Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xVamx4HLpM5byxQvtCr9iBqfpmc.cer
File:                     xVamx4HLpM5byxQvtCr9iBqfpmc.cer (raw, json)
Hash identifier:          j9Y3KK6Tlslld1dWRLcOrfOdhU873oq7Vhv3Ib6vJP0=
Subject key identifier:   C5:56:A6:C7:81:CB:A4:CE:5B:CB:14:2F:B4:2A:FD:88:1A:9F:A6:67
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018B42D68C2391CD83A0CB0070A6F2E6B87E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/83/799f28-5270-4929-990a-0909b41f55f1/1/xVamx4HLpM5byxQvtCr9iBqfpmc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/83/799f28-5270-4929-990a-0909b41f55f1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 18 Oct 2023 12:50:38 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 29024
                          IP: 91.189.40.0/21
                          IP: 185.3.48.0/22
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:42:d6:8c:23:91:cd:83:a0:cb:00:70:a6:f2:e6:b8:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 18 12:50:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c556a6c781cba4ce5bcb142fb42afd881a9fa667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ff:b2:8b:03:1e:cd:43:4b:33:6e:79:c5:26:
                    45:b5:07:61:c5:7a:ac:a1:9a:44:6c:05:90:d1:59:
                    18:b9:f8:fd:e3:a2:61:49:64:a1:60:df:be:fc:8a:
                    0f:3a:d8:19:a0:ea:2b:f2:a6:5d:e1:a4:15:4d:0b:
                    92:ba:c6:24:f0:e1:3c:12:3f:f6:9d:0d:f4:d0:ce:
                    68:cc:a3:a2:25:53:f2:1f:f2:d5:2c:4f:c3:0b:ce:
                    08:c7:13:b7:1e:29:1b:d1:16:8b:5f:dd:d6:03:61:
                    7e:91:90:2b:b6:4a:b4:18:5f:79:88:f1:81:5a:58:
                    b3:96:fd:48:37:fd:7c:dd:f8:b3:d9:8b:a9:40:d6:
                    f8:23:87:28:c1:56:b9:bf:59:60:cb:e7:cb:d9:ac:
                    df:1e:23:15:67:77:4b:f5:cb:ed:fb:f3:3f:18:eb:
                    23:36:a9:a0:4a:d0:6b:4e:fa:5f:d7:ab:f0:f2:63:
                    49:f3:4a:3d:9d:ba:30:5b:9d:66:98:6b:2f:14:39:
                    aa:3e:21:86:e5:ef:16:a6:26:d0:3a:44:09:5c:61:
                    11:ab:67:3a:e2:23:2d:7d:d2:a0:cc:59:90:b5:39:
                    3c:91:ad:15:98:43:8c:28:c2:fb:4c:ba:50:24:16:
                    f0:e2:28:73:39:0b:0a:78:d4:48:f7:95:44:22:9e:
                    3e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:56:A6:C7:81:CB:A4:CE:5B:CB:14:2F:B4:2A:FD:88:1A:9F:A6:67
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/799f28-5270-4929-990a-0909b41f55f1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/799f28-5270-4929-990a-0909b41f55f1/1/xVamx4HLpM5byxQvtCr9iBqfpmc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.189.40.0/21
                  185.3.48.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  29024

    Signature Algorithm: sha256WithRSAEncryption
         07:20:e2:15:4a:ba:e1:3c:dc:e3:bf:aa:ed:ec:1d:f9:22:8b:
         d5:79:e5:5c:16:cf:a8:09:50:b5:a0:1d:db:3f:5a:c7:6c:df:
         92:60:26:49:8b:ce:7c:2c:17:2e:50:7a:3f:f7:94:39:16:6a:
         65:de:16:98:ab:cb:85:2f:00:7d:dd:ad:cb:77:b2:42:ae:f0:
         a8:5a:f0:fa:e6:0d:45:e4:b9:14:34:df:ef:1b:e8:39:3a:3b:
         86:74:09:95:9b:6a:4a:fb:49:45:a5:7a:9e:7b:b2:b3:a4:69:
         72:30:20:b9:db:19:4c:34:80:37:ee:85:fe:03:66:48:b9:90:
         32:81:1d:3b:6c:80:cc:69:10:dc:44:a1:f4:e5:89:cb:7e:c7:
         e0:96:a2:72:8c:03:d2:61:46:74:6f:86:e7:ce:d1:29:a5:0a:
         4f:6d:ea:b7:14:46:52:ab:a0:d8:73:0d:e7:76:1a:d3:e7:4d:
         8e:41:34:60:2e:1f:ac:00:7e:72:d2:c0:93:ac:f2:f3:37:bc:
         01:e1:0b:d1:d4:e4:4f:49:17:3d:df:33:5f:1d:63:fa:56:27:
         65:1d:ef:2a:2e:57:ed:c4:9f:ea:09:fa:f6:2d:b0:42:42:b3:
         01:96:ea:52:ca:fa:b7:c8:f5:e1:3b:9c:6c:60:1d:9f:d7:c1:
         49:86:1f:68
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgISAYtC1owjkc2DoMsAcKby5rh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMxMDE4MTI1MDM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTU2YTZjNzgxY2JhNGNlNWJjYjE0MmZiNDJhZmQ4ODFhOWZhNjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/+yiwMezUNLM255xSZFtQdhxXqs
oZpEbAWQ0VkYufj946JhSWShYN++/IoPOtgZoOor8qZd4aQVTQuSusYk8OE8Ej/2
nQ300M5ozKOiJVPyH/LVLE/DC84IxxO3Hikb0RaLX93WA2F+kZArtkq0GF95iPGB
Wlizlv1IN/183fiz2YupQNb4I4cowVa5v1lgy+fL2azfHiMVZ3dL9cvt+/M/GOsj
NqmgStBrTvpf16vw8mNJ80o9nbowW51mmGsvFDmqPiGG5e8WpibQOkQJXGERq2c6
4iMtfdKgzFmQtTk8ka0VmEOMKML7TLpQJBbw4ihzOQsKeNRI95VEIp4+GwIDAQAB
o4ICpTCCAqEwHQYDVR0OBBYEFMVWpseBy6TOW8sUL7Qq/Ygan6ZnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgzLzc5OWYy
OC01MjcwLTQ5MjktOTkwYS0wOTA5YjQxZjU1ZjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODMvNzk5ZjI4
LTUyNzAtNDkyOS05OTBhLTA5MDliNDFmNTVmMS8xL3hWYW14NEhMcE01Ynl4UXZ0
Q3I5aUJxZnBtYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQDW70oAwQCuQMwMBkGCCsGAQUFBwEIAQH/BAow
CKAGMAQCAnFgMA0GCSqGSIb3DQEBCwUAA4IBAQAHIOIVSrrhPNzjv6rt7B35IovV
eeVcFs+oCVC1oB3bP1rHbN+SYCZJi858LBcuUHo/95Q5Fmpl3haYq8uFLwB93a3L
d7JCrvCoWvD65g1F5LkUNN/vG+g5OjuGdAmVm2pK+0lFpXqee7KzpGlyMCC52xlM
NIA37oX+A2ZIuZAygR07bIDMaRDcRKH05YnLfsfglqJyjAPSYUZ0b4bnztEppQpP
beq3FEZSq6DYcw3ndhrT502OQTRgLh+sAH5y0sCTrPLzN7wB4QvR1ORPSRc93zNf
HWP6VidlHe8qLlftxJ/qCfr2LbBCQrMBlupSyvq3yPXhO5xsYB2f18FJhh9o
-----END CERTIFICATE-----