Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Rus7O1eckLS5lqf-QPIFA5E6Jc8.cer
File:                     Rus7O1eckLS5lqf-QPIFA5E6Jc8.cer (raw, json)
Hash identifier:          NAz0pY4D49pZl4KN4o4vnYQc3+C2JGRXzKcjIiMUF60=
Subject key identifier:   46:EB:3B:3B:57:9C:90:B4:B9:96:A7:FE:40:F2:05:03:91:3A:25:CF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856C3EB898FC142DAF1A8F4620A226E1CD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e4/a6ad9f-8d69-46ea-bd7c-32b150f8e61f/1/Rus7O1eckLS5lqf-QPIFA5E6Jc8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e4/a6ad9f-8d69-46ea-bd7c-32b150f8e61f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 07:32:07 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 20722
                          IP: 85.204.44.0/22
                          IP: 85.204.56.0/21
                          IP: 86.106.133.0/24
                          IP: 185.88.128.0/22
                          IP: 194.102.188.0/24
                          IP: 2a05:cb40::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:3e:b8:98:fc:14:2d:af:1a:8f:46:20:a2:26:e1:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:32:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=46eb3b3b579c90b4b996a7fe40f20503913a25cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:22:40:43:3b:20:5f:c8:5e:3b:a1:48:98:3d:
                    c7:21:31:73:1a:9c:d6:37:5c:0f:a6:2d:3f:21:10:
                    35:2e:8f:2e:d8:fb:b4:ed:57:e6:44:d3:be:d7:29:
                    b7:0d:16:94:e0:df:69:c7:e3:67:66:aa:6f:c5:64:
                    fa:d5:30:c4:0a:f8:e5:ef:4e:72:2a:09:40:c2:b5:
                    8f:54:db:0f:0a:b4:fb:ea:3d:ed:47:21:6b:ff:2f:
                    3d:62:27:01:28:6e:35:8d:b6:06:35:88:73:ac:ee:
                    60:71:0b:c1:6b:c6:03:07:26:c0:0b:e5:67:75:da:
                    a5:0b:ce:13:4e:0a:ea:12:52:59:84:c1:9d:f4:10:
                    97:3d:9d:34:15:65:71:b9:82:1b:27:51:67:e4:ee:
                    b3:e0:db:00:17:af:2c:c4:34:4b:f2:d9:5e:9a:4a:
                    db:5d:77:98:90:f8:4c:07:26:d7:b3:03:02:d1:61:
                    56:51:48:5a:08:91:7c:8e:eb:d4:85:39:00:a5:2c:
                    ce:6c:ae:82:ac:67:20:27:f2:ce:48:4d:98:38:c2:
                    9d:19:ad:80:dd:23:f9:2b:6b:36:37:fe:98:f9:21:
                    34:d3:2b:a6:21:08:84:5f:a7:c8:72:ab:d6:51:0d:
                    6c:5d:43:78:d6:d2:4a:23:67:03:ae:85:87:cf:b8:
                    df:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:EB:3B:3B:57:9C:90:B4:B9:96:A7:FE:40:F2:05:03:91:3A:25:CF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a6ad9f-8d69-46ea-bd7c-32b150f8e61f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a6ad9f-8d69-46ea-bd7c-32b150f8e61f/1/Rus7O1eckLS5lqf-QPIFA5E6Jc8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.44.0/22
