Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/l0gBoMbwhBVKy6kRVMtQ3QjlosM.cer
File:                     l0gBoMbwhBVKy6kRVMtQ3QjlosM.cer (raw, json)
Hash identifier:          DVREOQ3FM8b14Rf4UYPdQ0ar5owwGwaarPjQKIlPtKU=
Subject key identifier:   97:48:01:A0:C6:F0:84:15:4A:CB:A9:11:54:CB:50:DD:08:E5:A2:C3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01857168AEF66A729E4EC758CF46DA17E906
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/12e546-0000-45ec-b19f-dcbe28294241/1/l0gBoMbwhBVKy6kRVMtQ3QjlosM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/12e546-0000-45ec-b19f-dcbe28294241/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 02 Jan 2023 07:36:04 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 201704
                          IP: 37.98.200.0/22
                          IP: 89.42.164.0/22
                          IP: 185.65.184.0/22
                          IP: 212.63.96.0/21
                          IP: 2a03:1d20::/32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:68:ae:f6:6a:72:9e:4e:c7:58:cf:46:da:17:e9:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:36:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=974801a0c6f084154acba91154cb50dd08e5a2c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2a:19:48:b2:7c:04:ce:ab:a5:29:f4:29:ce:
                    3f:02:87:cf:09:77:c1:d7:30:8d:2e:3e:6a:fe:50:
                    ab:8a:46:5c:46:cc:d4:61:84:ea:c8:51:2c:cb:0b:
                    50:eb:b8:97:9b:5a:1d:1f:81:a8:ca:bc:ee:90:10:
                    71:f5:e2:0a:c4:80:f1:31:0e:22:40:e0:56:85:ef:
                    e5:9b:1f:86:23:54:2b:90:bb:98:58:d8:48:77:f4:
                    8c:ba:57:98:a3:fb:94:f6:83:6a:69:d7:33:5c:6e:
                    4a:7b:b6:39:f2:cb:8e:a6:a3:84:a1:30:00:be:db:
                    07:1f:55:ce:e9:e6:82:7b:bc:68:60:a8:b3:9b:52:
                    43:38:c8:de:97:e9:91:f2:6b:70:6c:5c:db:a9:05:
                    d5:56:62:b0:bc:5f:3a:65:49:d5:9a:21:79:4d:5d:
                    cc:52:2d:84:48:80:ed:f1:21:4f:87:9b:61:bf:c0:
                    e1:ab:ba:7c:c5:24:e9:e9:51:3e:66:23:3f:bf:55:
                    bd:40:64:19:d7:81:fb:7c:9b:12:45:ec:b3:b5:e4:
                    38:19:40:1f:2c:7e:f4:2e:ee:94:df:62:30:c2:c4:
                    79:56:8f:13:82:57:13:85:a3:e9:26:65:50:6d:3c:
                    35:b5:27:d2:ed:83:2b:3e:97:76:5e:51:2f:4a:fb:
                    b5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:48:01:A0:C6:F0:84:15:4A:CB:A9:11:54:CB:50:DD:08:E5:A2:C3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/12e546-0000-45ec-b19f-dcbe28294241/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/12e546-0000-45ec-b19f-dcbe28294241/1/l0gBoMbwhBVKy6kRVMtQ3QjlosM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.200.0/22
