Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tw5BThm3o1QYozoa-ezK0W4j6N8.cer
File:                     tw5BThm3o1QYozoa-ezK0W4j6N8.cer (raw, json)
Hash identifier:          2NE/q6Bw6qPgJXEqSEV4gZA5NftfhbykMb9qJm4KzlM=
Subject key identifier:   B7:0E:41:4E:19:B7:A3:54:18:A3:3A:1A:F9:EC:CA:D1:6E:23:E8:DF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A753F11CFF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/26/167b5f-2d68-46c8-90f5-9ed2f166feae/1/tw5BThm3o1QYozoa-ezK0W4j6N8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/26/167b5f-2d68-46c8-90f5-9ed2f166feae/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 12:58:34 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 58208
                          IP: 5.42.152.0/21
                          IP: 185.118.68.0/22
                          IP: 2a01:45c0::/29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 718667848959 (0xa753f11cff)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:58:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b70e414e19b7a35418a33a1af9eccad16e23e8df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a1:04:b5:4f:fe:12:7f:1b:46:cf:4d:a9:02:
                    ea:e6:43:9e:73:b5:06:1f:76:c6:81:5b:19:86:d1:
                    ad:53:6f:c8:65:c6:d4:2f:37:30:be:61:33:60:c9:
                    d1:e6:19:12:26:cd:66:f6:81:79:ea:9f:94:a3:24:
                    16:31:ba:4e:5f:30:f2:a2:e8:98:58:0d:b4:a5:d9:
                    31:3e:a0:4e:bb:91:55:e0:45:c9:74:a6:5f:6e:8b:
                    a8:ce:5c:1b:8e:02:82:bd:5b:20:e7:32:39:cc:4a:
                    dc:80:e5:60:9a:aa:e6:9c:38:5d:5f:02:ab:fa:ab:
                    21:1b:01:4c:c7:8c:3b:1f:7c:28:36:4a:e4:5c:59:
                    af:e4:53:09:ba:07:64:46:ec:6b:c7:fb:05:a1:a9:
                    55:6a:4a:59:41:bb:f4:7e:7a:07:88:16:25:53:24:
                    ca:4b:67:10:12:63:83:d6:d3:f6:7f:8a:51:49:60:
                    e5:b8:a6:4a:67:05:dc:1d:4d:c5:a0:ef:cb:21:4b:
                    c3:27:0d:4b:70:32:92:3b:57:cd:4a:60:42:c0:1b:
                    1c:5e:9a:50:ec:72:70:61:99:11:38:14:95:e2:78:
                    72:75:ec:76:a6:a5:85:68:a9:23:60:a9:ca:1f:e5:
                    50:b8:29:01:60:0b:25:55:e9:9c:d6:a6:f2:c0:0d:
                    33:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:0E:41:4E:19:B7:A3:54:18:A3:3A:1A:F9:EC:CA:D1:6E:23:E8:DF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/167b5f-2d68-46c8-90f5-9ed2f166feae/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/167b5f-2d68-46c8-90f5-9ed2f166feae/1/tw5BThm3o1QYozoa-ezK0W4j6N8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.152.0/21
                  185.118.68.0/22
                IPv6:
                  2a01:45c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  58208

    Signature Algorithm: sha256WithRSAEncryption
         6e:d2:0e:6d:4f:8a:32:67:41:e1:25:17:58:4f:c2:2c:16:7b:
         91:57:8d:da:b4:07:02:b6:1c:49:8f:2e:94:7b:48:91:ee:53:
         cd:d6:e6:bd:a6:48:f1:17:b7:75:10:df:6b:b8:60:b6:66:89:
         48:66:07:48:e2:1e:53:94:ff:b8:d7:72:3a:03:b1:d0:dc:8b:
         38:e4:11:ac:ff:d2:3f:75:b2:b7:91:9d:d7:bd:39:81:b4:f2:
         36:b6:c6:b8:b9:54:cd:ac:4d:fd:c9:77:3d:80:e2:07:32:ad:
         0e:4e:d8:96:0e:df:60:15:da:b2:8e:9d:a5:db:7a:e4:e1:68:
         af:66:36:35:51:49:82:c0:3f:cf:b1:46:63:d0:c8:c1:6d:6f:
         b1:1d:73:05:b6:e7:3f:da:cb:3f:f6:d6:1a:fe:9c:14:58:c0:
         b2:60:60:23:5b:b6:2f:e9:63:40:9d:38:d4:4f:19:e4:0c:34:
         0a:55:06:ef:bb:6f:dc:0a:03:f9:5c:a6:39:4b:17:9b:94:8d:
         c3:43:58:c1:a1:cb:ad:63:fd:7c:11:c2:bf:f0:62:17:04:53:
         cb:dd:01:c7:e6:7f:12:e1:af:14:dd:99:82:2e:e6:fe:18:b4:
         3f:a4:76:d4:d8:b5:d7:ab:a0:7f:0a:11:4f:7f:26:18:2e:3e:
         8d:83:09:71
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIGAKdT8Rz/MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTI1ODM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhiNzBlNDE0ZTE5
YjdhMzU0MThhMzNhMWFmOWVjY2FkMTZlMjNlOGRmMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0KEEtU/+En8bRs9NqQLq5kOec7UGH3bGgVsZhtGtU2/I
ZcbULzcwvmEzYMnR5hkSJs1m9oF56p+UoyQWMbpOXzDyouiYWA20pdkxPqBOu5FV
4EXJdKZfbouozlwbjgKCvVsg5zI5zErcgOVgmqrmnDhdXwKr+qshGwFMx4w7H3wo
NkrkXFmv5FMJugdkRuxrx/sFoalVakpZQbv0fnoHiBYlUyTKS2cQEmOD1tP2f4pR
SWDluKZKZwXcHU3FoO/LIUvDJw1LcDKSO1fNSmBCwBscXppQ7HJwYZkROBSV4nhy
dex2pqWFaKkjYKnKH+VQuCkBYAslVemc1qbywA0zUwIDAQABo4ICtTCCArEwHQYD
VR0OBBYEFLcOQU4Zt6NUGKM6GvnsytFuI+jfMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI2LzE2N2I1Zi0yZDY4LTQ2Yzgt
OTBmNS05ZWQyZjE2NmZlYWUvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvMTY3YjVmLTJkNjgtNDZjOC05
MGY1LTllZDJmMTY2ZmVhZS8xL3R3NUJUaG0zbzFRWW96b2EtZXpLMFc0ajZOOC5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAS
BAIAATAMAwQDBSqYAwQCuXZEMA0EAgACMAcDBQMqAUXAMBoGCCsGAQUFBwEIAQH/
BAswCaAHMAUCAwDjYDANBgkqhkiG9w0BAQsFAAOCAQEAbtIObU+KMmdB4SUXWE/C
LBZ7kVeN2rQHArYcSY8ulHtIke5TzdbmvaZI8Re3dRDfa7hgtmaJSGYHSOIeU5T/
uNdyOgOx0NyLOOQRrP/SP3Wyt5Gd1705gbTyNrbGuLlUzaxN/cl3PYDiBzKtDk7Y
lg7fYBXaso6dpdt65OFor2Y2NVFJgsA/z7FGY9DIwW1vsR1zBbbnP9rLP/bWGv6c
FFjAsmBgI1u2L+ljQJ041E8Z5Aw0ClUG77tv3AoD+VymOUsXm5SNw0NYwaHLrWP9
fBHCv/BiFwRTy90Bx+Z/EuGvFN2Zgi7m/hi0P6R21Ni116ugfwoRT38mGC4+jYMJ
cQ==
-----END CERTIFICATE-----