Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/SDq0LHTtTmIaUWvTOvdsFnw2_z4.cer
File:                     SDq0LHTtTmIaUWvTOvdsFnw2_z4.cer (raw, json)
Hash identifier:          YjGflU9FNpOe63m56J0OMDHElOIjZncgSTwcVdmq3Dc=
Subject key identifier:   48:3A:B4:2C:74:ED:4E:62:1A:51:6B:D3:3A:F7:6C:16:7C:36:FF:3E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9902C283D5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/ba5fe9-c7c8-4f8c-92fd-1977f1f6409f/1/SDq0LHTtTmIaUWvTOvdsFnw2_z4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/ba5fe9-c7c8-4f8c-92fd-1977f1f6409f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 00:52:38 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 47565
                          IP: 91.203.0.0/22
                          IP: 193.33.100.0/23
                          IP: 194.146.200.0/22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 657176298453 (0x9902c283d5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:52:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=483ab42c74ed4e621a516bd33af76c167c36ff3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fc:3d:f9:d2:b1:37:c0:41:3a:49:9f:7f:04:
                    5c:42:a4:c3:75:34:dc:55:c6:54:14:4c:d8:c9:4d:
                    06:a1:8b:67:33:d7:2f:c1:44:32:af:c0:1a:b1:64:
                    e7:4e:93:2f:14:2d:c6:7c:fd:a6:62:e7:f9:16:37:
                    7f:ca:51:57:63:25:c7:de:31:3f:8c:df:8f:a9:fe:
                    ca:13:16:74:8a:cc:0c:f3:d9:64:e2:1d:64:b7:26:
                    7f:6e:b7:5a:10:a5:be:ce:dc:0b:96:c1:6d:ae:f7:
                    70:c3:ff:4a:e9:75:fe:30:f0:b1:bd:28:e1:f7:5b:
                    4e:1a:7c:9d:9a:92:59:85:93:85:52:37:e1:ea:8f:
                    a2:e2:22:68:67:cf:cc:6f:67:1b:82:f0:b8:53:bf:
                    ab:ad:01:b5:84:d3:87:49:7a:5b:ea:c4:b8:66:26:
                    d9:24:d6:dc:ea:ac:c5:3e:ab:e9:a0:56:58:ba:40:
                    8e:32:4f:00:cd:bf:b6:fb:41:db:49:b7:1b:2d:29:
                    39:2e:40:b3:0e:35:00:bd:2f:70:88:89:74:d9:13:
                    d3:36:8f:cc:54:a2:59:d9:01:8e:3e:cc:14:3d:a3:
                    e2:c2:8a:e4:e9:d3:90:f5:3d:0d:f7:77:1a:82:51:
                    f0:7e:d4:b6:1b:59:77:2e:20:87:93:f0:8d:7a:e9:
                    9f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:3A:B4:2C:74:ED:4E:62:1A:51:6B:D3:3A:F7:6C:16:7C:36:FF:3E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/ba5fe9-c7c8-4f8c-92fd-1977f1f6409f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/ba5fe9-c7c8-4f8c-92fd-1977f1f6409f/1/SDq0LHTtTmIaUWvTOvdsFnw2_z4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.0.0/22
                  193.33.100.0/23
                  194.146.200.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47565

    Signature Algorithm: sha256WithRSAEncryption
         73:57:3b:43:da:4f:60:d4:2b:bc:6e:55:a2:41:c7:dd:85:f3:
         be:ac:d6:69:25:39:0c:e1:92:25:84:b4:77:61:75:62:1a:87:
         51:24:00:82:f8:82:13:b8:86:6d:d1:1b:c0:69:11:56:0c:fb:
         d6:a9:1e:26:43:ee:d9:0d:dd:ab:30:50:a9:ca:60:06:c5:cc:
         08:f0:18:9b:d4:0a:4f:81:3a:9c:39:af:18:18:6a:b6:51:01:
         44:05:15:75:9c:50:e5:b7:ee:94:14:b9:c0:a7:82:8f:11:d3:
         80:66:33:6a:fc:8f:a9:31:a1:16:da:43:3b:a3:98:43:b5:02:
         c2:33:1e:0e:98:22:21:eb:ee:18:50:61:b5:ac:59:e5:a5:98:
         7f:92:e0:a6:98:d5:f9:10:a4:fc:9e:05:e7:9a:e2:74:04:5b:
         db:78:91:69:05:d7:7b:c8:c4:f4:f0:7f:4f:a2:04:e1:47:90:
         32:84:ec:14:5a:6d:f8:2d:e6:b3:96:34:70:c9:54:60:1b:33:
         c0:d2:93:5b:bf:85:d2:7f:9b:1d:7d:67:fb:94:c2:bc:7a:46:
         f2:dc:af:fa:20:9f:ee:c3:ad:f5:2f:87:9d:d6:4f:a2:b1:86:
         2b:d5:30:f5:19:a5:d9:d7:57:74:28:ec:d7:3b:4f:5d:df:4c:
         3b:69:04:1c
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgIGAJkCwoPVMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDA1MjM4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg0ODNhYjQyYzc0
ZWQ0ZTYyMWE1MTZiZDMzYWY3NmMxNjdjMzZmZjNlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAuPw9+dKxN8BBOkmffwRcQqTDdTTcVcZUFEzYyU0GoYtn
M9cvwUQyr8AasWTnTpMvFC3GfP2mYuf5Fjd/ylFXYyXH3jE/jN+Pqf7KExZ0iswM
89lk4h1ktyZ/brdaEKW+ztwLlsFtrvdww/9K6XX+MPCxvSjh91tOGnydmpJZhZOF
Ujfh6o+i4iJoZ8/Mb2cbgvC4U7+rrQG1hNOHSXpb6sS4ZibZJNbc6qzFPqvpoFZY
ukCOMk8Azb+2+0HbSbcbLSk5LkCzDjUAvS9wiIl02RPTNo/MVKJZ2QGOPswUPaPi
work6dOQ9T0N93caglHwftS2G1l3LiCHk/CNeumfCQIDAQABo4ICrDCCAqgwHQYD
VR0OBBYEFEg6tCx07U5iGlFr0zr3bBZ8Nv8+MB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlL2JhNWZlOS1jN2M4LTRmOGMt
OTJmZC0xOTc3ZjFmNjQwOWYvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvYmE1ZmU5LWM3YzgtNGY4Yy05
MmZkLTE5NzdmMWY2NDA5Zi8xL1NEcTBMSFR0VG1JYVVXdlRPdmRzRm53Ml96NC5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAY
BAIAATASAwQCW8sAAwQBwSFkAwQCwpLIMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC5zTANBgkqhkiG9w0BAQsFAAOCAQEAc1c7Q9pPYNQrvG5VokHH3YXzvqzWaSU5
DOGSJYS0d2F1YhqHUSQAgviCE7iGbdEbwGkRVgz71qkeJkPu2Q3dqzBQqcpgBsXM
CPAYm9QKT4E6nDmvGBhqtlEBRAUVdZxQ5bfulBS5wKeCjxHTgGYzavyPqTGhFtpD
O6OYQ7UCwjMeDpgiIevuGFBhtaxZ5aWYf5LgppjV+RCk/J4F55ridARb23iRaQXX
e8jE9PB/T6IE4UeQMoTsFFpt+C3ms5Y0cMlUYBszwNKTW7+F0n+bHX1n+5TCvHpG
8tyv+iCf7sOt9S+HndZPorGGK9Uw9Rml2ddXdCjs1ztPXd9MO2kEHA==
-----END CERTIFICATE-----