Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xRhkSsRh3dLPS8WtXCtCYlNcOMg.cer
File:                     xRhkSsRh3dLPS8WtXCtCYlNcOMg.cer (raw, json)
Hash identifier:          Jg5wjxuzww6iCwE1wl4MS4/nl/J76n0gMdG5J/UTaZs=
Subject key identifier:   C5:18:64:4A:C4:61:DD:D2:CF:4B:C5:AD:5C:2B:42:62:53:5C:38:C8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856FB0A9D8EECCD85308EF7FE87742DF2D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d3/1df875-2a23-4fe8-b1f0-cebded36f878/1/xRhkSsRh3dLPS8WtXCtCYlNcOMg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d3/1df875-2a23-4fe8-b1f0-cebded36f878/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 23:35:26 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 39758
                          IP: 46.102.232.0/23
                          IP: 77.81.137.0 -- 77.81.138.255
                          IP: 89.36.21.0/24
                          IP: 89.42.110.0/23
                          IP: 93.113.25.0/24
                          IP: 93.113.212.0/24
                          IP: 93.115.248.0/22
                          IP: 193.203.204.0/23
                          IP: 2a06:4a40::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:b0:a9:d8:ee:cc:d8:53:08:ef:7f:e8:77:42:df:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:35:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c518644ac461ddd2cf4bc5ad5c2b4262535c38c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:1c:b6:18:37:bd:89:dd:b5:7e:e5:3a:5e:54:
                    73:7f:d1:35:06:83:1c:4a:06:a5:65:04:73:75:09:
                    37:7f:9a:27:d6:3a:29:44:46:f9:49:f0:3a:50:64:
                    ab:8f:b3:6c:27:6b:4a:9e:91:57:cd:c1:9d:47:5f:
                    85:f2:8f:cd:b9:cd:e2:2b:24:f1:4f:cb:42:b3:a3:
                    1b:86:c8:d7:da:8a:16:be:91:36:94:40:c0:be:2b:
                    97:00:3f:af:94:86:61:c1:2d:a3:fa:26:3d:4f:20:
                    50:ae:62:28:7f:d2:96:89:8c:87:5a:d1:a1:20:bf:
                    8a:2c:14:49:e9:73:45:66:c0:12:49:f9:2d:b0:da:
                    a6:1e:f9:1b:ca:ba:a4:90:8a:8d:4d:84:3e:59:be:
                    81:29:cc:b3:a2:40:97:5d:af:fc:7b:00:40:3e:d8:
                    e1:c3:18:3e:ab:48:39:b4:a4:dd:22:2d:6f:c8:c5:
                    3d:25:bd:ed:b9:b6:09:49:1a:af:30:98:e7:03:b5:
                    ce:4f:bb:08:c4:9f:27:ae:03:45:36:32:be:31:d0:
                    3a:40:dd:4f:2d:d1:85:37:37:b7:99:be:d2:9e:59:
                    b8:61:a5:de:9f:ff:c9:43:29:a0:0c:9a:c5:84:50:
                    d3:22:cd:3f:4f:78:09:84:39:26:7c:96:6a:51:be:
                    47:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:18:64:4A:C4:61:DD:D2:CF:4B:C5:AD:5C:2B:42:62:53:5C:38:C8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1df875-2a23-4fe8-b1f0-cebded36f878/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1df875-2a23-4fe8-b1f0-cebded36f878/1/xRhkSsRh3dLPS8WtXCtCYlNcOMg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.232.0/23
