Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iPZYCiKcz9U2nhniUq3LcozazTk.cer
File:                     iPZYCiKcz9U2nhniUq3LcozazTk.cer (raw, json)
Hash identifier:          lfZZGTJ5t4g5Wkq0o10WO1ZDJ19Rh5CnGRok370bXwc=
Subject key identifier:   88:F6:58:0A:22:9C:CF:D5:36:9E:19:E2:52:AD:CB:72:8C:DA:CD:39
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC349442A91BAD516D205B966FA8E77E4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0b/e52b30-cd47-4c27-b6fc-d097cd2c7d82/1/iPZYCiKcz9U2nhniUq3LcozazTk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0b/e52b30-cd47-4c27-b6fc-d097cd2c7d82/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211209
                          IP: 94.154.8.0/24
                          IP: 185.234.115.0/24
                          IP: 2a10:e580::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:44:2a:91:ba:d5:16:d2:05:b9:66:fa:8e:77:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88f6580a229ccfd5369e19e252adcb728cdacd39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:00:be:b7:66:ff:4d:62:40:a2:7f:cc:c8:22:
                    0b:bf:e9:ec:4d:b2:13:a4:62:9d:e0:5a:7c:7a:6d:
                    72:66:b2:b5:d0:d8:d3:1f:4a:58:d8:2e:91:0b:86:
                    12:99:c1:2d:fe:20:7e:db:e1:44:c7:32:da:a7:52:
                    c8:61:88:db:00:74:0e:f3:b3:93:ba:46:4d:d1:1f:
                    89:45:e6:fb:c4:5f:b6:11:b5:72:ef:4d:c2:0e:99:
                    1d:98:6e:bc:4c:82:78:1f:25:d5:cc:f1:80:42:65:
                    f7:e5:44:bf:c2:f1:db:ed:ab:dc:22:18:e8:6d:28:
                    52:96:2b:1e:d6:0d:d6:31:76:00:e4:5c:f6:ea:7a:
                    17:bb:ca:c0:77:37:7b:19:21:9f:02:2d:9d:d2:1f:
                    b6:68:f9:cf:55:1a:cb:c5:9a:43:37:15:f0:2f:49:
                    08:0e:7f:03:dc:51:e6:a6:f8:c4:c1:dd:a5:31:e2:
                    dc:e2:58:bd:de:3d:1a:34:4b:62:1f:59:03:fa:51:
                    aa:e9:c5:54:b5:d9:51:8c:e7:10:70:4c:18:d4:90:
                    61:fd:18:4f:68:c6:40:0c:d5:a8:fb:9c:9b:99:2a:
                    05:bc:c4:ef:81:51:a4:f7:0d:d4:87:49:5a:e5:b6:
                    d6:76:3e:97:f2:ee:44:5b:c9:be:4a:4e:96:3e:21:
                    89:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F6:58:0A:22:9C:CF:D5:36:9E:19:E2:52:AD:CB:72:8C:DA:CD:39
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/e52b30-cd47-4c27-b6fc-d097cd2c7d82/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/e52b30-cd47-4c27-b6fc-d097cd2c7d82/1/iPZYCiKcz9U2nhniUq3LcozazTk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.8.0/24
                  185.234.115.0/24
                IPv6:
                  2a10:e580::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211209

    Signature Algorithm: sha256WithRSAEncryption
         6d:67:76:65:08:cb:39:83:2c:ba:13:ae:5b:fe:d3:1f:5e:0e:
         de:5d:a2:c8:be:fb:b7:ae:dc:ce:d7:ab:c6:19:84:26:b3:7a:
         5d:76:86:f0:63:44:e3:0c:07:c0:3e:39:ce:31:6f:35:df:12:
         bf:fb:6f:f7:40:5b:ae:f3:16:07:f0:bf:bb:cc:15:3b:3d:16:
         3a:ec:3d:59:b3:cc:a0:85:35:d5:6f:36:37:9e:dd:a4:b8:aa:
         64:df:a7:59:e0:7e:5d:d9:52:9d:c1:6e:4c:34:7e:3b:84:eb:
         b6:3b:88:6f:42:c3:95:e9:b5:13:9e:5a:80:84:ec:f8:c2:02:
         51:68:36:1d:3b:42:c2:57:07:f4:00:74:c3:ce:56:a9:27:03:
         14:95:8b:8e:60:97:92:31:15:20:fb:2c:78:bd:c9:93:a7:17:
         b7:10:fe:55:a7:f1:b4:b7:67:63:4d:25:a7:b3:fb:1a:92:8a:
         f8:49:0c:4a:d7:84:06:92:be:62:95:9d:25:87:ab:42:97:b0:
         62:90:d4:14:5e:f3:53:23:ce:e2:89:fe:c8:00:87:b2:46:82:
         44:78:54:0e:85:c6:a1:d8:cc:c3:23:64:1e:fa:b2:60:6e:a9:
         77:bb:47:2b:9f:d3:bb:0f:e9:07:42:f4:38:64:f3:bd:8e:4d:
         0e:dd:0a:98
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzDSUQqkbrVFtIFuWb6jnfkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGY2NTgwYTIyOWNjZmQ1MzY5ZTE5ZTI1MmFkY2I3MjhjZGFjZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgC+t2b/TWJAon/MyCILv+nsTbIT
pGKd4Fp8em1yZrK10NjTH0pY2C6RC4YSmcEt/iB+2+FExzLap1LIYYjbAHQO87OT
ukZN0R+JReb7xF+2EbVy703CDpkdmG68TIJ4HyXVzPGAQmX35US/wvHb7avcIhjo
bShSlise1g3WMXYA5Fz26noXu8rAdzd7GSGfAi2d0h+2aPnPVRrLxZpDNxXwL0kI
Dn8D3FHmpvjEwd2lMeLc4li93j0aNEtiH1kD+lGq6cVUtdlRjOcQcEwY1JBh/RhP
aMZADNWo+5ybmSoFvMTvgVGk9w3Uh0la5bbWdj6X8u5EW8m+Sk6WPiGJ7wIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFIj2WAoinM/VNp4Z4lKty3KM2s05MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBiL2U1MmIz
MC1jZDQ3LTRjMjctYjZmYy1kMDk3Y2QyYzdkODIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGIvZTUyYjMw
LWNkNDctNGMyNy1iNmZjLWQwOTdjZDJjN2Q4Mi8xL2lQWllDaUtjejlVMm5obmlV
cTNMY296YXpUay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQAXpoIAwQAuepzMA0EAgACMAcDBQMqEOWAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwM5CTANBgkqhkiG9w0BAQsFAAOCAQEAbWd2
ZQjLOYMsuhOuW/7TH14O3l2iyL77t67czterxhmEJrN6XXaG8GNE4wwHwD45zjFv
Nd8Sv/tv90BbrvMWB/C/u8wVOz0WOuw9WbPMoIU11W82N57dpLiqZN+nWeB+XdlS
ncFuTDR+O4TrtjuIb0LDlem1E55agITs+MICUWg2HTtCwlcH9AB0w85WqScDFJWL
jmCXkjEVIPsseL3Jk6cXtxD+VafxtLdnY00lp7P7GpKK+EkMSteEBpK+YpWdJYer
QpewYpDUFF7zUyPO4on+yACHskaCRHhUDoXGodjMwyNkHvqyYG6pd7tHK5/Tuw/p
B0L0OGTzvY5NDt0KmA==
-----END CERTIFICATE-----