Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/oAlJlvS8h5ldINKiotyEOq1ORzg.cer
File:                     oAlJlvS8h5ldINKiotyEOq1ORzg.cer (raw, json)
Hash identifier:          k9CvZQf1HZbeyn57Cw1AZUU83nOSNs/nfbHdm5IVWKA=
Subject key identifier:   A0:09:49:96:F4:BC:87:99:5D:20:D2:A2:A2:DC:84:3A:AD:4E:47:38
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0186BC443EFAB5AF3D095FFBDFC204F6DACB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9a/13dc12-fcfa-498e-9f0d-e9ddb8d1c453/1/oAlJlvS8h5ldINKiotyEOq1ORzg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9a/13dc12-fcfa-498e-9f0d-e9ddb8d1c453/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 07 Mar 2023 13:30:34 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 208124
                          IP: 91.209.161.0/24
                          IP: 2a12:8840::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bc:44:3e:fa:b5:af:3d:09:5f:fb:df:c2:04:f6:da:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar  7 13:30:34 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a0094996f4bc87995d20d2a2a2dc843aad4e4738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a5:83:30:a0:6e:bf:c6:c4:91:cd:a1:64:92:
                    48:c5:e1:0a:ce:e5:13:27:bf:f4:a2:78:25:e5:d6:
                    18:92:ba:d6:27:08:b1:06:ac:cd:f7:40:d7:80:55:
                    a7:d5:2b:6d:df:0a:42:87:9b:ac:04:ae:25:dd:2c:
                    6e:da:6f:9e:e9:3d:21:7a:5f:ee:fc:dc:5d:0c:fc:
                    3f:37:ab:d7:05:f6:41:9f:4f:07:33:c9:39:aa:2a:
                    82:b7:99:3e:4f:04:6f:e6:ce:e9:4e:56:1b:1a:4a:
                    a1:ed:97:da:30:22:d2:bd:fb:9f:68:60:95:9d:12:
                    a1:51:4c:44:4f:d8:bb:43:e4:56:08:75:ea:66:5c:
                    62:51:e0:d7:7c:35:8e:7c:20:f2:61:29:3e:00:eb:
                    dc:4b:b1:fa:99:54:ef:83:fd:28:93:01:a4:1e:db:
                    6e:19:3f:91:b2:e8:a5:bd:5c:4d:7b:c9:dd:f2:b7:
                    88:9c:20:da:26:21:84:22:3b:6a:d2:14:f6:d5:88:
                    60:81:67:4b:14:5f:05:8e:5e:8d:f3:12:3b:d3:31:
                    63:29:46:15:1d:46:7b:13:07:7b:fc:7a:51:f5:d5:
                    80:9e:f7:08:0f:c1:5c:c3:6c:23:bc:c2:93:c1:8e:
                    d6:42:a6:11:9a:29:17:27:a9:f6:39:b3:75:2d:a5:
                    4b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:09:49:96:F4:BC:87:99:5D:20:D2:A2:A2:DC:84:3A:AD:4E:47:38
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/13dc12-fcfa-498e-9f0d-e9ddb8d1c453/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/13dc12-fcfa-498e-9f0d-e9ddb8d1c453/1/oAlJlvS8h5ldINKiotyEOq1ORzg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.161.0/24
                IPv6:
                  2a12:8840::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208124

    Signature Algorithm: sha256WithRSAEncryption
         08:5d:e8:4a:95:78:a1:05:01:0d:9a:bc:b7:6b:4b:74:e5:19:
         25:5f:1c:75:e6:80:fa:f2:f9:f3:fc:49:7a:33:74:c1:69:ae:
         0d:7c:9d:8b:97:9c:82:11:92:9e:73:1f:ef:80:3d:e2:65:63:
         ae:bb:ab:a3:20:95:cc:fa:ca:67:c8:28:96:37:56:e5:88:99:
         48:a8:9b:7e:fb:18:da:93:3a:e5:f8:cf:9e:a2:bc:db:1c:92:
         8d:8e:20:cd:d7:d7:7b:7d:51:c3:c7:85:32:85:0e:fc:24:75:
         40:36:c8:a9:74:b1:76:4f:03:5d:e8:09:47:d4:8a:a2:4d:4a:
         99:f5:2b:e8:11:b0:61:12:37:f0:eb:dc:55:5d:68:98:01:2d:
         df:51:b0:db:cd:12:38:d9:94:09:1c:6e:bd:52:a0:97:e8:29:
         f6:a8:21:e8:af:b8:6b:51:fc:8f:c2:7b:53:1e:6b:4b:2b:dc:
         99:d7:db:46:4f:90:c2:33:6a:7c:f0:68:07:a4:26:32:f7:1c:
         e0:e4:d6:b6:90:a9:fc:c8:8b:42:88:64:1a:b8:b2:da:69:23:
         d6:6b:00:70:a8:ac:92:69:63:d2:34:17:44:99:ac:fa:07:f1:
         01:9d:31:a2:2a:97:20:a9:88:2b:de:3c:62:7e:34:67:8d:7a:
         9e:08:b1:61
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAYa8RD76ta89CV/738IE9trLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMzA3MTMzMDM0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDA5NDk5NmY0YmM4Nzk5NWQyMGQyYTJhMmRjODQzYWFkNGU0NzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qWDMKBuv8bEkc2hZJJIxeEKzuUT
J7/0ongl5dYYkrrWJwixBqzN90DXgFWn1Stt3wpCh5usBK4l3Sxu2m+e6T0hel/u
/NxdDPw/N6vXBfZBn08HM8k5qiqCt5k+TwRv5s7pTlYbGkqh7ZfaMCLSvfufaGCV
nRKhUUxET9i7Q+RWCHXqZlxiUeDXfDWOfCDyYSk+AOvcS7H6mVTvg/0okwGkHttu
GT+RsuilvVxNe8nd8reInCDaJiGEIjtq0hT21YhggWdLFF8Fjl6N8xI70zFjKUYV
HUZ7Ewd7/HpR9dWAnvcID8Fcw2wjvMKTwY7WQqYRmikXJ6n2ObN1LaVLswIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFKAJSZb0vIeZXSDSoqLchDqtTkc4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlhLzEzZGMx
Mi1mY2ZhLTQ5OGUtOWYwZC1lOWRkYjhkMWM0NTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWEvMTNkYzEy
LWZjZmEtNDk4ZS05ZjBkLWU5ZGRiOGQxYzQ1My8xL29BbEpsdlM4aDVsZElOS2lv
dHlFT3ExT1J6Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAW9GhMA0EAgACMAcDBQMqEohAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMs/DANBgkqhkiG9w0BAQsFAAOCAQEACF3oSpV4oQUB
DZq8t2tLdOUZJV8cdeaA+vL58/xJejN0wWmuDXydi5ecghGSnnMf74A94mVjrrur
oyCVzPrKZ8goljdW5YiZSKibfvsY2pM65fjPnqK82xySjY4gzdfXe31Rw8eFMoUO
/CR1QDbIqXSxdk8DXegJR9SKok1KmfUr6BGwYRI38OvcVV1omAEt31Gw280SONmU
CRxuvVKgl+gp9qgh6K+4a1H8j8J7Ux5rSyvcmdfbRk+QwjNqfPBoB6QmMvcc4OTW
tpCp/MiLQohkGriy2mkj1msAcKiskmlj0jQXRJms+gfxAZ0xoiqXIKmIK948Yn40
Z416ngixYQ==
-----END CERTIFICATE-----