How to view the WPA2 PEAP certificate offered by an AP?

I have to connect to a WPA2 Enterprise network which only works if I don't verify the certificate. I would prefer not to do this, because this way anyone can see the MSCHAPv2 messages. The first step to fixing this would be looking at the certificate offered by the AP, then configuring wpa_supplicant to only trust that one. But I don't know how to get the certificate. The wpa_cli "status" command doesn't show it and it's not in any logs. I'm also curious about which SSL/TLS cipher suites are used. Is it possible to connect manually, maybe with openssl s_client?