Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vSqsBkDgfHNeE0iK6HA1vQg7WiE.cer
File:                     vSqsBkDgfHNeE0iK6HA1vQg7WiE.cer (raw, json)
Hash identifier:          fCkAXS22PafY9YyKaPiuQ7s24UWne+055UuD4YzkxYM=
Subject key identifier:   BD:2A:AC:06:40:E0:7C:73:5E:13:48:8A:E8:70:35:BD:08:3B:5A:21
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856FB082FA6CF3C70F6938D449313FCFFA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8c/b281ce-0e59-4911-82aa-0a08e47f27d1/1/vSqsBkDgfHNeE0iK6HA1vQg7WiE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8c/b281ce-0e59-4911-82aa-0a08e47f27d1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 23:35:16 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 16177
                          IP: 193.41.176.0/22
                          IP: 194.9.220.0/23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:b0:82:fa:6c:f3:c7:0f:69:38:d4:49:31:3f:cf:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:35:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bd2aac0640e07c735e13488ae87035bd083b5a21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:75:2c:b3:d8:02:04:f0:c9:f9:cf:0a:f9:ae:
                    e8:db:ab:94:f2:2b:2d:30:8f:04:52:25:96:c1:fb:
                    cb:e5:00:03:31:dd:ae:0e:a3:81:84:75:6c:67:b8:
                    97:d3:91:b8:1f:a9:44:3e:ca:34:f3:a9:44:0b:99:
                    bc:73:17:ec:eb:77:3c:a6:ab:d5:a9:1f:8a:37:52:
                    dc:25:63:8f:68:3d:aa:12:7f:79:ac:01:e6:ca:86:
                    d1:67:ca:a9:51:e1:ec:67:47:e9:e2:34:3f:8d:bc:
                    3b:81:07:59:6c:57:c5:4c:d3:a9:c8:f3:bc:d9:7b:
                    9f:f1:a1:78:c9:a1:e4:18:02:d4:9b:ff:10:b8:c7:
                    40:25:03:2c:82:3d:3c:11:9f:df:9e:5d:0f:f0:0c:
                    d2:d4:82:f3:a0:f8:0b:36:b1:b1:1f:95:a2:75:98:
                    e5:cd:e7:71:c6:6f:9b:96:9e:c0:b2:c9:d7:6f:59:
                    7e:ef:0c:3f:f7:06:68:23:0a:0e:20:87:e6:76:a9:
                    57:d5:b5:dc:da:4b:67:71:c5:f6:95:e2:99:d9:d4:
                    cd:50:72:ac:6f:98:fc:c4:01:fe:bd:60:c7:ca:6f:
                    ca:d8:62:49:5d:ca:4f:7b:74:bf:be:81:d1:19:13:
                    35:b6:12:58:88:c9:94:6b:6b:9f:e6:29:c5:97:5c:
                    32:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:2A:AC:06:40:E0:7C:73:5E:13:48:8A:E8:70:35:BD:08:3B:5A:21
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/b281ce-0e59-4911-82aa-0a08e47f27d1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/b281ce-0e59-4911-82aa-0a08e47f27d1/1/vSqsBkDgfHNeE0iK6HA1vQg7WiE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.176.0/22
                  194.9.220.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  16177

    Signature Algorithm: sha256WithRSAEncryption
         75:75:df:e7:b1:8d:40:be:07:5e:48:f1:90:6c:aa:11:73:16:
         1d:a6:a4:a9:0a:31:a9:63:a0:f5:1b:38:18:05:2a:22:35:7b:
         c4:af:77:31:b3:98:63:2d:a1:b6:10:13:07:25:e2:2c:00:e5:
         9d:1e:0e:4e:2f:1b:ef:af:d1:81:a2:7c:22:ff:4c:46:74:30:
         25:e5:86:dd:da:4e:a5:7d:79:85:f5:38:94:1d:ca:71:04:4d:
         ad:96:97:76:4f:c1:7f:0e:46:89:59:d7:33:3e:5a:cf:d2:93:
         53:53:52:6e:70:02:09:b7:4c:c2:c0:84:9e:8b:4f:b0:df:bd:
         0b:a0:25:2c:b7:19:a3:6d:e7:ec:ae:7c:47:67:58:bb:4b:0d:
         1a:dc:a8:9d:aa:db:f6:b4:da:36:cf:d5:a9:21:bb:57:41:07:
         53:99:15:df:da:d2:f1:b1:0d:ee:cf:75:2b:d1:d3:54:48:44:
         27:99:eb:d5:68:3f:7b:7f:f4:2f:20:c8:3b:81:32:a6:63:70:
         d6:12:00:82:4d:84:d9:72:ec:8c:3a:f1:05:87:76:55:55:0a:
         3b:55:b6:ac:bb:59:6b:0d:84:83:3d:23:a2:86:2c:a9:71:cc:
         e4:e0:59:cc:21:d6:15:8e:3e:62:54:e2:c5:89:51:1c:12:93:
         8c:cc:b7:0d
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgISAYVvsIL6bPPHD2k41EkxP8/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMjMzNTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDJhYWMwNjQwZTA3YzczNWUxMzQ4OGFlODcwMzViZDA4M2I1YTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nUss9gCBPDJ+c8K+a7o26uU8ist
MI8EUiWWwfvL5QADMd2uDqOBhHVsZ7iX05G4H6lEPso086lEC5m8cxfs63c8pqvV
qR+KN1LcJWOPaD2qEn95rAHmyobRZ8qpUeHsZ0fp4jQ/jbw7gQdZbFfFTNOpyPO8
2Xuf8aF4yaHkGALUm/8QuMdAJQMsgj08EZ/fnl0P8AzS1ILzoPgLNrGxH5WidZjl
zedxxm+blp7AssnXb1l+7ww/9wZoIwoOIIfmdqlX1bXc2ktnccX2leKZ2dTNUHKs
b5j8xAH+vWDHym/K2GJJXcpPe3S/voHRGRM1thJYiMmUa2uf5inFl1wyjQIDAQAB
o4ICpTCCAqEwHQYDVR0OBBYEFL0qrAZA4HxzXhNIiuhwNb0IO1ohMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhjL2IyODFj
ZS0wZTU5LTQ5MTEtODJhYS0wYTA4ZTQ3ZjI3ZDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGMvYjI4MWNl
LTBlNTktNDkxMS04MmFhLTBhMDhlNDdmMjdkMS8xL3ZTcXNCa0RnZkhOZUUwaUs2
SEExdlFnN1dpRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQCwSmwAwQBwgncMBkGCCsGAQUFBwEIAQH/BAow
CKAGMAQCAj8xMA0GCSqGSIb3DQEBCwUAA4IBAQB1dd/nsY1AvgdeSPGQbKoRcxYd
pqSpCjGpY6D1GzgYBSoiNXvEr3cxs5hjLaG2EBMHJeIsAOWdHg5OLxvvr9GBonwi
/0xGdDAl5Ybd2k6lfXmF9TiUHcpxBE2tlpd2T8F/DkaJWdczPlrP0pNTU1JucAIJ
t0zCwISei0+w370LoCUstxmjbefsrnxHZ1i7Sw0a3Kidqtv2tNo2z9WpIbtXQQdT
mRXf2tLxsQ3uz3Ur0dNUSEQnmevVaD97f/QvIMg7gTKmY3DWEgCCTYTZcuyMOvEF
h3ZVVQo7Vbasu1lrDYSDPSOihiypcczk4FnMIdYVjj5iVOLFiVEcEpOMzLcN
-----END CERTIFICATE-----