUDBQAqAYRgAwUD
KgqHwAMFAyoOj8AwHwYIKwYBBQUHAQgBAf8EEDAOoAwwCgIDAwxaAgMDJNAwDQYJ
KoZIhvcNAQELBQADggEBAFqnpeZ9XC+R0RnNWhM2EdJDLN1GhAaLL7qjMaywaZ/R
WIqJEXkuRQ6N4HJfR4Vm4AKi5cDACj4ekw4em8xRgDXAKRWAu4Q+f4pmXQcC6a2a
8+U0iQ40uzIMazYbFAFXMaTklVhTxQcdvyW6gyynvIReiDiBV5ySGdBGzceea2MN
Q4/rN4R+0urQX5EWdrK9quIywXdAy/7Fk/WeYRgZGPfQswuQv6WejzQkroiJg2Mm
R3aKqux/0IPCXlQIdbIz5H4nDc5jdSrdginKQKY2MCchixUnamml3yhUTtwSXH7O
MlpiCVlbcJEYYSY6GowuzmMrB3d5S/pR0i2JvJvPIQk=
-----END CERTIFICATE-----