Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/uzdtDJvvawmPpjFAvMQNg9dr1Uk.cer
File:                     uzdtDJvvawmPpjFAvMQNg9dr1Uk.cer (raw, json)
Hash identifier:          3stTwAaB1UWExmu+TkWWsjo3f0LZ9ydynL3jXAxBGNU=
Subject key identifier:   BB:37:6D:0C:9B:EF:6B:09:8F:A6:31:40:BC:C4:0D:83:D7:6B:D5:49
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856FADEEBBD404D3D2B6F8F4C75B53DBE8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fd/722fe6-5f0a-49e8-abdb-caa2ad0de122/1/uzdtDJvvawmPpjFAvMQNg9dr1Uk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fd/722fe6-5f0a-49e8-abdb-caa2ad0de122/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 23:32:27 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 211130
                          AS: 211422
                          IP: 185.235.77.0/24
                          IP: 194.169.120.0/24
                          IP: 2a04:fc0::/29
                          IP: 2a0c:f3c0::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:ad:ee:bb:d4:04:d3:d2:b6:f8:f4:c7:5b:53:db:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:32:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bb376d0c9bef6b098fa63140bcc40d83d76bd549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:85:b9:2e:43:3e:1c:ac:f1:4a:b1:a0:6a:75:
                    ec:0c:5b:f7:f4:c6:23:bf:51:0d:16:00:d2:0c:42:
                    5e:97:08:b4:5d:c0:76:45:4c:dd:16:c7:25:e7:24:
                    43:ad:33:8a:73:74:2c:43:80:fe:5e:ec:b7:30:ad:
                    8f:72:4d:8f:94:c3:e7:ba:31:bc:ea:4d:47:d9:1c:
                    90:c0:e4:59:a5:e2:29:65:e8:68:81:a1:f2:e4:26:
                    81:a3:7f:f1:98:84:01:f7:6a:d0:bd:86:53:0c:4a:
                    62:e9:0c:b9:da:fe:db:53:c2:c8:90:04:cb:8c:d7:
                    7f:b3:f2:94:91:7b:ab:b2:eb:5a:e2:ce:f9:b8:26:
                    cc:64:32:ca:d9:7d:20:a3:1c:f0:b7:ee:4c:f6:13:
                    c0:8e:bb:58:fc:74:09:0d:c9:e3:8e:50:ab:19:ac:
                    ec:8d:9a:c6:9f:72:ff:61:c8:5d:04:76:dc:67:f5:
                    98:da:ca:1c:58:39:c5:7b:6a:e1:8a:64:3b:b6:07:
                    14:4c:9e:2c:f8:42:83:2e:9d:2b:9a:1f:41:ae:51:
                    f7:2d:33:b3:97:51:c2:20:08:4d:4f:e4:a3:e2:f6:
                    6a:8d:9a:34:97:d2:2d:29:ab:70:26:b8:00:57:aa:
                    89:49:e8:26:91:3a:14:51:94:56:7c:41:7e:f6:34:
                    23:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:37:6D:0C:9B:EF:6B:09:8F:A6:31:40:BC:C4:0D:83:D7:6B:D5:49
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/722fe6-5f0a-49e8-abdb-caa2ad0de122/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/722fe6-5f0a-49e8-abdb-caa2ad0de122/1/uzdtDJvvawmPpjFAvMQNg9dr1Uk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.77.0/24
