Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qEJnkLn6ZwnJd7fF5RUrqr2gf8c.cer
File:                     qEJnkLn6ZwnJd7fF5RUrqr2gf8c.cer (raw, json)
Hash identifier:          SK0J7qDC31RzMVeDhRWo+bBxuYvbaIVCGeK0NSOqWyg=
Subject key identifier:   A8:42:67:90:B9:FA:67:09:C9:77:B7:C5:E5:15:2B:AA:BD:A0:7F:C7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0187E70B89C0D29222EFC984D6B7653E1F5E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7d/470ab7-760d-4729-8dc9-651d2a7617f5/1/qEJnkLn6ZwnJd7fF5RUrqr2gf8c.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7d/470ab7-760d-4729-8dc9-651d2a7617f5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 04 May 2023 13:55:05 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 60943
                          IP: 193.160.240.0/22
                          IP: 2a0c:dac0::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e7:0b:89:c0:d2:92:22:ef:c9:84:d6:b7:65:3e:1f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May  4 13:55:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8426790b9fa6709c977b7c5e5152baabda07fc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:35:fe:37:ac:ee:55:66:5d:e4:ba:58:9d:d8:
                    20:d5:c2:3c:5d:bb:c5:5e:69:86:77:dd:29:ce:1d:
                    c0:9f:1a:9d:48:7b:12:f0:d0:0c:32:69:5e:43:81:
                    6e:77:13:ae:0c:d2:71:1e:f4:74:1c:04:12:74:6c:
                    e1:83:5f:52:66:e9:18:1f:6d:04:14:13:ca:f3:53:
                    43:56:84:0e:54:69:f7:5f:6b:c0:03:2e:bf:01:69:
                    8c:2f:7e:c4:1e:9b:99:89:12:71:7c:dc:a5:05:8c:
                    ae:ef:cd:22:94:b5:0e:c8:8f:b4:1c:cc:8c:6e:5b:
                    7c:48:dd:1f:f7:4f:f1:db:cf:f4:43:01:fa:1b:88:
                    4e:d8:08:21:ad:f9:da:d9:65:09:34:8e:8d:da:76:
                    18:12:53:6b:78:a7:1e:60:eb:14:6d:01:f6:73:7c:
                    92:21:a0:7d:46:50:fa:b7:99:cf:5a:bc:1c:09:fb:
                    fc:69:b6:9e:7e:01:a6:c3:f0:8d:b5:5c:20:a7:c3:
                    87:0f:dc:70:fb:43:cc:90:51:2d:b6:14:e4:e1:bd:
                    46:b5:79:61:74:c4:4f:32:af:4e:46:bd:f1:b6:75:
                    63:d9:15:c4:cf:7c:f5:a7:07:4a:ba:7a:ad:0d:d1:
                    6a:0f:7d:21:4d:dc:1a:3a:8b:c6:7f:42:1e:a9:9f:
                    ab:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:42:67:90:B9:FA:67:09:C9:77:B7:C5:E5:15:2B:AA:BD:A0:7F:C7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/470ab7-760d-4729-8dc9-651d2a7617f5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/470ab7-760d-4729-8dc9-651d2a7617f5/1/qEJnkLn6ZwnJd7fF5RUrqr2gf8c.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.240.0/22
                IPv6:
                  2a0c:dac0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  60943

    Signature Algorithm: sha256WithRSAEncryption
         29:3e:3d:24:a6:7c:e4:db:6f:ab:e5:ed:b6:a9:f7:6f:82:83:
         31:c8:89:aa:a4:97:c8:6c:c5:c0:ab:16:12:67:e0:0e:ed:b9:
         e0:2c:02:59:18:0d:cd:58:1c:6b:b0:67:52:7f:e1:47:c9:c8:
         57:f6:47:ac:e5:a2:4b:d6:01:ae:b6:a6:55:e9:f4:25:0e:e3:
         a6:2e:be:fe:97:6f:91:1c:89:3c:78:8b:d3:8b:d0:e5:7f:b3:
         36:3a:6e:1e:7e:6c:43:55:46:a9:53:ab:a1:93:1f:57:43:13:
         68:f4:0e:59:ac:66:92:e2:cb:64:6c:5d:89:b8:02:f0:47:93:
         af:75:f2:0f:04:22:5d:66:bf:4e:9c:40:1d:70:17:8d:36:c0:
         12:8c:84:d8:91:43:c1:d0:a9:07:88:00:f5:ae:c8:1c:84:74:
         63:01:a6:9f:e9:3e:1c:cc:08:a1:00:75:26:61:d8:2a:14:a9:
         cb:11:31:33:d9:98:a2:3f:53:22:80:f9:4f:46:62:d6:a3:96:
         0a:c7:bf:1f:c2:18:ce:82:56:22:19:89:4a:e2:8d:2b:3d:97:
         47:de:28:b3:7e:92:99:f5:d8:26:70:3b:39:f5:01:cf:ad:45:
         7c:90:44:ae:21:9a:b7:ed:e7:22:f6:21:c2:26:d4:bd:16:ea:
         3a:3d:91:3f
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAYfnC4nA0pIi78mE1rdlPh9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwNTA0MTM1NTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQyNjc5MGI5ZmE2NzA5Yzk3N2I3YzVlNTE1MmJhYWJkYTA3ZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjX+N6zuVWZd5LpYndgg1cI8XbvF
XmmGd90pzh3AnxqdSHsS8NAMMmleQ4FudxOuDNJxHvR0HAQSdGzhg19SZukYH20E
FBPK81NDVoQOVGn3X2vAAy6/AWmML37EHpuZiRJxfNylBYyu780ilLUOyI+0HMyM
blt8SN0f90/x28/0QwH6G4hO2Aghrfna2WUJNI6N2nYYElNreKceYOsUbQH2c3yS
IaB9RlD6t5nPWrwcCfv8abaefgGmw/CNtVwgp8OHD9xw+0PMkFEtthTk4b1GtXlh
dMRPMq9ORr3xtnVj2RXEz3z1pwdKunqtDdFqD30hTdwaOovGf0IeqZ+rLwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFKhCZ5C5+mcJyXe3xeUVK6q9oH/HMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdkLzQ3MGFi
Ny03NjBkLTQ3MjktOGRjOS02NTFkMmE3NjE3ZjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2QvNDcwYWI3
LTc2MGQtNDcyOS04ZGM5LTY1MWQyYTc2MTdmNS8xL3FFSm5rTG42WnduSmQ3ZkY1
UlVycXIyZ2Y4Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCwaDwMA0EAgACMAcDBQMqDNrAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDuDzANBgkqhkiG9w0BAQsFAAOCAQEAKT49JKZ85Ntv
q+Xttqn3b4KDMciJqqSXyGzFwKsWEmfgDu254CwCWRgNzVgca7BnUn/hR8nIV/ZH
rOWiS9YBrramVen0JQ7jpi6+/pdvkRyJPHiL04vQ5X+zNjpuHn5sQ1VGqVOroZMf
V0MTaPQOWaxmkuLLZGxdibgC8EeTr3XyDwQiXWa/TpxAHXAXjTbAEoyE2JFDwdCp
B4gA9a7IHIR0YwGmn+k+HMwIoQB1JmHYKhSpyxExM9mYoj9TIoD5T0Zi1qOWCse/
H8IYzoJWIhmJSuKNKz2XR94os36SmfXYJnA7OfUBz61FfJBEriGat+3nIvYhwibU
vRbqOj2RPw==
-----END CERTIFICATE-----