Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kyqxwcUuCGf4vsvkR_cpe1bWe-g.cer
File:                     kyqxwcUuCGf4vsvkR_cpe1bWe-g.cer (raw, json)
Hash identifier:          7Gmom5isozYs6O09x4XgFUQwjIBfceR5VgHUQO2mlP4=
Subject key identifier:   93:2A:B1:C1:C5:2E:08:67:F8:BE:CB:E4:47:F7:29:7B:56:D6:7B:E8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856E8E7BD39CB72AFEFF6D32CA88727E5F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/39b226e2-7512-4bab-bec3-13e453abc2b7/1/932AB1C1C52E0867F8BECBE447F7297B56D67BE8.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/39b226e2-7512-4bab-bec3-13e453abc2b7/1/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 18:18:29 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 203843
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:8e:7b:d3:9c:b7:2a:fe:ff:6d:32:ca:88:72:7e:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:18:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=932ab1c1c52e0867f8becbe447f7297b56d67be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6b:22:43:be:31:54:76:9a:2c:a0:e7:a5:9b:
                    e0:42:ad:90:11:1b:a4:83:4e:67:5c:0c:06:5c:4c:
                    44:f9:05:f3:53:be:5b:7c:28:89:0b:d2:74:53:5b:
                    c2:98:82:db:77:52:26:a5:09:bd:3f:ea:5e:1b:63:
                    f9:cf:18:89:38:18:db:24:2e:ff:81:e9:df:04:75:
                    41:6a:02:67:1b:c1:62:92:46:2e:29:73:34:eb:5a:
                    14:66:13:40:6a:75:5b:89:ca:1e:a9:aa:4d:aa:de:
                    a1:94:ab:76:47:50:4c:75:9d:59:70:83:ab:ce:32:
                    f8:46:2e:64:03:3d:b2:6b:79:0a:6f:20:74:d3:2e:
                    8e:64:b7:ca:7c:45:5e:f1:7d:6a:5f:ba:6d:0d:6a:
                    d7:4d:d0:1f:eb:e4:9e:57:ac:1c:7b:8d:96:80:dc:
                    13:a0:e0:1c:41:ff:79:b4:e5:b8:c7:50:9a:d9:6a:
                    7f:98:16:71:0e:7e:ad:96:9d:86:72:3c:2d:69:c9:
                    ca:9e:a0:42:9a:ba:45:40:1e:01:c6:57:52:f0:7c:
                    39:d9:e9:c3:9f:d6:c4:12:8a:06:4e:9e:42:f7:d1:
                    59:7a:7c:e0:38:c7:88:b5:5b:de:9e:9e:25:c9:61:
                    76:ab:a6:30:e3:61:b8:7a:ea:3c:0d:45:17:b4:70:
                    3e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:2A:B1:C1:C5:2E:08:67:F8:BE:CB:E4:47:F7:29:7B:56:D6:7B:E8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/39b226e2-7512-4bab-bec3-13e453abc2b7/1
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/39b226e2-7512-4bab-bec3-13e453abc2b7/1/932AB1C1C52E0867F8BECBE447F7297B56D67BE8.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203843

    Signature Algorithm: sha256WithRSAEncryption
         6d:88:0d:8c:91:be:75:df:c3:d8:dd:83:d6:9b:20:3a:3e:40:
         56:45:f4:64:f8:71:1b:f1:9e:47:79:4a:8f:ea:b9:5c:5e:80:
         c4:fb:5c:59:63:ae:7f:3a:9d:7d:89:9a:80:8e:6a:f4:b9:06:
         06:af:d9:9a:fc:09:70:9a:27:81:79:d1:f1:5d:61:51:22:a0:
         23:41:09:03:e8:71:d1:2e:5b:02:5f:c8:cf:04:1a:e5:73:d9:
         85:45:3e:d2:3e:33:de:1e:ae:ca:c1:5f:af:af:11:9e:7c:c3:
         c5:c7:19:89:ac:fc:02:08:56:ff:49:04:c9:77:03:09:03:ff:
         a4:53:69:c1:26:3e:2b:c9:0c:05:86:15:27:43:76:3a:7f:d6:
         70:e4:5f:00:3a:73:57:e7:20:c3:cc:16:db:a4:27:06:90:2f:
         ef:10:b8:34:98:f9:b3:49:e4:eb:e9:f3:35:9f:2b:b5:af:25:
         e4:a4:c5:56:75:14:b6:f5:cf:16:3c:cd:80:7b:da:ef:0c:7a:
         ab:5c:17:d7:93:f3:ae:9b:58:da:d0:88:13:43:8c:e2:49:02:
         51:90:b6:d4:3b:c6:37:32:f4:54:e0:ef:70:f9:4f:76:24:fe:
         ae:e4:cc:ab:49:88:23:27:fe:81:d3:d2:53:fe:37:41:fe:a8:
         b7:26:b1:30
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYVujnvTnLcq/v9tMsqIcn5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMTgxODI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzJhYjFjMWM1MmUwODY3ZjhiZWNiZTQ0N2Y3Mjk3YjU2ZDY3YmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWsiQ74xVHaaLKDnpZvgQq2QERuk
g05nXAwGXExE+QXzU75bfCiJC9J0U1vCmILbd1ImpQm9P+peG2P5zxiJOBjbJC7/
genfBHVBagJnG8FikkYuKXM061oUZhNAanVbicoeqapNqt6hlKt2R1BMdZ1ZcIOr
zjL4Ri5kAz2ya3kKbyB00y6OZLfKfEVe8X1qX7ptDWrXTdAf6+SeV6wce42WgNwT
oOAcQf95tOW4x1Ca2Wp/mBZxDn6tlp2GcjwtacnKnqBCmrpFQB4BxldS8Hw52enD
n9bEEooGTp5C99FZenzgOMeItVvenp4lyWF2q6Yw42G4euo8DUUXtHA+wQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFJMqscHFLghn+L7L5Ef3KXtW1nvoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE+BggrBgEFBQcBCwSCATAwggEsMF4GCCsGAQUFBzAFhlJy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzM5YjIy
NmUyLTc1MTItNGJhYi1iZWMzLTEzZTQ1M2FiYzJiNy8xMIGLBggrBgEFBQcwCoZ/
cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8zOWIy
MjZlMi03NTEyLTRiYWItYmVjMy0xM2U0NTNhYmMyYjcvMS85MzJBQjFDMUM1MkUw
ODY3RjhCRUNCRTQ0N0Y3Mjk3QjU2RDY3QkU4Lm1mdDA8BggrBgEFBQcwDYYwaHR0
cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3RpZmljYXRpb24ueG1sMFkG
A1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMcQzAN
BgkqhkiG9w0BAQsFAAOCAQEAbYgNjJG+dd/D2N2D1psgOj5AVkX0ZPhxG/GeR3lK
j+q5XF6AxPtcWWOufzqdfYmagI5q9LkGBq/ZmvwJcJongXnR8V1hUSKgI0EJA+hx
0S5bAl/IzwQa5XPZhUU+0j4z3h6uysFfr68RnnzDxccZiaz8AghW/0kEyXcDCQP/
pFNpwSY+K8kMBYYVJ0N2On/WcORfADpzV+cgw8wW26QnBpAv7xC4NJj5s0nk6+nz
NZ8rta8l5KTFVnUUtvXPFjzNgHva7wx6q1wX15PzrptY2tCIE0OM4kkCUZC21DvG
NzL0VODvcPlPdiT+ruTMq0mIIyf+gdPSU/43Qf6otyaxMA==
-----END CERTIFICATE-----