Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/r-e3M3bkBJ4HGvrFK_294cxwhec.cer
File:                     r-e3M3bkBJ4HGvrFK_294cxwhec.cer (raw, json)
Hash identifier:          VjgeUPbLNEcA1np7lPxSrVzFXb2zDAm4f9GhOCtZV5Q=
Subject key identifier:   AF:E7:B7:33:76:E4:04:9E:07:1A:FA:C5:2B:FD:BD:E1:CC:70:85:E7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A1B1782D08
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e4/f62ad6-6f37-4ca1-86a2-68b336484ae6/1/r-e3M3bkBJ4HGvrFK_294cxwhec.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e4/f62ad6-6f37-4ca1-86a2-68b336484ae6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 07:59:10 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 57620
                          IP: 195.234.52.0/24
                          IP: 195.234.130.0/24
                          IP: 195.234.140.0/24
                          IP: 195.234.143.0/24
                          IP: 2a0f:bec0::/32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 694467177736 (0xa1b1782d08)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:59:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=afe7b73376e4049e071afac52bfdbde1cc7085e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:24:96:d2:2f:49:14:fd:8f:f1:d7:21:41:83:
                    4d:1d:b5:53:2d:e6:5e:4e:fa:0b:e3:73:5b:94:c4:
                    3c:dd:63:78:68:57:3d:6e:d8:c8:e9:26:e0:35:b2:
                    87:14:64:d4:d4:f5:65:84:67:91:2f:6a:90:23:ac:
                    91:a6:b6:ef:1a:29:fe:ce:9d:ef:45:df:fc:4b:a2:
                    88:b8:e0:e1:cd:90:46:25:e1:bc:f4:2f:ba:ce:b1:
                    8c:ff:0e:29:f3:78:51:2d:a3:f2:c1:ee:ef:d5:a1:
                    61:99:82:46:7f:c6:78:5f:31:58:d0:e4:6e:e8:fd:
                    25:b3:be:5f:92:6a:74:d6:dc:a3:08:84:bf:42:ff:
                    75:51:0c:27:c4:36:ef:a4:43:96:ed:98:b0:af:4a:
                    63:5e:92:2a:ea:e0:3d:2b:60:cb:c6:3f:a4:76:76:
                    5f:5b:ea:0a:ef:4d:ba:c9:98:59:96:02:0b:f7:ab:
                    b3:14:bd:b6:06:d3:5f:8a:b7:be:93:03:27:76:df:
                    e8:8d:21:52:5d:93:31:4c:e6:9e:05:25:80:40:ba:
                    ee:89:43:34:2f:d4:6d:3a:1d:9e:d0:c3:2b:48:0b:
                    47:44:a4:eb:f4:bf:aa:f8:e9:6f:8b:02:02:ea:09:
                    51:c0:10:e8:69:fd:80:ab:1d:94:60:ad:36:ba:c7:
                    1d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E7:B7:33:76:E4:04:9E:07:1A:FA:C5:2B:FD:BD:E1:CC:70:85:E7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/f62ad6-6f37-4ca1-86a2-68b336484ae6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/f62ad6-6f37-4ca1-86a2-68b336484ae6/1/r-e3M3bkBJ4HGvrFK_294cxwhec.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.52.0/24
