Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zTHpUB-XoLkb0SaQt3gUzk3uUrY.cer
File:                     zTHpUB-XoLkb0SaQt3gUzk3uUrY.cer (raw, json)
Hash identifier:          CFJwFRukvbM2rLYLcfaPyhM415DiNfT/HkfAqEqY+C0=
Subject key identifier:   CD:31:E9:50:1F:97:A0:B9:1B:D1:26:90:B7:78:14:CE:4D:EE:52:B6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       A03793AAFE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4e/ca8c72-3138-492e-802c-95795d8cd1d3/1/zTHpUB-XoLkb0SaQt3gUzk3uUrY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4e/ca8c72-3138-492e-802c-95795d8cd1d3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 06:55:39 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 198411
                          IP: 5.226.16.0/20
                          IP: 45.157.56.0/22
                          IP: 2a01:bdc0::/32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 688127191806 (0xa03793aafe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:55:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cd31e9501f97a0b91bd12690b77814ce4dee52b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ac:74:a8:61:be:1d:e6:7a:cf:33:5b:70:41:
                    99:f5:70:1f:cc:1d:f4:69:6b:92:26:36:5e:4c:cb:
                    8d:2f:a7:4c:c8:ff:ae:f2:7c:29:03:a4:10:93:51:
                    cc:3f:ec:52:a4:42:d8:fa:54:4f:34:d0:05:e9:61:
                    e3:be:36:5d:f0:d7:44:78:63:b5:83:fa:f7:fe:d1:
                    be:17:ad:c1:13:52:b1:f3:17:36:18:80:7c:bb:bc:
                    1b:12:8a:01:da:ec:8f:91:7d:07:1f:01:42:15:ec:
                    6b:96:6d:ec:2c:32:0b:ac:57:be:19:ac:38:c2:88:
                    7f:49:73:1c:19:d7:c6:7c:09:b7:52:59:fb:54:59:
                    26:a9:93:0b:a7:69:e6:54:fd:54:e7:b0:ae:79:76:
                    76:75:d7:84:3d:14:46:0e:a7:5b:73:5f:97:a1:43:
                    5f:b1:11:9d:fb:ba:ff:83:26:30:ff:7f:62:e1:89:
                    05:78:7f:7f:60:ad:f3:47:e1:e9:f8:ef:f7:b0:ca:
                    10:62:7f:d0:d8:df:c2:b2:2d:47:7c:05:e2:de:d7:
                    98:7d:84:33:8d:6c:c7:8f:29:bc:b8:8a:54:6b:37:
                    41:4d:59:53:5f:a8:21:4a:ad:bf:d4:f9:56:ef:45:
                    3a:29:c3:ac:a1:0b:d3:33:42:46:57:f2:6e:fa:78:
                    09:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:31:E9:50:1F:97:A0:B9:1B:D1:26:90:B7:78:14:CE:4D:EE:52:B6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ca8c72-3138-492e-802c-95795d8cd1d3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ca8c72-3138-492e-802c-95795d8cd1d3/1/zTHpUB-XoLkb0SaQt3gUzk3uUrY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.16.0/20
                  45.157.56.0/22
                IPv6:
                  2a01:bdc0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198411

    Signature Algorithm: sha256WithRSAEncryption
         84:26:85:05:32:0f:c6:1a:5c:16:d7:c2:13:52:bf:27:12:09:
         67:dc:16:66:82:7c:84:86:90:06:55:bc:e3:58:ad:c8:33:c1:
         6c:7b:53:de:77:c2:32:72:07:05:de:46:04:7c:7d:39:13:6f:
         b9:cd:26:65:6d:20:ef:fc:b0:de:04:5f:41:d2:91:31:49:b7:
         b1:1e:90:29:04:df:06:85:ec:69:da:e0:9b:ee:ce:64:f5:ef:
         fc:da:0e:2c:c3:22:57:3e:60:34:eb:b4:5e:33:ce:b0:e0:29:
         7c:26:d4:6b:b8:4d:e0:92:6e:d2:41:6e:48:ce:1b:9d:57:68:
         f1:f0:8e:d6:83:bf:c1:9e:29:f6:09:9e:4f:36:05:19:a6:a7:
         05:f4:fd:dc:61:43:56:1b:0a:94:38:ac:c5:4f:57:82:03:f3:
         69:d9:16:bb:33:08:51:f5:ed:54:51:b9:2b:7e:1c:e9:45:c3:
         99:09:04:cb:6c:fb:8b:e9:ae:d9:b2:bb:c5:ce:b8:54:7b:fb:
         a6:af:c8:2a:c4:b4:c2:2e:b6:85:b9:0d:96:cd:7e:6c:c9:52:
         06:13:d8:24:e1:74:95:1d:8b:48:bd:d3:bc:b4:eb:a0:62:f6:
         54:c6:51:ff:b9:e5:0f:36:27:ab:c9:52:1a:f0:10:5e:8a:dc:
         88:bd:5b:68
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIGAKA3k6r+MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDY1NTM5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjZDMxZTk1MDFm
OTdhMGI5MWJkMTI2OTBiNzc4MTRjZTRkZWU1MmI2MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAqKx0qGG+HeZ6zzNbcEGZ9XAfzB30aWuSJjZeTMuNL6dM
yP+u8nwpA6QQk1HMP+xSpELY+lRPNNAF6WHjvjZd8NdEeGO1g/r3/tG+F63BE1Kx
8xc2GIB8u7wbEooB2uyPkX0HHwFCFexrlm3sLDILrFe+Gaw4woh/SXMcGdfGfAm3
Uln7VFkmqZMLp2nmVP1U57CueXZ2ddeEPRRGDqdbc1+XoUNfsRGd+7r/gyYw/39i
4YkFeH9/YK3zR+Hp+O/3sMoQYn/Q2N/Csi1HfAXi3teYfYQzjWzHjym8uIpUazdB
TVlTX6ghSq2/1PlW70U6KcOsoQvTM0JGV/Ju+ngJxQIDAQABo4ICtTCCArEwHQYD
VR0OBBYEFM0x6VAfl6C5G9EmkLd4FM5N7lK2MB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRlL2NhOGM3Mi0zMTM4LTQ5MmUt
ODAyYy05NTc5NWQ4Y2QxZDMvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvY2E4YzcyLTMxMzgtNDkyZS04
MDJjLTk1Nzk1ZDhjZDFkMy8xL3pUSHBVQi1Yb0xrYjBTYVF0M2dVemszdVVyWS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAS
BAIAATAMAwQEBeIQAwQCLZ04MA0EAgACMAcDBQAqAb3AMBoGCCsGAQUFBwEIAQH/
BAswCaAHMAUCAwMHCzANBgkqhkiG9w0BAQsFAAOCAQEAhCaFBTIPxhpcFtfCE1K/
JxIJZ9wWZoJ8hIaQBlW841ityDPBbHtT3nfCMnIHBd5GBHx9ORNvuc0mZW0g7/yw
3gRfQdKRMUm3sR6QKQTfBoXsadrgm+7OZPXv/NoOLMMiVz5gNOu0XjPOsOApfCbU
a7hN4JJu0kFuSM4bnVdo8fCO1oO/wZ4p9gmeTzYFGaanBfT93GFDVhsKlDisxU9X
ggPzadkWuzMIUfXtVFG5K34c6UXDmQkEy2z7i+mu2bK7xc64VHv7pq/IKsS0wi62
hbkNls1+bMlSBhPYJOF0lR2LSL3TvLTroGL2VMZR/7nlDzYnq8lSGvAQXorciL1b
aA==
-----END CERTIFICATE-----