Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/s2eBmiAMrQtT0YAzFLUQcS4Nn0c.cer
File:                     s2eBmiAMrQtT0YAzFLUQcS4Nn0c.cer (raw, json)
Hash identifier:          Zd1SmLoF+nKdUl3sju4yDrkekpR2Au/WNwJ9DM99O08=
Subject key identifier:   B3:67:81:9A:20:0C:AD:0B:53:D1:80:33:14:B5:10:71:2E:0D:9F:47
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A8FA5C0B64
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d1/0d7934-5df2-4321-adbb-6374c8f68ee1/1/s2eBmiAMrQtT0YAzFLUQcS4Nn0c.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d1/0d7934-5df2-4321-adbb-6374c8f68ee1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 14:06:26 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 57968
                          IP: 91.198.251.0/24
                          IP: 195.47.234.0/24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 725754841956 (0xa8fa5c0b64)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:06:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b367819a200cad0b53d1803314b510712e0d9f47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:70:89:a3:05:69:ff:06:f3:74:e1:84:5a:14:
                    c2:cc:e1:49:72:cf:69:de:09:de:7f:17:5e:a7:72:
                    06:11:68:a6:1f:2b:46:92:03:38:a0:6b:a7:ca:f2:
                    b7:33:aa:29:1f:fe:dc:2f:4b:85:bd:4d:70:ce:f4:
                    e7:3f:72:5e:65:61:7a:37:29:a0:8d:1a:3c:8b:e3:
                    58:01:ba:cb:c7:e9:6c:42:31:0d:ab:41:86:ef:c7:
                    4a:ce:12:1a:62:22:b7:e1:1c:aa:01:6f:19:ea:ef:
                    6b:67:bd:2c:c9:1a:c3:c9:de:a3:66:68:f6:fd:cb:
                    72:91:5d:34:a3:94:2c:8d:97:5b:dc:ce:4b:a2:99:
                    d4:51:f2:49:a7:05:c8:e6:3f:8f:bd:61:23:95:fc:
                    ed:a3:a1:da:08:a2:7e:81:12:f5:06:77:ba:90:c2:
                    4f:11:4b:a4:fe:75:24:0b:2c:c1:31:52:56:cd:30:
                    a3:d4:22:6f:a7:f0:7e:98:3b:63:92:30:fd:16:88:
                    27:3f:38:cb:3a:b8:67:e8:14:41:3d:69:1b:1b:39:
                    94:a4:0b:00:b5:4e:96:cb:48:43:9b:ba:00:e9:22:
                    55:12:86:d7:95:56:93:94:1c:fc:7f:1c:f5:c7:7d:
                    61:71:f6:ac:7c:cb:56:ad:1d:ce:72:62:2d:f0:f9:
                    50:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:67:81:9A:20:0C:AD:0B:53:D1:80:33:14:B5:10:71:2E:0D:9F:47
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0d7934-5df2-4321-adbb-6374c8f68ee1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0d7934-5df2-4321-adbb-6374c8f68ee1/1/s2eBmiAMrQtT0YAzFLUQcS4Nn0c.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.251.0/24
                  195.47.234.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57968

    Signature Algorithm: sha256WithRSAEncryption
         13:44:ed:18:c8:13:d4:b0:97:02:fb:b8:36:4c:9d:4e:0d:f2:
         68:2a:f8:c7:7b:5b:bb:ee:e6:60:6b:44:3a:bf:c4:7c:40:57:
         bd:6f:46:eb:9c:f4:4d:92:31:9f:5a:95:10:b1:68:ce:e7:01:
         51:24:51:7f:a7:27:87:b9:69:11:99:7e:3f:ce:42:ec:fa:e1:
         16:15:cd:f2:6d:94:aa:e6:e8:c9:87:8f:18:3b:aa:55:e5:b6:
         55:e8:af:21:7b:3e:df:80:c5:4b:ed:73:e4:26:96:92:bb:8c:
         23:a5:88:b7:0c:e5:3a:4d:72:52:f4:23:45:27:47:71:14:8d:
         3f:f9:c2:6b:f7:13:fe:64:22:65:55:64:41:c8:60:c9:0b:0c:
         1e:09:65:32:e3:58:92:3d:de:aa:a0:b8:83:6a:d0:2e:a4:19:
         f3:92:a8:a9:72:2b:1d:4d:a3:30:8a:7d:87:09:b5:ed:36:c9:
         64:a8:9c:fd:ad:ec:d5:12:66:1c:00:8d:40:a4:bc:db:86:38:
         fb:9a:2c:a3:f0:a8:31:c3:b7:fd:3a:f5:3f:cb:97:cd:9c:f3:
         7c:c3:82:b7:ce:f1:9c:a9:3d:7f:2a:ef:e6:a3:dd:a9:3b:a4:
         ba:15:35:49:7a:36:5d:df:e5:a6:8f:d5:31:17:25:44:40:3c:
         03:5c:8a:aa
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIGAKj6XAtkMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTQwNjI2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhiMzY3ODE5YTIw
MGNhZDBiNTNkMTgwMzMxNGI1MTA3MTJlMGQ5ZjQ3MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAuXCJowVp/wbzdOGEWhTCzOFJcs9p3gnefxdep3IGEWim
HytGkgM4oGunyvK3M6opH/7cL0uFvU1wzvTnP3JeZWF6NymgjRo8i+NYAbrLx+ls
QjENq0GG78dKzhIaYiK34RyqAW8Z6u9rZ70syRrDyd6jZmj2/ctykV00o5QsjZdb
3M5LopnUUfJJpwXI5j+PvWEjlfzto6HaCKJ+gRL1Bne6kMJPEUuk/nUkCyzBMVJW
zTCj1CJvp/B+mDtjkjD9FognPzjLOrhn6BRBPWkbGzmUpAsAtU6Wy0hDm7oA6SJV
EobXlVaTlBz8fxz1x31hcfasfMtWrR3OcmIt8PlQHwIDAQABo4ICpjCCAqIwHQYD
VR0OBBYEFLNngZogDK0LU9GAMxS1EHEuDZ9HMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QxLzBkNzkzNC01ZGYyLTQzMjEt
YWRiYi02Mzc0YzhmNjhlZTEvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEvMGQ3OTM0LTVkZjItNDMyMS1h
ZGJiLTYzNzRjOGY2OGVlMS8xL3MyZUJtaUFNclF0VDBZQXpGTFVRY1M0Tm4wYy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQAW8b7AwQAwy/qMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwDicDAN
BgkqhkiG9w0BAQsFAAOCAQEAE0TtGMgT1LCXAvu4NkydTg3yaCr4x3tbu+7mYGtE
Or/EfEBXvW9G65z0TZIxn1qVELFozucBUSRRf6cnh7lpEZl+P85C7PrhFhXN8m2U
quboyYePGDuqVeW2VeivIXs+34DFS+1z5CaWkruMI6WItwzlOk1yUvQjRSdHcRSN
P/nCa/cT/mQiZVVkQchgyQsMHgllMuNYkj3eqqC4g2rQLqQZ85KoqXIrHU2jMIp9
hwm17TbJZKic/a3s1RJmHACNQKS824Y4+5oso/CoMcO3/Tr1P8uXzZzzfMOCt87x
nKk9fyrv5qPdqTukuhU1SXo2Xd/lpo/VMRclREA8A1yKqg==
-----END CERTIFICATE-----