                  195.234.130.0/24
                  195.234.140.0/24
                  195.234.143.0/24
                IPv6:
                  2a0f:bec0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57620

    Signature Algorithm: sha256WithRSAEncryption
         57:93:e9:53:64:24:78:24:82:35:4a:a2:2f:b8:d8:52:e5:a9:
         d3:92:91:82:4f:37:07:55:97:ef:a4:ef:10:53:5a:63:8b:e6:
         85:66:8d:61:98:1b:ce:a6:9a:83:d5:55:7f:6e:2e:75:8e:3b:
         db:25:cc:1e:cb:e1:68:e9:ad:88:07:e6:fd:27:0b:3b:44:db:
         93:9a:95:be:98:cb:6f:65:fd:bb:08:8a:55:bb:1d:6f:63:66:
         c1:b5:1d:6c:f7:f4:e2:cc:42:37:a5:f7:8a:eb:ed:0f:4e:3c:
         f9:3c:99:a2:fe:24:8f:d2:01:89:35:32:19:e5:66:f8:67:86:
         9c:20:ab:1d:94:15:7e:80:08:f9:db:a3:d4:32:60:a2:f8:e8:
         b8:ee:ea:59:4b:24:d9:c7:08:7e:86:ca:54:36:ec:74:a3:2b:
         80:3e:cb:3e:29:1d:7c:98:23:52:d4:ea:0e:8a:35:5e:66:29:
         ca:61:79:85:df:0e:88:ac:ef:4b:d9:4a:2e:1a:01:29:19:7d:
         db:de:38:ea:1f:8d:3b:f3:31:6c:54:9f:87:04:06:ef:5f:b9:
         e8:70:5b:5a:d3:ec:1b:92:35:bb:7f:aa:34:70:0c:b9:44:43:
         d2:ac:27:81:7b:63:d9:b8:f8:ae:37:5b:dd:54:b9:61:6b:90:
         23:84:fb:6d
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgIGAKGxeC0IMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDc1OTEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhhZmU3YjczMzc2
ZTQwNDllMDcxYWZhYzUyYmZkYmRlMWNjNzA4NWU3MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsiSW0i9JFP2P8dchQYNNHbVTLeZeTvoL43NblMQ83WN4
aFc9btjI6SbgNbKHFGTU1PVlhGeRL2qQI6yRprbvGin+zp3vRd/8S6KIuODhzZBG
JeG89C+6zrGM/w4p83hRLaPywe7v1aFhmYJGf8Z4XzFY0ORu6P0ls75fkmp01tyj
CIS/Qv91UQwnxDbvpEOW7Ziwr0pjXpIq6uA9K2DLxj+kdnZfW+oK7026yZhZlgIL
96uzFL22BtNfire+kwMndt/ojSFSXZMxTOaeBSWAQLruiUM0L9RtOh2e0MMrSAtH
RKTr9L+q+OlviwIC6glRwBDoaf2Aqx2UYK02uscdjwIDAQABo4ICwTCCAr0wHQYD
VR0OBBYEFK/ntzN25ASeBxr6xSv9veHMcIXnMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U0L2Y2MmFkNi02ZjM3LTRjYTEt
ODZhMi02OGIzMzY0ODRhZTYvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvZjYyYWQ2LTZmMzctNGNhMS04
NmEyLTY4YjMzNjQ4NGFlNi8xL3ItZTNNM2JrQko0SEd2ckZLXzI5NGN4d2hlYy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAe
BAIAATAYAwQAw+o0AwQAw+qCAwQAw+qMAwQAw+qPMA0EAgACMAcDBQAqD77AMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwDhFDANBgkqhkiG9w0BAQsFAAOCAQEAV5Pp
U2QkeCSCNUqiL7jYUuWp05KRgk83B1WX76TvEFNaY4vmhWaNYZgbzqaag9VVf24u
dY472yXMHsvhaOmtiAfm/ScLO0Tbk5qVvpjLb2X9uwiKVbsdb2NmwbUdbPf04sxC
N6X3iuvtD048+TyZov4kj9IBiTUyGeVm+GeGnCCrHZQVfoAI+duj1DJgovjouO7q
WUsk2ccIfobKVDbsdKMrgD7LPikdfJgjUtTqDoo1XmYpymF5hd8OiKzvS9lKLhoB
KRl929446h+NO/MxbFSfhwQG71+56HBbWtPsG5I1u3+qNHAMuURD0qwngXtj2bj4
rjdb3VS5YWuQI4T7bQ==
-----END CERTIFICATE-----