                  194.169.120.0/24
                IPv6:
                  2a04:fc0::/29
                  2a0c:f3c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211130
                  211422

    Signature Algorithm: sha256WithRSAEncryption
         50:2d:78:d3:de:f6:d7:fd:c7:1b:f6:d7:7a:20:7e:31:4e:2e:
         de:a1:84:86:79:bc:8d:6e:4a:cb:73:4f:38:45:95:cf:c1:3d:
         18:d3:f0:e4:9a:e8:6b:4a:7e:6a:a9:10:bc:75:bf:66:43:77:
         14:51:0d:f4:04:0c:af:29:f7:5c:c4:3a:66:18:cb:d1:ba:f4:
         e9:00:15:d2:ee:e3:1c:e1:7f:26:42:07:d2:0a:cd:79:a9:7c:
         5a:fb:76:29:7a:dd:22:3c:d7:ac:82:4f:c5:07:6d:9d:30:41:
         0d:22:6d:6a:21:90:34:86:bc:94:2e:d6:9c:a5:02:9a:05:bc:
         6e:4d:3b:89:8f:14:2c:9a:03:2e:af:cb:eb:68:72:b0:db:f8:
         7f:19:6e:20:ca:5d:07:4b:88:ad:7c:57:aa:31:87:a5:5a:7c:
         78:b3:11:bd:75:72:5d:7d:42:1e:16:50:cd:bf:68:dd:fc:d3:
         93:fc:2d:df:e5:12:55:77:d3:8e:fe:68:07:da:dc:ea:fe:50:
         68:34:6d:d1:db:5f:52:8b:f1:15:ad:3d:9d:15:b5:16:ce:68:
         cb:16:5d:6a:e3:3b:23:e5:9c:1e:ad:9a:e5:ea:29:4f:e1:05:
         46:b2:79:ee:5a:9b:ea:4c:4b:f5:f6:13:a1:5e:6d:50:58:95:
         70:93:3a:44
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAYVvre671ATT0rb49MdbU9voMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMjMzMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjM3NmQwYzliZWY2YjA5OGZhNjMxNDBiY2M0MGQ4M2Q3NmJkNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IW5LkM+HKzxSrGganXsDFv39MYj
v1ENFgDSDEJelwi0XcB2RUzdFscl5yRDrTOKc3QsQ4D+Xuy3MK2Pck2PlMPnujG8
6k1H2RyQwORZpeIpZehogaHy5CaBo3/xmIQB92rQvYZTDEpi6Qy52v7bU8LIkATL
jNd/s/KUkXursuta4s75uCbMZDLK2X0goxzwt+5M9hPAjrtY/HQJDcnjjlCrGazs
jZrGn3L/YchdBHbcZ/WY2socWDnFe2rhimQ7tgcUTJ4s+EKDLp0rmh9BrlH3LTOz
l1HCIAhNT+Sj4vZqjZo0l9ItKatwJrgAV6qJSegmkToUUZRWfEF+9jQjwwIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFLs3bQyb72sJj6YxQLzEDYPXa9VJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZkLzcyMmZl
Ni01ZjBhLTQ5ZTgtYWJkYi1jYWEyYWQwZGUxMjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQvNzIyZmU2
LTVmMGEtNDllOC1hYmRiLWNhYTJhZDBkZTEyMi8xL3V6ZHRESnZ2YXdtUHBqRkF2
TVFOZzlkcjFVay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDsGCCsGAQUF
BwEHAQH/BCwwKjASBAIAATAMAwQAuetNAwQAwql4MBQEAgACMA4DBQMqBA/AAwUD
KgzzwDAfBggrBgEFBQcBCAEB/wQQMA6gDDAKAgMDOLoCAwM53jANBgkqhkiG9w0B
AQsFAAOCAQEAUC1409721/3HG/bXeiB+MU4u3qGEhnm8jW5Ky3NPOEWVz8E9GNPw
5Jroa0p+aqkQvHW/ZkN3FFEN9AQMryn3XMQ6ZhjL0br06QAV0u7jHOF/JkIH0grN
eal8Wvt2KXrdIjzXrIJPxQdtnTBBDSJtaiGQNIa8lC7WnKUCmgW8bk07iY8ULJoD
Lq/L62hysNv4fxluIMpdB0uIrXxXqjGHpVp8eLMRvXVyXX1CHhZQzb9o3fzTk/wt
3+USVXfTjv5oB9rc6v5QaDRt0dtfUovxFa09nRW1Fs5oyxZdauM7I+WcHq2a5eop
T+EFRrJ57lqb6kxL9fYToV5tUFiVcJM6RA==
-----END CERTIFICATE-----