Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/pHqB5taz4DEjB9yh2GOYLMkLxnM.cer
File:                     pHqB5taz4DEjB9yh2GOYLMkLxnM.cer (raw, json)
Hash identifier:          XAzkf9Flb/EWB2F07Z8pFsksx74XGVAPsbiIi4s9WDc=
Subject key identifier:   A4:7A:81:E6:D6:B3:E0:31:23:07:DC:A1:D8:63:98:2C:C9:0B:C6:73
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       9987CFC474
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6f/88d56c-6720-4fdc-9a13-d09bee137baa/1/pHqB5taz4DEjB9yh2GOYLMkLxnM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6f/88d56c-6720-4fdc-9a13-d09bee137baa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 01 Jan 2022 00:57:48 +0000
Certificate not after:    Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources:    AS: 206208
                          IP: 95.178.39.0/24
                          IP: 185.158.52.0/22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 659408536692 (0x9987cfc474)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:57:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a47a81e6d6b3e0312307dca1d863982cc90bc673
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2c:13:5e:83:53:8a:3f:f7:72:73:96:26:53:
                    9a:9f:a9:53:f1:da:ed:92:ed:ba:11:59:a6:3f:48:
                    78:b7:54:96:2a:92:0e:17:3d:58:88:80:43:8c:71:
                    cb:73:7d:67:bc:71:35:f4:22:d6:cc:87:47:ce:9c:
                    0e:d5:c0:21:8e:a2:d8:ef:5e:62:2b:23:93:55:0e:
                    15:eb:38:a3:1d:df:dd:c4:30:40:a3:17:e0:25:00:
                    ac:92:08:7b:fc:ce:a3:20:77:74:16:38:3e:84:c5:
                    92:5a:90:26:77:f5:e2:ee:11:40:48:10:c1:72:9e:
                    ba:ad:99:d2:01:1c:97:92:bd:5d:ff:15:12:2c:3e:
                    83:7a:bf:a7:c9:1e:8d:05:2a:da:64:03:2f:17:00:
                    aa:54:40:70:f3:77:db:ff:d3:bf:8a:d1:f6:a9:35:
                    f6:75:08:1c:c3:31:3d:e8:a3:2f:bb:11:12:bb:e5:
                    1e:e0:90:47:6b:72:5b:11:96:aa:1b:2a:b2:de:4c:
                    1c:7b:50:0b:a1:f3:8c:4c:4a:8a:ad:bb:f9:8e:de:
                    c9:a3:8d:31:90:bb:b5:a0:47:8c:37:b4:e1:8f:4d:
                    d8:1b:2f:e8:68:fa:16:a3:a8:fb:ed:ae:1d:ae:20:
                    3c:79:88:6d:29:54:ef:b4:5b:8e:a2:a4:f9:62:11:
                    2a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:7A:81:E6:D6:B3:E0:31:23:07:DC:A1:D8:63:98:2C:C9:0B:C6:73
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/88d56c-6720-4fdc-9a13-d09bee137baa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/88d56c-6720-4fdc-9a13-d09bee137baa/1/pHqB5taz4DEjB9yh2GOYLMkLxnM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.178.39.0/24
                  185.158.52.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206208

    Signature Algorithm: sha256WithRSAEncryption
         7d:fc:10:ac:57:ec:6b:5a:82:93:db:a1:1d:75:44:eb:bb:e8:
         9d:db:35:af:43:a7:89:e0:05:ac:0a:37:7a:bb:58:55:87:78:
         67:ae:5b:2f:47:c5:b1:54:9e:96:93:25:65:f0:56:aa:d4:77:
         14:ed:1f:6c:91:fb:7c:53:7e:28:cb:ef:80:5f:f9:2a:24:4b:
         00:56:ef:88:5e:ac:27:93:bf:0d:2c:cf:58:ed:fb:ce:16:19:
         64:3f:f8:ca:85:ec:02:c2:40:a8:48:dd:55:07:38:1f:e8:8c:
         84:3f:79:f2:61:a2:71:3c:dc:ed:3c:3a:3c:d1:46:4a:d3:25:
         31:e6:d5:b3:0d:11:ec:e7:e0:27:46:d7:db:95:df:f6:0e:01:
         69:9f:32:d7:f4:80:7b:74:a6:aa:6b:aa:f0:42:70:fa:72:9c:
         d3:4b:d7:a0:2a:33:02:ea:e7:ef:38:6c:1e:66:c6:58:12:ea:
         6c:1d:e8:0f:20:2e:57:4b:22:ec:c6:47:ab:44:5a:82:ea:4a:
         62:34:d4:10:9e:fb:70:ff:4f:04:29:02:29:41:ff:1f:a9:6c:
         2e:2a:0e:a1:89:fe:67:6a:a0:39:f8:7a:1b:f8:7a:bc:2e:c4:
         fa:1a:87:71:a5:d7:c3:bc:69:fd:ab:c8:27:fb:2d:07:5b:36:
         d2:2b:45:f8
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIGAJmHz8R0MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDA1NzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhhNDdhODFlNmQ2
YjNlMDMxMjMwN2RjYTFkODYzOTgyY2M5MGJjNjczMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAuCwTXoNTij/3cnOWJlOan6lT8drtku26EVmmP0h4t1SW
KpIOFz1YiIBDjHHLc31nvHE19CLWzIdHzpwO1cAhjqLY715iKyOTVQ4V6zijHd/d
xDBAoxfgJQCskgh7/M6jIHd0Fjg+hMWSWpAmd/Xi7hFASBDBcp66rZnSARyXkr1d
/xUSLD6Der+nyR6NBSraZAMvFwCqVEBw83fb/9O/itH2qTX2dQgcwzE96KMvuxES
u+Ue4JBHa3JbEZaqGyqy3kwce1ALofOMTEqKrbv5jt7Jo40xkLu1oEeMN7Thj03Y
Gy/oaPoWo6j77a4driA8eYhtKVTvtFuOoqT5YhEqZQIDAQABo4ICpjCCAqIwHQYD
VR0OBBYEFKR6gebWs+AxIwfcodhjmCzJC8ZzMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZmLzg4ZDU2Yy02NzIwLTRmZGMt
OWExMy1kMDliZWUxMzdiYWEvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmYvODhkNTZjLTY3MjAtNGZkYy05
YTEzLWQwOWJlZTEzN2JhYS8xL3BIcUI1dGF6NERFakI5eWgyR09ZTE1rTHhuTS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQAX7InAwQCuZ40MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMlgDAN
BgkqhkiG9w0BAQsFAAOCAQEAffwQrFfsa1qCk9uhHXVE67vonds1r0OnieAFrAo3
ertYVYd4Z65bL0fFsVSelpMlZfBWqtR3FO0fbJH7fFN+KMvvgF/5KiRLAFbviF6s
J5O/DSzPWO37zhYZZD/4yoXsAsJAqEjdVQc4H+iMhD958mGicTzc7Tw6PNFGStMl
MebVsw0R7OfgJ0bX25Xf9g4BaZ8y1/SAe3Smqmuq8EJw+nKc00vXoCozAurn7zhs
HmbGWBLqbB3oDyAuV0si7MZHq0RagupKYjTUEJ77cP9PBCkCKUH/H6lsLioOoYn+
Z2qgOfh6G/h6vC7E+hqHcaXXw7xp/avIJ/stB1s20itF+A==
-----END CERTIFICATE-----