                  85.204.56.0/21
                  86.106.133.0/24
                  185.88.128.0/22
                  194.102.188.0/24
                IPv6:
                  2a05:cb40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  20722

    Signature Algorithm: sha256WithRSAEncryption
         09:8e:01:56:0c:b5:8a:6a:80:6f:dd:d3:cb:f8:fb:61:99:c6:
         6f:b4:d4:41:8a:7b:03:24:e2:db:92:33:ab:48:52:f1:09:3e:
         96:12:92:22:38:35:68:f0:1c:31:b4:e1:ec:e6:51:16:6b:11:
         68:cc:37:a1:5b:2c:c8:d3:b8:a1:73:9a:48:f0:de:ba:a4:41:
         49:86:2f:cf:c5:08:bf:fb:fc:cd:21:49:96:30:ce:af:a9:6a:
         c1:8a:c2:21:62:7b:4c:a0:cc:6c:b0:ab:73:f8:df:41:47:32:
         a1:d7:fd:ae:b7:47:e9:47:72:80:99:a9:68:35:e6:e8:79:14:
         1c:bc:26:e3:6c:37:35:1a:06:ca:a6:4d:3f:b3:bb:dc:b0:0d:
         33:e2:74:d2:e0:73:e1:f2:b7:bd:f5:fd:f2:3f:be:16:57:e1:
         4b:59:82:94:7d:72:4a:7c:03:c1:92:aa:45:75:63:60:9d:de:
         00:c7:f8:88:fd:21:32:2c:0c:d2:c4:58:c3:a0:c5:48:b8:92:
         a0:d3:a4:e7:5f:c9:93:69:de:3a:7d:dc:3c:38:a5:c3:f0:a5:
         10:e0:94:dd:8c:cd:65:11:49:43:74:f5:0a:ad:91:f3:de:c6:
         9c:73:c5:db:1d:3f:6b:0f:c4:9b:90:43:a4:74:2f:b5:20:68:
         f8:74:ba:2b
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAYVsPriY/BQtrxqPRiCiJuHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDczMjA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmViM2IzYjU3OWM5MGI0Yjk5NmE3ZmU0MGYyMDUwMzkxM2EyNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyJAQzsgX8heO6FImD3HITFzGpzW
N1wPpi0/IRA1Lo8u2Pu07VfmRNO+1ym3DRaU4N9px+NnZqpvxWT61TDECvjl705y
KglAwrWPVNsPCrT76j3tRyFr/y89YicBKG41jbYGNYhzrO5gcQvBa8YDBybAC+Vn
ddqlC84TTgrqElJZhMGd9BCXPZ00FWVxuYIbJ1Fn5O6z4NsAF68sxDRL8tlemkrb
XXeYkPhMBybXswMC0WFWUUhaCJF8juvUhTkApSzObK6CrGcgJ/LOSE2YOMKdGa2A
3SP5K2s2N/6Y+SE00yumIQiEX6fIcqvWUQ1sXUN41tJKI2cDroWHz7jfjwIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFEbrOztXnJC0uZan/kDyBQOROiXPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U0L2E2YWQ5
Zi04ZDY5LTQ2ZWEtYmQ3Yy0zMmIxNTBmOGU2MWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvYTZhZDlm
LThkNjktNDZlYS1iZDdjLTMyYjE1MGY4ZTYxZi8xL1J1czdPMWVja0xTNWxxZi1R
UElGQTVFNkpjOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEYGCCsGAQUF
BwEHAQH/BDcwNTAkBAIAATAeAwQCVcwsAwQDVcw4AwQAVmqFAwQCuViAAwQAwma8
MA0EAgACMAcDBQMqBctAMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQCAlDyMA0GCSqG
SIb3DQEBCwUAA4IBAQAJjgFWDLWKaoBv3dPL+PthmcZvtNRBinsDJOLbkjOrSFLx
CT6WEpIiODVo8BwxtOHs5lEWaxFozDehWyzI07ihc5pI8N66pEFJhi/PxQi/+/zN
IUmWMM6vqWrBisIhYntMoMxssKtz+N9BRzKh1/2ut0fpR3KAmaloNeboeRQcvCbj
bDc1GgbKpk0/s7vcsA0z4nTS4HPh8re99f3yP74WV+FLWYKUfXJKfAPBkqpFdWNg
nd4Ax/iI/SEyLAzSxFjDoMVIuJKg06TnX8mTad46fdw8OKXD8KUQ4JTdjM1lEUlD
dPUKrZHz3sacc8XbHT9rD8SbkEOkdC+1IGj4dLor
-----END CERTIFICATE-----