Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kPv1RnIOmTXwVpXwRwwHs76iYOQ.cer
File:                     kPv1RnIOmTXwVpXwRwwHs76iYOQ.cer (raw, json)
Hash identifier:          CAMQEJKj4UX9A3fYheXw8lLbYU6pIbaNhYQE3NNIy8Y=
Subject key identifier:   90:FB:F5:46:72:0E:99:35:F0:56:95:F0:47:0C:07:B3:BE:A2:60:E4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856AF4FD14A12649CF496C715A67B5E4AC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c9/430cd5-3a5d-4085-a99d-f73d2f90a972/1/kPv1RnIOmTXwVpXwRwwHs76iYOQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c9/430cd5-3a5d-4085-a99d-f73d2f90a972/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 01:31:58 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 39714
                          IP: 2a01:bfa0::/32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6a:f4:fd:14:a1:26:49:cf:49:6c:71:5a:67:b5:e4:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:31:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=90fbf546720e9935f05695f0470c07b3bea260e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:92:8b:ef:31:b6:7d:26:bc:25:70:3a:79:04:
                    15:84:40:39:0b:92:d7:83:1c:80:b8:e6:5c:90:b7:
                    a2:56:d0:de:51:bb:b1:75:fe:de:f5:d3:a1:65:0d:
                    1a:d2:cf:45:bc:8b:d5:62:69:59:44:32:b5:dd:f0:
                    c0:6e:4d:dc:6d:e3:b4:fc:e7:f1:8c:71:20:fd:8d:
                    79:77:aa:ca:aa:b2:51:50:75:51:14:59:85:da:97:
                    11:64:79:81:f5:d4:2a:be:4a:75:55:af:15:08:3e:
                    81:d2:8a:84:ee:47:e4:36:b0:95:42:96:e3:be:44:
                    ca:4b:f0:8c:71:9f:ec:42:17:9d:b8:91:6d:4d:ca:
                    2d:69:16:72:b0:c8:79:b2:7f:2c:62:12:e6:59:2e:
                    31:3c:03:80:8a:9e:bd:26:a9:23:c6:76:fb:a5:b8:
                    f7:53:65:96:9f:b2:f3:b1:78:81:11:66:19:a2:d0:
                    00:f0:d1:fe:79:14:55:d2:80:8b:6b:cb:89:95:d3:
                    06:f6:0a:57:e6:6b:27:c2:c4:ea:0d:60:e1:d7:3f:
                    17:ae:34:8b:99:50:e4:a8:2b:03:ca:a1:62:fd:91:
                    0a:0c:2e:30:9b:b5:97:c2:a6:7a:93:8b:5f:4e:0b:
                    39:87:f1:c7:e4:7d:9d:ba:15:89:6c:92:66:5d:ce:
                    bd:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:FB:F5:46:72:0E:99:35:F0:56:95:F0:47:0C:07:B3:BE:A2:60:E4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/430cd5-3a5d-4085-a99d-f73d2f90a972/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/430cd5-3a5d-4085-a99d-f73d2f90a972/1/kPv1RnIOmTXwVpXwRwwHs76iYOQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:bfa0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39714

    Signature Algorithm: sha256WithRSAEncryption
         9a:9f:2e:ea:ee:49:61:68:12:2b:ea:f0:c1:cc:cb:24:20:4a:
         2c:f1:1f:9b:1b:b1:d6:a3:92:81:d4:3a:45:06:ad:85:0e:63:
         b5:87:00:f2:7a:ab:44:88:77:d8:4f:20:a7:83:23:ee:b7:fc:
         56:57:0b:92:6f:ba:c3:50:31:c4:f6:e0:7d:4d:bb:ed:c3:c2:
         d2:9c:be:e6:94:5f:da:6c:5f:e9:df:b0:10:49:ed:10:13:c6:
         ac:0d:ae:de:7e:ef:d6:3f:50:1e:c3:78:6a:9f:ac:22:91:25:
         9a:9c:95:9b:29:9a:68:8b:a3:6b:8d:b2:d8:29:8b:24:ec:f2:
         87:82:b1:e3:3c:83:cb:69:e2:67:3c:aa:c9:e0:26:bb:dd:de:
         c7:b6:99:70:00:58:11:0e:6e:a1:33:1c:22:52:ec:73:e4:a6:
         f6:c1:df:b8:4c:35:95:90:cf:28:ec:32:4f:50:aa:fe:53:24:
         aa:e1:99:50:a4:f1:77:4d:da:70:37:da:6b:c2:da:be:87:24:
         dd:15:10:d4:76:b2:20:de:d6:38:a6:54:38:11:1e:b4:c3:15:
         e0:e7:43:3b:b0:fd:24:5f:77:2e:4d:30:73:6c:04:55:bc:8c:
         60:0d:29:8f:e9:cb:f5:68:0c:44:18:9f:8f:84:31:d3:20:c6:
         80:84:70:08
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYVq9P0UoSZJz0lscVpnteSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDEzMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGZiZjU0NjcyMGU5OTM1ZjA1Njk1ZjA0NzBjMDdiM2JlYTI2MGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpKL7zG2fSa8JXA6eQQVhEA5C5LX
gxyAuOZckLeiVtDeUbuxdf7e9dOhZQ0a0s9FvIvVYmlZRDK13fDAbk3cbeO0/Ofx
jHEg/Y15d6rKqrJRUHVRFFmF2pcRZHmB9dQqvkp1Va8VCD6B0oqE7kfkNrCVQpbj
vkTKS/CMcZ/sQheduJFtTcotaRZysMh5sn8sYhLmWS4xPAOAip69Jqkjxnb7pbj3
U2WWn7LzsXiBEWYZotAA8NH+eRRV0oCLa8uJldMG9gpX5msnwsTqDWDh1z8XrjSL
mVDkqCsDyqFi/ZEKDC4wm7WXwqZ6k4tfTgs5h/HH5H2duhWJbJJmXc69HwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFJD79UZyDpk18FaV8EcMB7O+omDkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M5LzQzMGNk
NS0zYTVkLTQwODUtYTk5ZC1mNzNkMmY5MGE5NzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzkvNDMwY2Q1
LTNhNWQtNDA4NS1hOTlkLWY3M2QyZjkwYTk3Mi8xL2tQdjFSbklPbVRYd1ZwWHdS
d3dIczc2aVlPUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUAKgG/oDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMAmyIwDQYJKoZIhvcNAQELBQADggEBAJqfLuruSWFoEivq8MHMyyQgSizxH5sb
sdajkoHUOkUGrYUOY7WHAPJ6q0SId9hPIKeDI+63/FZXC5JvusNQMcT24H1Nu+3D
wtKcvuaUX9psX+nfsBBJ7RATxqwNrt5+79Y/UB7DeGqfrCKRJZqclZspmmiLo2uN
stgpiyTs8oeCseM8g8tp4mc8qsngJrvd3se2mXAAWBEObqEzHCJS7HPkpvbB37hM
NZWQzyjsMk9Qqv5TJKrhmVCk8XdN2nA32mvC2r6HJN0VENR2siDe1jimVDgRHrTD
FeDnQzuw/SRfdy5NMHNsBFW8jGANKY/py/VoDEQYn4+EMdMgxoCEcAg=
-----END CERTIFICATE-----