Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
File:                     QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer (raw, json)
Hash identifier:          UsX/xwYbUo218WQZ7t01lnyTAI5d0iVoGPE/QBYrle8=
Subject key identifier:   43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018AAD3CFFF2CCED6C65E333A24D4FB9E545
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 19 Sep 2023 11:39:30 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 2121
                          IP: 193.0.24.0/21
                          IP: 2001:67c:64::/48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ad:3c:ff:f2:cc:ed:6c:65:e3:33:a2:4d:4f:b9:e5:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 19 11:39:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=43039a68130f19631e1527946e1e127db1e8f9d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fb:da:7e:8f:05:4b:26:99:e4:ff:c1:7d:f5:
                    fd:3d:1d:81:e6:3f:7a:8a:ff:a2:9b:62:09:87:48:
                    99:1d:c4:b6:51:dc:a3:71:23:2d:00:38:cb:ed:83:
                    b7:38:70:e1:84:1c:42:98:55:8f:2d:e7:34:ca:c9:
                    cb:37:86:08:09:d6:b6:27:d3:47:0b:f8:ac:04:46:
                    bb:31:7d:e3:1f:ff:30:11:b2:3e:8b:a1:31:f7:1e:
                    f8:0e:63:b4:87:f7:a1:5e:1b:53:7e:82:24:c7:43:
                    d4:8a:f6:66:59:be:c8:06:e6:5a:ec:d4:47:a0:6c:
                    d5:ce:ce:b8:0d:6c:dc:17:f6:25:f8:14:40:dc:5e:
                    f4:cb:49:dd:46:c1:58:a3:54:b5:fe:f6:3e:6e:4c:
                    32:96:c7:b0:75:a6:b1:f4:2a:9e:fd:0a:f6:61:6b:
                    2a:2d:42:20:38:36:71:b8:9d:4d:dc:83:cd:03:db:
                    41:ec:38:f0:d3:a0:61:dd:11:35:db:c8:96:33:07:
                    d6:cf:a0:17:7c:37:e2:b5:05:82:88:a1:78:2c:d9:
                    6d:95:31:cd:60:f3:80:34:df:9e:83:1d:3b:3a:33:
                    12:ba:af:b9:3c:b0:9a:ed:05:7a:1a:76:48:70:42:
                    e2:f2:4b:a5:84:b9:0a:89:ce:3b:5c:d4:76:7b:43:
                    a5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  2121

    Signature Algorithm: sha256WithRSAEncryption
         73:4d:77:3c:22:93:d4:55:b6:fc:a6:7d:d4:30:33:85:61:aa:
         89:26:6d:6f:a6:21:29:18:06:06:d2:17:6b:a0:06:56:39:84:
         58:a5:1e:d9:41:b0:a7:64:0d:ab:e2:34:e3:fb:58:38:87:30:
         3e:5d:1e:41:46:83:25:6d:a0:17:ac:d5:2f:76:11:e1:7c:2f:
         39:91:b1:bf:e4:97:c0:67:8c:aa:47:66:14:ed:fa:b2:13:9e:
         16:ea:0c:62:82:9d:68:72:86:64:bc:bf:6b:fa:76:dd:c8:07:
         4a:eb:0d:13:06:45:d2:d1:5c:f2:a1:b3:cd:3b:d1:bd:c5:70:
         2f:c0:ca:57:49:e5:45:53:92:55:fb:c8:6b:48:a7:f5:b1:41:
         de:a3:b2:fb:e4:5d:80:fb:90:20:99:3a:07:a1:6c:3f:d5:46:
         b4:61:d6:32:be:33:53:10:c8:a8:28:25:70:34:01:29:60:40:
         c9:34:a8:49:f1:e0:07:f9:b2:6c:45:71:e4:3d:85:06:47:33:
         36:76:0c:cf:44:12:ca:4a:8f:20:0a:8c:02:d5:a9:4a:8b:a4:
         bb:c0:10:fb:76:f3:07:50:0f:a3:4e:29:fb:6c:f9:ea:e0:56:
         2b:63:59:a4:9d:b9:cd:83:66:c4:1c:25:0b:11:f8:83:b0:76:
         b0:91:08:b4
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAYqtPP/yzO1sZeMzok1PueVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwOTE5MTEzOTMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzAzOWE2ODEzMGYxOTYzMWUxNTI3OTQ2ZTFlMTI3ZGIxZThmOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Pvafo8FSyaZ5P/BffX9PR2B5j96
iv+im2IJh0iZHcS2UdyjcSMtADjL7YO3OHDhhBxCmFWPLec0ysnLN4YICda2J9NH
C/isBEa7MX3jH/8wEbI+i6Ex9x74DmO0h/ehXhtTfoIkx0PUivZmWb7IBuZa7NRH
oGzVzs64DWzcF/Yl+BRA3F70y0ndRsFYo1S1/vY+bkwylsewdaax9Cqe/Qr2YWsq
LUIgODZxuJ1N3IPNA9tB7Djw06Bh3RE128iWMwfWz6AXfDfitQWCiKF4LNltlTHN
YPOANN+egx07OjMSuq+5PLCa7QV6GnZIcELi8kulhLkKic47XNR2e0OlVwIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFEMDmmgTDxljHhUnlG4eEn2x6PnZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M4L2Y2MDE3
OC05OTFhLTQyNjEtOTZhMC1kZDVjMzAwYmU1NGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgvZjYwMTc4
LTk5MWEtNDI2MS05NmEwLWRkNWMzMDBiZTU0ZS8xL1F3T2FhQk1QR1dNZUZTZVVi
aDRTZmJIby1kay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8EAgACMAkDBwAgAQZ8AGQwGQYIKwYB
BQUHAQgBAf8ECjAIoAYwBAICCEkwDQYJKoZIhvcNAQELBQADggEBAHNNdzwik9RV
tvymfdQwM4VhqokmbW+mISkYBgbSF2ugBlY5hFilHtlBsKdkDaviNOP7WDiHMD5d
HkFGgyVtoBes1S92EeF8LzmRsb/kl8BnjKpHZhTt+rITnhbqDGKCnWhyhmS8v2v6
dt3IB0rrDRMGRdLRXPKhs8070b3FcC/AyldJ5UVTklX7yGtIp/WxQd6jsvvkXYD7
kCCZOgehbD/VRrRh1jK+M1MQyKgoJXA0ASlgQMk0qEnx4Af5smxFceQ9hQZHMzZ2
DM9EEspKjyAKjALVqUqLpLvAEPt28wdQD6NOKfts+ergVitjWaSduc2DZsQcJQsR
+IOwdrCRCLQ=
-----END CERTIFICATE-----