Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xwt15PoKNJ-E9RDzAIpKbjj8F3U.cer
File:                     xwt15PoKNJ-E9RDzAIpKbjj8F3U.cer (raw, json)
Hash identifier:          Tc88kkUCAcPLYXGx7Fte9w+kFOcRAMuONqZwYy+2yzo=
Subject key identifier:   C7:0B:75:E4:FA:0A:34:9F:84:F5:10:F3:00:8A:4A:6E:38:FC:17:75
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A0532E1AEB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a0/b62cf6-466d-44fa-a141-2de8843ac297/1/xwt15PoKNJ-E9RDzAIpKbjj8F3U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a0/b62cf6-466d-44fa-a141-2de8843ac297/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 06:57:02 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 24747
                          IP: 45.149.92.0/22
                          IP: 80.246.224.0/20
                          IP: 2a10:8100::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 688590297835 (0xa0532e1aeb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:57:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c70b75e4fa0a349f84f510f3008a4a6e38fc1775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:31:56:5c:b4:e6:3a:a5:c7:78:70:bf:8e:8f:
                    ef:d8:2c:42:d5:79:00:c9:db:e3:df:cf:75:db:6b:
                    89:87:8d:60:4d:1e:8a:35:63:61:f6:5f:1d:e8:41:
                    fb:59:d7:ea:6e:39:aa:70:db:0e:18:50:63:b0:a0:
                    26:01:ff:9f:62:00:60:22:f8:d0:d6:a1:00:e5:ed:
                    08:83:a4:13:f1:6d:05:db:fa:ca:11:e1:5c:da:38:
                    c5:f7:51:71:9e:1e:af:32:76:c2:f1:d8:6d:2d:4d:
                    0d:d6:d9:b7:13:52:5f:b8:bb:38:6f:08:27:c8:2b:
                    ff:1a:10:49:21:d7:48:d7:49:01:28:02:7a:82:b6:
                    c4:01:92:18:62:5e:ce:1c:2b:94:63:bc:5b:e5:f8:
                    1d:08:86:30:5c:64:2e:19:33:28:fc:57:ec:5a:1d:
                    53:4e:a1:a2:84:28:88:90:b5:b8:a4:30:d5:93:d2:
                    29:7a:11:ab:4b:85:a7:8b:e8:a3:f7:ab:f2:b2:6a:
                    43:5a:b3:dd:62:f4:ac:94:93:19:b4:48:03:0c:3f:
                    45:80:8f:74:4e:db:c3:f4:4d:ad:5d:e9:88:4e:91:
                    08:10:37:da:8a:e4:a8:74:d7:e5:78:32:0d:02:24:
                    28:7c:ce:3a:e7:23:81:86:f6:98:63:00:ff:e3:46:
                    af:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:0B:75:E4:FA:0A:34:9F:84:F5:10:F3:00:8A:4A:6E:38:FC:17:75
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b62cf6-466d-44fa-a141-2de8843ac297/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b62cf6-466d-44fa-a141-2de8843ac297/1/xwt15PoKNJ-E9RDzAIpKbjj8F3U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.92.0/22
                  80.246.224.0/20
                IPv6:
                  2a10:8100::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  24747

    Signature Algorithm: sha256WithRSAEncryption
         84:1f:58:a7:95:2a:0f:d6:45:c0:f7:23:60:77:cf:02:69:bc:
         f0:3b:75:4a:07:a4:21:09:09:aa:0b:6c:02:df:59:c0:1c:68:
         48:02:d2:69:0c:37:a5:ba:89:d2:4e:2b:27:5a:85:5f:52:49:
         db:51:56:a3:6b:22:f3:03:5f:c4:a5:99:66:cb:4f:86:64:9b:
         30:a8:cd:4b:1b:ac:03:1d:c2:2e:e5:94:89:47:2f:25:91:27:
         37:23:20:aa:46:b7:2b:ab:92:cb:ee:1d:15:d9:3b:91:c9:0f:
         7c:d6:8f:f7:22:0c:fb:40:7f:43:dd:6f:6c:c9:41:c2:bd:20:
         15:0c:11:de:06:42:41:24:51:98:03:4a:f7:9b:cc:8c:af:b0:
         6d:87:02:4a:00:e1:eb:34:87:e3:85:82:84:63:f1:ba:e6:7d:
         08:b1:d3:e5:00:30:66:8f:fe:4a:a5:a3:9e:cd:c0:8b:8c:1f:
         33:a7:99:eb:9c:ed:68:da:87:a0:2d:ed:6f:6d:5c:1b:d1:8f:
         39:2a:1f:1b:a7:d5:ac:ec:f0:0e:54:ff:b8:c3:24:48:25:d6:
         99:fa:91:97:88:94:bd:c4:69:11:34:0a:cd:d8:2e:b3:e4:b5:
         8b:1d:75:6b:90:0c:e2:bf:8e:5e:fe:50:cd:17:eb:0f:71:27:
         55:73:cb:73
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIGAKBTLhrrMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDY1NzAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjNzBiNzVlNGZh
MGEzNDlmODRmNTEwZjMwMDhhNGE2ZTM4ZmMxNzc1MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAujFWXLTmOqXHeHC/jo/v2CxC1XkAydvj389122uJh41g
TR6KNWNh9l8d6EH7WdfqbjmqcNsOGFBjsKAmAf+fYgBgIvjQ1qEA5e0Ig6QT8W0F
2/rKEeFc2jjF91Fxnh6vMnbC8dhtLU0N1tm3E1JfuLs4bwgnyCv/GhBJIddI10kB
KAJ6grbEAZIYYl7OHCuUY7xb5fgdCIYwXGQuGTMo/FfsWh1TTqGihCiIkLW4pDDV
k9IpehGrS4Wni+ij96vysmpDWrPdYvSslJMZtEgDDD9FgI90TtvD9E2tXemITpEI
EDfaiuSodNfleDINAiQofM465yOBhvaYYwD/40avxQIDAQABo4ICtDCCArAwHQYD
VR0OBBYEFMcLdeT6CjSfhPUQ8wCKSm44/Bd1MB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EwL2I2MmNmNi00NjZkLTQ0ZmEt
YTE0MS0yZGU4ODQzYWMyOTcvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvYjYyY2Y2LTQ2NmQtNDRmYS1h
MTQxLTJkZTg4NDNhYzI5Ny8xL3h3dDE1UG9LTkotRTlSRHpBSXBLYmpqOEYzVS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAS
BAIAATAMAwQCLZVcAwQEUPbgMA0EAgACMAcDBQMqEIEAMBkGCCsGAQUFBwEIAQH/
BAowCKAGMAQCAmCrMA0GCSqGSIb3DQEBCwUAA4IBAQCEH1inlSoP1kXA9yNgd88C
abzwO3VKB6QhCQmqC2wC31nAHGhIAtJpDDeluonSTisnWoVfUknbUVajayLzA1/E
pZlmy0+GZJswqM1LG6wDHcIu5ZSJRy8lkSc3IyCqRrcrq5LL7h0V2TuRyQ981o/3
Igz7QH9D3W9syUHCvSAVDBHeBkJBJFGYA0r3m8yMr7BthwJKAOHrNIfjhYKEY/G6
5n0IsdPlADBmj/5KpaOezcCLjB8zp5nrnO1o2oegLe1vbVwb0Y85Kh8bp9Ws7PAO
VP+4wyRIJdaZ+pGXiJS9xGkRNArN2C6z5LWLHXVrkAziv45e/lDNF+sPcSdVc8tz
-----END CERTIFICATE-----