                  89.42.164.0/22
                  185.65.184.0/22
                  212.63.96.0/21
                IPv6:
                  2a03:1d20::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201704

    Signature Algorithm: sha256WithRSAEncryption
         5d:86:1a:bc:8a:c7:3b:cb:a6:c0:a5:38:dc:fe:ff:2d:70:04:
         47:6f:1f:5e:62:88:2f:0c:e4:8b:f7:5c:73:7c:1b:ab:ba:6f:
         1f:7d:5d:32:d1:15:4d:1d:74:34:f0:d4:28:72:d9:52:65:fc:
         b9:1e:f6:42:1c:2a:fb:58:b9:85:4f:1a:3f:de:33:30:b0:fc:
         61:45:a0:8c:fb:a7:60:5d:9b:94:69:23:00:2a:3d:c3:37:9b:
         83:55:2f:2e:a3:a9:6c:a3:b4:7f:89:21:58:74:88:bf:5d:e9:
         3b:e2:cd:94:4f:c2:03:be:4a:ef:d0:9e:b3:cf:91:3f:8f:ab:
         d7:f0:cf:47:00:78:68:a1:58:40:f5:b2:94:2c:da:c3:03:6f:
         8a:a6:b4:f5:43:eb:6f:31:73:63:94:2d:44:ed:b0:2a:40:d0:
         db:db:c1:d0:a0:b6:ac:96:45:ae:e0:42:19:01:79:9f:43:f8:
         7e:48:70:c6:1b:a3:a7:ee:99:6c:bf:7c:24:08:42:f4:54:0c:
         c3:e0:66:1b:b0:3b:9f:8c:92:8c:dc:8a:9d:ec:5f:a8:f4:14:
         e9:75:e5:24:5d:4b:75:58:5e:7d:45:17:d7:8d:10:fd:b7:24:
         23:8a:d8:62:2e:87:30:1d:33:3f:63:b8:9b:93:06:ce:a0:92:
         44:8c:e1:67
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAYVxaK72anKeTsdYz0baF+kGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAyMDczNjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzQ4MDFhMGM2ZjA4NDE1NGFjYmE5MTE1NGNiNTBkZDA4ZTVhMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSoZSLJ8BM6rpSn0Kc4/AofPCXfB
1zCNLj5q/lCrikZcRszUYYTqyFEsywtQ67iXm1odH4GoyrzukBBx9eIKxIDxMQ4i
QOBWhe/lmx+GI1QrkLuYWNhId/SMuleYo/uU9oNqadczXG5Ke7Y58suOpqOEoTAA
vtsHH1XO6eaCe7xoYKizm1JDOMjel+mR8mtwbFzbqQXVVmKwvF86ZUnVmiF5TV3M
Ui2ESIDt8SFPh5thv8Dhq7p8xSTp6VE+ZiM/v1W9QGQZ14H7fJsSReyzteQ4GUAf
LH70Lu6U32IwwsR5Vo8TglcThaPpJmVQbTw1tSfS7YMrPpd2XlEvSvu1UQIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFJdIAaDG8IQVSsupEVTLUN0I5aLDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlLzEyZTU0
Ni0wMDAwLTQ1ZWMtYjE5Zi1kY2JlMjgyOTQyNDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvMTJlNTQ2
LTAwMDAtNDVlYy1iMTlmLWRjYmUyODI5NDI0MS8xL2wwZ0JvTWJ3aEJWS3k2a1JW
TXRRM1FqbG9zTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAGCCsGAQUF
BwEHAQH/BDEwLzAeBAIAATAYAwQCJWLIAwQCWSqkAwQCuUG4AwQD1D9gMA0EAgAC
MAcDBQAqAx0gMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMT6DANBgkqhkiG9w0B
AQsFAAOCAQEAXYYavIrHO8umwKU43P7/LXAER28fXmKILwzki/dcc3wbq7pvH31d
MtEVTR10NPDUKHLZUmX8uR72Qhwq+1i5hU8aP94zMLD8YUWgjPunYF2blGkjACo9
wzebg1UvLqOpbKO0f4khWHSIv13pO+LNlE/CA75K79Ces8+RP4+r1/DPRwB4aKFY
QPWylCzawwNviqa09UPrbzFzY5QtRO2wKkDQ29vB0KC2rJZFruBCGQF5n0P4fkhw
xhujp+6ZbL98JAhC9FQMw+BmG7A7n4ySjNyKnexfqPQU6XXlJF1LdVhefUUX140Q
/bckI4rYYi6HMB0zP2O4m5MGzqCSRIzhZw==
-----END CERTIFICATE-----