                  77.81.137.0-77.81.138.255
                  89.36.21.0/24
                  89.42.110.0/23
                  93.113.25.0/24
                  93.113.212.0/24
                  93.115.248.0/22
                  193.203.204.0/23
                IPv6:
                  2a06:4a40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39758

    Signature Algorithm: sha256WithRSAEncryption
         15:eb:b7:8b:83:60:12:ea:09:97:b0:e7:f5:dd:d3:74:85:9b:
         03:36:40:43:bb:b5:9f:3f:db:1e:4f:9c:a5:95:5a:1a:a2:6f:
         bd:05:4b:4f:49:40:ab:e2:a2:ec:f9:fd:b5:07:3b:39:98:66:
         f9:6d:63:1a:52:33:08:e5:83:d6:75:b9:20:12:f5:0a:5b:ec:
         77:28:99:f5:bb:da:45:1e:24:9e:f3:03:0e:6c:ed:02:61:25:
         0c:8a:9c:d4:9a:15:5f:09:de:82:5b:2f:54:45:e2:74:ff:35:
         c2:9e:e1:5a:21:bf:b4:64:e5:92:fa:3d:51:8f:c5:d1:a7:49:
         83:60:ec:6b:90:3b:23:94:fe:23:a2:fd:f8:db:fc:ab:96:15:
         c9:42:5b:08:ad:42:2a:0d:36:e4:54:88:b0:80:27:d9:bb:20:
         6d:27:24:58:3b:bc:3f:d2:09:4a:4a:00:61:a9:f2:da:7d:23:
         bf:03:8e:0e:70:cc:63:18:7b:9b:57:08:e5:c3:c0:af:47:1a:
         05:fb:ea:f2:40:f0:c0:70:30:a6:9d:00:95:40:a8:dd:03:b4:
         fa:c3:6b:2e:c1:09:bd:b8:b2:3a:21:f2:ca:13:c1:85:9a:db:
         dc:9c:50:8b:53:ab:5e:f2:4d:f0:1f:b2:10:4f:02:ba:40:64:
         c7:b7:26:d7
-----BEGIN CERTIFICATE-----
MIIF1TCCBL2gAwIBAgISAYVvsKnY7szYUwjvf+h3Qt8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMjMzNTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTE4NjQ0YWM0NjFkZGQyY2Y0YmM1YWQ1YzJiNDI2MjUzNWMzOGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2By2GDe9id21fuU6XlRzf9E1BoMc
SgalZQRzdQk3f5on1jopREb5SfA6UGSrj7NsJ2tKnpFXzcGdR1+F8o/Nuc3iKyTx
T8tCs6MbhsjX2ooWvpE2lEDAviuXAD+vlIZhwS2j+iY9TyBQrmIof9KWiYyHWtGh
IL+KLBRJ6XNFZsASSfktsNqmHvkbyrqkkIqNTYQ+Wb6BKcyzokCXXa/8ewBAPtjh
wxg+q0g5tKTdIi1vyMU9Jb3tubYJSRqvMJjnA7XOT7sIxJ8nrgNFNjK+MdA6QN1P
LdGFNze3mb7Snlm4YaXen//JQymgDJrFhFDTIs0/T3gJhDkmfJZqUb5HGwIDAQAB
o4IC4TCCAt0wHQYDVR0OBBYEFMUYZErEYd3Sz0vFrVwrQmJTXDjIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QzLzFkZjg3
NS0yYTIzLTRmZTgtYjFmMC1jZWJkZWQzNmY4NzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMvMWRmODc1
LTJhMjMtNGZlOC1iMWYwLWNlYmRlZDM2Zjg3OC8xL3hSaGtTc1JoM2RMUFM4V3RY
Q3RDWWxOY09NZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGAGCCsGAQUF
BwEHAQH/BFEwTzA+BAIAATA4AwQBLmboMAwDBABNUYkDBABNUYoDBABZJBUDBAFZ
Km4DBABdcRkDBABdcdQDBAJdc/gDBAHBy8wwDQQCAAIwBwMFAyoGSkAwGgYIKwYB
BQUHAQgBAf8ECzAJoAcwBQIDAJtOMA0GCSqGSIb3DQEBCwUAA4IBAQAV67eLg2AS
6gmXsOf13dN0hZsDNkBDu7WfP9seT5yllVoaom+9BUtPSUCr4qLs+f21Bzs5mGb5
bWMaUjMI5YPWdbkgEvUKW+x3KJn1u9pFHiSe8wMObO0CYSUMipzUmhVfCd6CWy9U
ReJ0/zXCnuFaIb+0ZOWS+j1Rj8XRp0mDYOxrkDsjlP4jov342/yrlhXJQlsIrUIq
DTbkVIiwgCfZuyBtJyRYO7w/0glKSgBhqfLafSO/A44OcMxjGHubVwjlw8CvRxoF
++ryQPDAcDCmnQCVQKjdA7T6w2suwQm9uLI6IfLKE8GFmtvcnFCLU6te8k3wH7IQ
TwK6QGTHtybX
-----END CERTIFICATE-----