Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/j2qg5XA92heJIhwqO68fnammwHw.cer
File:                     j2qg5XA92heJIhwqO68fnammwHw.cer (raw, json)
Hash identifier:          lZwfwwVQJRs6d7wQtewuQ3bv84rgHqj4v9gkNeVKMik=
Subject key identifier:   8F:6A:A0:E5:70:3D:DA:17:89:22:1C:2A:3B:AF:1F:9D:A9:A6:C0:7C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A98D407754
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/89/8dfcbd-6da3-4944-9261-574b6c70175e/1/j2qg5XA92heJIhwqO68fnammwHw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/89/8dfcbd-6da3-4944-9261-574b6c70175e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 14:58:32 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 204853
                          IP: 185.238.100.0/22
                          IP: 2a0c:2a80::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 728219285332 (0xa98d407754)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:58:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8f6aa0e5703dda1789221c2a3baf1f9da9a6c07c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bf:0b:ea:22:f3:9b:a8:c3:33:7f:d6:80:55:
                    9a:31:95:89:b3:08:da:66:1b:8d:51:b5:6c:5a:c4:
                    b0:45:90:31:b2:e4:6f:28:84:64:5c:e0:be:ab:f3:
                    da:f3:ab:fe:86:b8:db:18:28:cc:1a:68:95:19:45:
                    88:c6:ec:8b:a9:a6:b4:bb:4c:8a:e7:44:80:c0:67:
                    d9:e3:02:f5:fb:88:4f:8c:ce:42:c3:03:f2:69:35:
                    85:a5:b3:8d:a6:a6:57:a4:ac:d6:1a:2d:07:ef:9c:
                    64:ee:0f:82:f9:56:6c:65:ea:90:10:eb:5a:05:0a:
                    87:79:a6:6b:ee:b1:71:27:60:08:1b:2c:66:26:d5:
                    6d:cb:c5:86:a4:cc:90:06:2f:72:b1:54:1a:48:7d:
                    9a:9e:57:ac:d0:1e:13:a1:fb:50:b0:99:45:e9:7d:
                    a5:3c:ed:a1:e1:1e:08:e9:b6:8c:a6:61:77:d2:6f:
                    45:a2:7f:ba:66:04:dd:49:64:08:74:2d:8d:a1:95:
                    31:d7:e4:85:77:d3:12:42:9f:90:78:b6:c2:c7:8a:
                    5c:3c:a9:09:48:ae:01:05:15:1a:e6:be:91:16:f4:
                    6b:17:22:9a:2e:2c:6d:32:a6:24:a9:73:1d:6d:6b:
                    96:91:0b:ca:d2:15:bf:ac:32:e6:83:6a:ee:5c:e1:
                    7d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:6A:A0:E5:70:3D:DA:17:89:22:1C:2A:3B:AF:1F:9D:A9:A6:C0:7C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/8dfcbd-6da3-4944-9261-574b6c70175e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/8dfcbd-6da3-4944-9261-574b6c70175e/1/j2qg5XA92heJIhwqO68fnammwHw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.100.0/22
                IPv6:
                  2a0c:2a80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204853

    Signature Algorithm: sha256WithRSAEncryption
         31:eb:07:50:7a:53:2c:e3:55:02:91:11:40:53:56:0e:c0:a7:
         a5:3f:90:51:91:4d:24:a8:4e:bd:17:47:f4:92:94:fd:88:44:
         1b:46:e2:28:5b:c6:7d:de:66:7e:62:3b:d5:37:6f:de:a8:c4:
         63:46:9f:89:10:a2:83:d4:33:2c:57:d4:f7:0f:da:48:96:2e:
         3f:51:6a:07:3b:b4:fa:fc:a8:10:eb:82:a3:95:5a:55:9e:17:
         17:24:56:9f:7f:0b:c0:a5:e0:fc:eb:ac:78:4f:f0:44:ed:f2:
         66:82:43:3d:17:b1:bb:c7:48:b0:28:51:55:dc:bb:ee:05:7d:
         c0:41:74:95:b9:a8:05:71:f4:c2:60:06:1a:a8:01:c3:a2:9d:
         15:af:67:1b:ee:b1:5e:75:46:f2:b9:ed:a5:1b:7a:e8:12:9b:
         c7:f2:27:77:c2:2c:d2:25:ce:0b:00:3e:a6:d2:b2:d9:94:ac:
         2b:c0:07:48:c3:28:3d:a7:d3:fe:cd:b4:3f:50:1e:d6:a3:3a:
         8e:ad:0f:8e:b6:d5:48:4b:0f:d1:b0:a4:81:3c:91:d4:99:e3:
         c2:38:97:1c:3b:6b:68:dd:91:c4:70:c6:6d:83:90:67:59:1a:
         bd:d6:62:89:f8:84:e3:2c:61:55:2e:70:fc:e6:3e:b3:d5:96:
         d8:8b:ab:26
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgIGAKmNQHdUMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTQ1ODMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg4ZjZhYTBlNTcw
M2RkYTE3ODkyMjFjMmEzYmFmMWY5ZGE5YTZjMDdjMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEArb8L6iLzm6jDM3/WgFWaMZWJswjaZhuNUbVsWsSwRZAx
suRvKIRkXOC+q/Pa86v+hrjbGCjMGmiVGUWIxuyLqaa0u0yK50SAwGfZ4wL1+4hP
jM5CwwPyaTWFpbONpqZXpKzWGi0H75xk7g+C+VZsZeqQEOtaBQqHeaZr7rFxJ2AI
GyxmJtVty8WGpMyQBi9ysVQaSH2anles0B4ToftQsJlF6X2lPO2h4R4I6baMpmF3
0m9Fon+6ZgTdSWQIdC2NoZUx1+SFd9MSQp+QeLbCx4pcPKkJSK4BBRUa5r6RFvRr
FyKaLixtMqYkqXMdbWuWkQvK0hW/rDLmg2ruXOF9bwIDAQABo4ICrzCCAqswHQYD
VR0OBBYEFI9qoOVwPdoXiSIcKjuvH52ppsB8MB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg5LzhkZmNiZC02ZGEzLTQ5NDQt
OTI2MS01NzRiNmM3MDE3NWUvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODkvOGRmY2JkLTZkYTMtNDk0NC05
MjYxLTU3NGI2YzcwMTc1ZS8xL2oycWc1WEE5MmhlSklod3FPNjhmbmFtbXdIdy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAM
BAIAATAGAwQCue5kMA0EAgACMAcDBQMqDCqAMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMgNTANBgkqhkiG9w0BAQsFAAOCAQEAMesHUHpTLONVApERQFNWDsCnpT+Q
UZFNJKhOvRdH9JKU/YhEG0biKFvGfd5mfmI71Tdv3qjEY0afiRCig9QzLFfU9w/a
SJYuP1FqBzu0+vyoEOuCo5VaVZ4XFyRWn38LwKXg/OuseE/wRO3yZoJDPRexu8dI
sChRVdy77gV9wEF0lbmoBXH0wmAGGqgBw6KdFa9nG+6xXnVG8rntpRt66BKbx/In
d8Is0iXOCwA+ptKy2ZSsK8AHSMMoPafT/s20P1Ae1qM6jq0PjrbVSEsP0bCkgTyR
1JnjwjiXHDtraN2RxHDGbYOQZ1kavdZiifiE4yxhVS5w/OY+s9WW2IurJg==
-----END CERTIFICATE-----