Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vpMZsZZTGnn4Mt3dWHMSnjjD5O4.cer
File:                     vpMZsZZTGnn4Mt3dWHMSnjjD5O4.cer (raw, json)
Hash identifier:          SaaSB3Ey9lum4mtczjt7V8HpLJfBOUDdMCsFX8MuzZ8=
Subject key identifier:   BE:93:19:B1:96:53:1A:79:F8:32:DD:DD:58:73:12:9E:38:C3:E4:EE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856D898487EBDB36EFFDB4A87D70B312BD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ab/707e75-1ecf-4d31-b752-d5e079ec928c/1/vpMZsZZTGnn4Mt3dWHMSnjjD5O4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ab/707e75-1ecf-4d31-b752-d5e079ec928c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 13:33:27 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 45.89.152.0/22
                          IP: 45.91.144.0/22
                          IP: 2a0b:d500::/29
                          IP: 2a0e:10c0::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:89:84:87:eb:db:36:ef:fd:b4:a8:7d:70:b3:12:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:33:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=be9319b196531a79f832dddd5873129e38c3e4ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:50:11:ac:79:e4:7b:55:b2:a8:a1:31:15:cd:
                    f8:57:7e:cc:45:d8:c8:9c:3b:00:9d:34:e5:6a:2e:
                    7b:5a:2e:4d:d5:ee:30:83:b7:90:1d:68:26:3f:f3:
                    ca:b5:7b:76:ac:0e:20:90:e5:90:22:ee:93:77:20:
                    66:cb:12:57:0f:56:99:13:dc:e7:bc:bf:1e:21:6e:
                    43:10:b0:d3:c7:86:d2:21:02:e4:c8:89:07:7e:8f:
                    b1:f7:da:7c:bc:f3:5a:36:f4:84:9d:01:1e:4e:07:
                    ae:13:c2:db:5d:28:13:d7:08:87:0f:b6:36:3d:89:
                    ed:b1:03:44:45:f2:d5:e8:0e:bb:8b:cb:e7:60:b1:
                    94:3a:68:f5:ef:0e:a0:52:10:ee:2a:14:7d:f1:77:
                    97:de:38:2d:ed:2f:52:23:c4:a6:44:1f:8b:9d:1d:
                    01:74:9e:d7:d8:9c:56:bc:80:e6:92:ce:45:d8:0a:
                    4f:ac:7d:48:b0:f3:a1:db:c7:7c:1d:84:c9:e7:dd:
                    ca:34:8b:15:7a:51:35:60:87:2d:37:d2:5c:22:f1:
                    df:b7:b0:bb:47:86:db:a6:18:dc:77:b5:d5:be:a9:
                    4a:fe:75:fd:ed:f7:1f:f6:3e:73:73:52:0f:8d:8f:
                    42:50:b9:24:24:3a:30:70:c8:7b:ac:d4:0b:b7:de:
                    62:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:93:19:B1:96:53:1A:79:F8:32:DD:DD:58:73:12:9E:38:C3:E4:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/707e75-1ecf-4d31-b752-d5e079ec928c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/707e75-1ecf-4d31-b752-d5e079ec928c/1/vpMZsZZTGnn4Mt3dWHMSnjjD5O4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.152.0/22
                  45.91.144.0/22
                IPv6:
                  2a0b:d500::/29
                  2a0e:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:dd:65:39:90:b5:61:ad:9d:40:c8:11:5e:20:a3:8c:d5:f9:
         06:e2:ed:9e:6a:25:f8:05:93:e4:28:ee:ae:9a:de:68:04:da:
         69:c9:9e:82:38:fe:6c:c0:ed:91:62:1b:58:67:69:d2:63:33:
         2f:c2:b1:74:07:81:32:af:1f:c9:e5:6f:6f:bb:0c:5c:3b:1e:
         cd:0f:5a:9f:f8:1d:0f:3a:e8:1e:da:0a:a6:2a:fd:ec:4b:9f:
         89:fe:ca:fe:fb:fc:10:cb:b4:4a:8e:25:22:f5:7f:8c:6c:5a:
         e1:49:3c:37:f0:b9:61:93:3f:07:5b:bb:54:b4:6c:73:79:cb:
         74:fb:27:84:b0:62:47:51:ef:06:1e:2c:96:13:4d:06:57:37:
         ce:19:3a:04:44:e1:4e:78:b7:05:6d:2c:58:47:b4:5f:6f:78:
         6e:b4:7c:46:7c:13:6c:a3:e9:58:9c:4f:e5:71:14:b2:b4:17:
         fb:ca:5f:5c:25:30:69:b8:20:ea:1f:c2:da:52:d3:c6:77:0d:
         8e:f6:8b:f4:a1:14:e6:ce:68:83:57:2c:20:0a:dc:94:09:d6:
         0b:63:19:93:b5:08:83:c4:23:44:6d:a0:b6:cc:25:02:06:fd:
         e8:31:b9:94:97:7a:dc:1b:fe:36:e4:e5:93:25:08:34:32:a1:
         ff:41:ab:bb
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYVtiYSH69s27/20qH1wsxK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMTMzMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTkzMTliMTk2NTMxYTc5ZjgzMmRkZGQ1ODczMTI5ZTM4YzNlNGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslARrHnke1WyqKExFc34V37MRdjI
nDsAnTTlai57Wi5N1e4wg7eQHWgmP/PKtXt2rA4gkOWQIu6TdyBmyxJXD1aZE9zn
vL8eIW5DELDTx4bSIQLkyIkHfo+x99p8vPNaNvSEnQEeTgeuE8LbXSgT1wiHD7Y2
PYntsQNERfLV6A67i8vnYLGUOmj17w6gUhDuKhR98XeX3jgt7S9SI8SmRB+LnR0B
dJ7X2JxWvIDmks5F2ApPrH1IsPOh28d8HYTJ593KNIsVelE1YIctN9JcIvHft7C7
R4bbphjcd7XVvqlK/nX97fcf9j5zc1IPjY9CULkkJDowcMh7rNQLt95iBQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFL6TGbGWUxp5+DLd3VhzEp44w+TuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FiLzcwN2U3
NS0xZWNmLTRkMzEtYjc1Mi1kNWUwNzllYzkyOGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWIvNzA3ZTc1
LTFlY2YtNGQzMS1iNzUyLWQ1ZTA3OWVjOTI4Yy8xL3ZwTVpzWlpUR25uNE10M2RX
SE1TbmpqRDVPNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDsGCCsGAQUF
BwEHAQH/BCwwKjASBAIAATAMAwQCLVmYAwQCLVuQMBQEAgACMA4DBQMqC9UAAwUD
Kg4QwDANBgkqhkiG9w0BAQsFAAOCAQEATd1lOZC1Ya2dQMgRXiCjjNX5BuLtnmol
+AWT5CjurpreaATaacmegjj+bMDtkWIbWGdp0mMzL8KxdAeBMq8fyeVvb7sMXDse
zQ9an/gdDzroHtoKpir97Eufif7K/vv8EMu0So4lIvV/jGxa4Uk8N/C5YZM/B1u7
VLRsc3nLdPsnhLBiR1HvBh4slhNNBlc3zhk6BEThTni3BW0sWEe0X294brR8RnwT
bKPpWJxP5XEUsrQX+8pfXCUwabgg6h/C2lLTxncNjvaL9KEU5s5og1csIArclAnW
C2MZk7UIg8QjRG2gtswlAgb96DG5lJd63Bv+NuTlkyUINDKh/0Gruw==
-----END CERTIFICATE-----